diff --git a/2022/24xxx/CVE-2022-24384.json b/2022/24xxx/CVE-2022-24384.json index 968c9c46aae..f4639381a24 100644 --- a/2022/24xxx/CVE-2022-24384.json +++ b/2022/24xxx/CVE-2022-24384.json @@ -1,7 +1,7 @@ { "CVE_data_meta": { "ASSIGNER": "csirt@divd.nl", - "DATE_PUBLIC": "2022-03-03T23:00:00.000Z", + "DATE_PUBLIC": "2022-03-11T23:00:00.000Z", "ID": "CVE-2022-24384", "STATE": "PUBLIC", "TITLE": "Reflective XSS on SmarterTrack v100.0.8019.14010" @@ -17,9 +17,9 @@ "version": { "version_data": [ { - "version_affected": "=", + "version_affected": "<", "version_name": "100.x", - "version_value": "100.0.8019.14010" + "version_value": "Build 8075" } ] } diff --git a/2022/24xxx/CVE-2022-24385.json b/2022/24xxx/CVE-2022-24385.json index 8818e2ea6c1..73ceb69a7c5 100644 --- a/2022/24xxx/CVE-2022-24385.json +++ b/2022/24xxx/CVE-2022-24385.json @@ -1,7 +1,7 @@ { "CVE_data_meta": { "ASSIGNER": "csirt@divd.nl", - "DATE_PUBLIC": "2022-03-03T23:00:00.000Z", + "DATE_PUBLIC": "2022-03-11T23:00:00.000Z", "ID": "CVE-2022-24385", "STATE": "PUBLIC", "TITLE": "Information disclosure via direct object access on SmarterTrack v100.0.8019.14010" @@ -17,9 +17,9 @@ "version": { "version_data": [ { - "version_affected": "=", + "version_affected": "<", "version_name": "100.x", - "version_value": "100.0.8019.14010" + "version_value": "Build 8075" } ] } diff --git a/2022/24xxx/CVE-2022-24386.json b/2022/24xxx/CVE-2022-24386.json index ffe946309c0..90afba66d0d 100644 --- a/2022/24xxx/CVE-2022-24386.json +++ b/2022/24xxx/CVE-2022-24386.json @@ -1,7 +1,7 @@ { "CVE_data_meta": { "ASSIGNER": "csirt@divd.nl", - "DATE_PUBLIC": "2022-03-03T23:00:00.000Z", + "DATE_PUBLIC": "2022-03-11T23:00:00.000Z", "ID": "CVE-2022-24386", "STATE": "PUBLIC", "TITLE": "Stored XSS in SmarterTrack v100.0.8019.14010" @@ -17,9 +17,9 @@ "version": { "version_data": [ { - "version_affected": "=", + "version_affected": "<", "version_name": "100.x", - "version_value": "100.0.8019.14010" + "version_value": "Build 8075" } ] } diff --git a/2022/24xxx/CVE-2022-24387.json b/2022/24xxx/CVE-2022-24387.json index a188fdca426..fc3a3b577cc 100644 --- a/2022/24xxx/CVE-2022-24387.json +++ b/2022/24xxx/CVE-2022-24387.json @@ -1,107 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "CVE_data_meta": { - "ID": "CVE-2022-90004", - "ASSIGNER": "csirt@divdi.nl", - "DATE_PUBLIC": "", - "TITLE": "File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010", - "AKA": "", - "STATE": "RESERVED" - }, - "source": { - "defect": [], - "advisory": "DIVD-2021-00029", - "discovery": "EXTERNAL" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "SmarterTools", - "product": { - "product_data": [ - { - "product_name": "SmarterTrack", - "version": { - "version_data": [ - { - "version_name": "100.0.8019.x", - "version_affected": ">=", - "version_value": "100.0.8019.14010", - "platform": "" - } - ] + "CVE_data_meta": { + "ASSIGNER": "csirt@divd.nl", + "DATE_PUBLIC": "2022-03-12T09:06:00.000Z", + "ID": "CVE-2022-24387", + "STATE": "RESERVED", + "TITLE": "File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmarterTrack", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "100.0.8019.x", + "version_value": "Build 8075" + } + ] + } + } + ] + }, + "vendor_name": "SmarterTools" } - } ] - } } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { + }, + "credit": [ + { "lang": "eng", - "value": "CWE-434 Unrestricted Upload of File with Dangerous Type" - } + "value": "Wietse Boonstra of DIVD" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file.\nTHis is possible in SmarterTrack v100.0.8019.14010" + } ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file.\nTHis is possible in SmarterTrack v100.0.8019.14010" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/DIVD-2021-00029", - "name": "https://csirt.divd.nl/DIVD-2021-00029" - }, - { - "refsource": "CONFIRM", - "url": "https://csrit.divd.nl/CVE-2022-99999", - "name": "https://csrit.divd.nl/CVE-2022-99999" - } - ] - }, - "configuration": [], - "impact": { - "cvss": { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "CHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 9.9, - "baseSeverity": "CRITICAL" + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://csirt.divd.nl/DIVD-2021-00029", + "refsource": "CONFIRM", + "url": "https://csirt.divd.nl/DIVD-2021-00029" + }, + { + "name": "https://csrit.divd.nl/CVE-2022-24387", + "refsource": "CONFIRM", + "url": "https://csrit.divd.nl/CVE-2022-24387" + } + ] + }, + "source": { + "advisory": "DIVD-2021-00029", + "discovery": "INTERNAL" } - }, - "exploit": [], - "work_around": [], - "solution": [], - "credit": [ - { - "lang": "eng", - "value": "Wietse Boonstra" - } - ] } \ No newline at end of file