diff --git a/2021/35xxx/CVE-2021-35246.json b/2021/35xxx/CVE-2021-35246.json index 0310f6eb232..1d73f1c2178 100644 --- a/2021/35xxx/CVE-2021-35246.json +++ b/2021/35xxx/CVE-2021-35246.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-35246", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@solarwinds.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-838 Inappropriate Encoding for Output Context", + "cweId": "CWE-838" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SolarWinds", + "product": { + "product_data": [ + { + "product_name": "Engineer's Toolset", + "version": { + "version_data": [ + { + "version_value": "2022.3 and previous versions", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35246", + "refsource": "MISC", + "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35246" + }, + { + "url": "https://documentation.solarwinds.com/en/success_center/ets/content/release_notes/ets_2022-4_release_notes.htm", + "refsource": "MISC", + "name": "https://documentation.solarwinds.com/en/success_center/ets/content/release_notes/ets_2022-4_release_notes.htm" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35246", + "refsource": "MISC", + "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35246" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "SolarWinds recommends to upgrade to the latest available version of Engineer's Toolset. 
" + } + ], + "value": "SolarWinds recommends to upgrade to the latest available version of Engineer's Toolset.\u00a0\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Justo Socarras" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/35xxx/CVE-2022-35501.json b/2022/35xxx/CVE-2022-35501.json index 19532094e1f..462ea7fc764 100644 --- a/2022/35xxx/CVE-2022-35501.json +++ b/2022/35xxx/CVE-2022-35501.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35501", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35501", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stored Cross-site Scripting in Amasty Blog Pro 2.10.4 and 2.10.4 creates post functionality and lower versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://amasty.com", + "refsource": "MISC", + "name": "http://amasty.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/afine-com/CVE-2022-35501", + "url": "https://github.com/afine-com/CVE-2022-35501" } ] } diff --git a/2022/38xxx/CVE-2022-38113.json b/2022/38xxx/CVE-2022-38113.json index 3026897dd09..ceffc8afc6f 100644 --- a/2022/38xxx/CVE-2022-38113.json +++ b/2022/38xxx/CVE-2022-38113.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@solarwinds.com", "ID": "CVE-2022-38113", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Information Disclosure Vulnerability " }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SolarWinds SEM ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2022.2 and previous versions ", + "version_value": "2022.4 " + } + ] + } + } + ] + }, + "vendor_name": "SolarWinds " + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability discloses build and services versions in the server response header." } ] + }, + "generator": { + "engine": "vulnogram 0.1.0-rc1" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm", + "name": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm" + }, + { + "refsource": "MISC", + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38113", + "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38113" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "SolarWinds advises to upgrade to the latest version of SolarWinds SEM version 2022.4" + } + ], + "source": { + "advisory": "CVE-2022-38113", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38114.json b/2022/38xxx/CVE-2022-38114.json index 870c6e07b83..1f115df4649 100644 --- a/2022/38xxx/CVE-2022-38114.json +++ b/2022/38xxx/CVE-2022-38114.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@solarwinds.com", "ID": "CVE-2022-38114", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Client-Side Desync Vulnerability " }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SolarWinds SEM ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2022.2 and previous versions ", + "version_value": "2022.4 " + } + ] + } + } + ] + }, + "vendor_name": "SolarWinds " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "SolarWinds would like to thank Ken Pyle of CYBIR for disclosing this vulnerability to us responsibly. " + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS." } ] + }, + "generator": { + "engine": "vulnogram 0.1.0-rc1" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-603" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm", + "name": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm" + }, + { + "refsource": "MISC", + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38114", + "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38114" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "SolarWinds advises to upgrade to the latest version of SolarWinds SEM version 2022.4" + } + ], + "source": { + "advisory": "CVE-2022-38114", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38115.json b/2022/38xxx/CVE-2022-38115.json index 4b90f739718..918de2f2b61 100644 --- a/2022/38xxx/CVE-2022-38115.json +++ b/2022/38xxx/CVE-2022-38115.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@solarwinds.com", "ID": "CVE-2022-38115", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Insecure Methods Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SolarWinds SEM ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2022.2 and previous versions ", + "version_value": "2022.4 " + } + ] + } + } + ] + }, + "vendor_name": "SolarWinds " + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT" } ] + }, + "generator": { + "engine": "vulnogram 0.1.0-rc1" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-650" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm", + "name": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm" + }, + { + "refsource": "MISC", + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38115", + "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38115" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "SolarWinds advises to upgrade to the latest version of SolarWinds SEM version 2022.4" + } + ], + "source": { + "advisory": "CVE-2022-38115", + "discovery": "EXTERNAL" } } \ No newline at end of file