diff --git a/2017/15xxx/CVE-2017-15714.json b/2017/15xxx/CVE-2017-15714.json index a5a027d7473..a2942b7dcad 100644 --- a/2017/15xxx/CVE-2017-15714.json +++ b/2017/15xxx/CVE-2017-15714.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@apache.org", + "DATE_PUBLIC" : "2018-01-03T00:00:00", "ID" : "CVE-2017-15714", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "OFBiz", + "version" : { + "version_data" : [ + { + "version_value" : "16.11.01 to 16.11.03" + } + ] + } + } + ] + }, + "vendor_name" : "Apache Software Foundation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code \"__format=%27;alert(%27xss%27)\" to the URL an alert window would execute." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Arbitrary Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://s.apache.org/UO3W" } ] }