From 5ca1b344657df2a1c60ce4e7115c7d3ea7c3e9d0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 10 Nov 2021 16:00:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/12xxx/CVE-2020-12488.json | 82 +++++++++++++++++++++-- 2020/17xxx/CVE-2020-17049.json | 5 ++ 2021/40xxx/CVE-2021-40501.json | 75 ++++++++++++++++++++- 2021/40xxx/CVE-2021-40502.json | 75 ++++++++++++++++++++- 2021/40xxx/CVE-2021-40503.json | 67 ++++++++++++++++++- 2021/40xxx/CVE-2021-40504.json | 119 ++++++++++++++++++++++++++++++++- 2021/40xxx/CVE-2021-40518.json | 61 +++++++++++++++-- 2021/40xxx/CVE-2021-40519.json | 61 +++++++++++++++-- 2021/40xxx/CVE-2021-40521.json | 61 +++++++++++++++-- 2021/41xxx/CVE-2021-41426.json | 66 ++++++++++++++++-- 2021/41xxx/CVE-2021-41427.json | 66 ++++++++++++++++-- 2021/42xxx/CVE-2021-42062.json | 71 +++++++++++++++++++- 2021/43xxx/CVE-2021-43563.json | 62 +++++++++++++++++ 2021/43xxx/CVE-2021-43564.json | 62 +++++++++++++++++ 14 files changed, 882 insertions(+), 51 deletions(-) create mode 100644 2021/43xxx/CVE-2021-43563.json create mode 100644 2021/43xxx/CVE-2021-43564.json diff --git a/2020/12xxx/CVE-2020-12488.json b/2020/12xxx/CVE-2020-12488.json index 4ca2c1deb84..9648cf49c66 100644 --- a/2020/12xxx/CVE-2020-12488.json +++ b/2020/12xxx/CVE-2020-12488.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", "data_format": "MITRE", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.vivo.com/en/support/security-advisory-detail?id=5", + "url": "https://www.vivo.com/en/support/security-advisory-detail?id=5" + } + ] + }, "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-12488", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "impact": { + "cvss": { + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "attackComplexity": "LOW", + "scope": "UNCHANGED", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "integrityImpact": "NONE", + "baseScore": 5.5, + "privilegesRequired": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "userInteraction": "REQUIRED", + "version": "3.1" + } + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jovi Smart Scene", + "version": { + "version_data": [ + { + "version_value": "all", + "version_name": "6.2.2.52", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "vivo" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2021-03-23T16:00:00.000Z", + "ASSIGNER": "security@vivo.com", + "STATE": "PUBLIC", + "TITLE": "Broken Access Control Vulnerability in Jovi Smart Scene", + "ID": "CVE-2020-12488" } } \ No newline at end of file diff --git a/2020/17xxx/CVE-2020-17049.json b/2020/17xxx/CVE-2020-17049.json index a257c6ee4e1..f9040efcc40 100644 --- a/2020/17xxx/CVE-2020-17049.json +++ b/2020/17xxx/CVE-2020-17049.json @@ -117,6 +117,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17049", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17049" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211110 Fwd: Samba 4.15.2, 4.14.10, 4.13.14 Security Releases are available for Download", + "url": "http://www.openwall.com/lists/oss-security/2021/11/10/3" } ] } diff --git a/2021/40xxx/CVE-2021-40501.json b/2021/40xxx/CVE-2021-40501.json index df455fa54c4..536d54c3593 100644 --- a/2021/40xxx/CVE-2021-40501.json +++ b/2021/40xxx/CVE-2021-40501.json @@ -4,14 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40501", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP ABAP Platform Kernel", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.77" + }, + { + "version_name": "<", + "version_value": "7.81" + }, + { + "version_name": "<", + "version_value": "7.85" + }, + { + "version_name": "<", + "version_value": "7.86" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://launchpad.support.sap.com/#/notes/3099776", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3099776" + }, + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864" } ] } diff --git a/2021/40xxx/CVE-2021-40502.json b/2021/40xxx/CVE-2021-40502.json index f2890fee068..c0d905f720e 100644 --- a/2021/40xxx/CVE-2021-40502.json +++ b/2021/40xxx/CVE-2021-40502.json @@ -4,14 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40502", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Commerce", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "2105.3" + }, + { + "version_name": "<", + "version_value": "2011.13" + }, + { + "version_name": "<", + "version_value": "2005.18" + }, + { + "version_name": "<", + "version_value": "1905.34" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from B2B units they do not belong to." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3110328", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3110328" } ] } diff --git a/2021/40xxx/CVE-2021-40503.json b/2021/40xxx/CVE-2021-40503.json index 7d331531c90..706b0e8eb1e 100644 --- a/2021/40xxx/CVE-2021-40503.json +++ b/2021/40xxx/CVE-2021-40503.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40503", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP GUI for Windows", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "< 7.60 PL13" + }, + { + "version_name": "<", + "version_value": "7.70 PL4" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user\u2019s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3080106", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3080106" } ] } diff --git a/2021/40xxx/CVE-2021-40504.json b/2021/40xxx/CVE-2021-40504.json index aa302bceef7..d30cabf5462 100644 --- a/2021/40xxx/CVE-2021-40504.json +++ b/2021/40xxx/CVE-2021-40504.json @@ -4,14 +4,127 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40504", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver AS for ABAP and ABAP Platform", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "700" + }, + { + "version_name": "<", + "version_value": "701" + }, + { + "version_name": "<", + "version_value": "702" + }, + { + "version_name": "<", + "version_value": "710" + }, + { + "version_name": "<", + "version_value": "711" + }, + { + "version_name": "<", + "version_value": "730" + }, + { + "version_name": "<", + "version_value": "731" + }, + { + "version_name": "<", + "version_value": "740" + }, + { + "version_name": "<", + "version_value": "750" + }, + { + "version_name": "<", + "version_value": "751" + }, + { + "version_name": "<", + "version_value": "752" + }, + { + "version_name": "<", + "version_value": "753" + }, + { + "version_name": "<", + "version_value": "754" + }, + { + "version_name": "<", + "version_value": "755" + }, + { + "version_name": "<", + "version_value": "756" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3105728", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3105728" } ] } diff --git a/2021/40xxx/CVE-2021-40518.json b/2021/40xxx/CVE-2021-40518.json index 4830e3cc716..e1b219d5582 100644 --- a/2021/40xxx/CVE-2021-40518.json +++ b/2021/40xxx/CVE-2021-40518.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40518", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40518", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Airangel HSMX Gateway devices through 5.2.04 allow CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://airangel.com/hsmx-gateway/", + "refsource": "MISC", + "name": "https://airangel.com/hsmx-gateway/" + }, + { + "refsource": "MISC", + "name": "http://etizazmohsin.com/hsmx.html#csrf", + "url": "http://etizazmohsin.com/hsmx.html#csrf" } ] } diff --git a/2021/40xxx/CVE-2021-40519.json b/2021/40xxx/CVE-2021-40519.json index 441214f456c..5392ffdd393 100644 --- a/2021/40xxx/CVE-2021-40519.json +++ b/2021/40xxx/CVE-2021-40519.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40519", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40519", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://airangel.com/hsmx-gateway/", + "refsource": "MISC", + "name": "https://airangel.com/hsmx-gateway/" + }, + { + "refsource": "MISC", + "name": "http://etizazmohsin.com/hsmx.html#database", + "url": "http://etizazmohsin.com/hsmx.html#database" } ] } diff --git a/2021/40xxx/CVE-2021-40521.json b/2021/40xxx/CVE-2021-40521.json index 198be3ecca5..74f5082515c 100644 --- a/2021/40xxx/CVE-2021-40521.json +++ b/2021/40xxx/CVE-2021-40521.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40521", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40521", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://airangel.com/hsmx-gateway/", + "refsource": "MISC", + "name": "https://airangel.com/hsmx-gateway/" + }, + { + "refsource": "MISC", + "name": "http://etizazmohsin.com/hsmx.html#rce", + "url": "http://etizazmohsin.com/hsmx.html#rce" } ] } diff --git a/2021/41xxx/CVE-2021-41426.json b/2021/41xxx/CVE-2021-41426.json index c1235aee86a..5f2691c0fbc 100644 --- a/2021/41xxx/CVE-2021-41426.json +++ b/2021/41xxx/CVE-2021-41426.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41426", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41426", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tula.beeline.ru/customers/pomosh/home/domashnij-internet/nastrojki-s-routerom/beelinesmartbox/", + "refsource": "MISC", + "name": "https://tula.beeline.ru/customers/pomosh/home/domashnij-internet/nastrojki-s-routerom/beelinesmartbox/" + }, + { + "url": "https://youtu.be/WtcyIVImcwc", + "refsource": "MISC", + "name": "https://youtu.be/WtcyIVImcwc" + }, + { + "url": "https://youtu.be/HL73yOW7YWU?t=540", + "refsource": "MISC", + "name": "https://youtu.be/HL73yOW7YWU?t=540" } ] } diff --git a/2021/41xxx/CVE-2021-41427.json b/2021/41xxx/CVE-2021-41427.json index be4d1f2fe26..3dc56fe82f2 100644 --- a/2021/41xxx/CVE-2021-41427.json +++ b/2021/41xxx/CVE-2021-41427.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41427", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41427", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tula.beeline.ru/customers/pomosh/home/domashnij-internet/nastrojki-s-routerom/beelinesmartbox/", + "refsource": "MISC", + "name": "https://tula.beeline.ru/customers/pomosh/home/domashnij-internet/nastrojki-s-routerom/beelinesmartbox/" + }, + { + "url": "https://youtu.be/CbWI-JQteRo", + "refsource": "MISC", + "name": "https://youtu.be/CbWI-JQteRo" + }, + { + "url": "https://youtu.be/HL73yOW7YWU?t=520", + "refsource": "MISC", + "name": "https://youtu.be/HL73yOW7YWU?t=520" } ] } diff --git a/2021/42xxx/CVE-2021-42062.json b/2021/42xxx/CVE-2021-42062.json index b99c137b9c0..c6f81185831 100644 --- a/2021/42xxx/CVE-2021-42062.json +++ b/2021/42xxx/CVE-2021-42062.json @@ -4,14 +4,79 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42062", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP ERP HCM Portugal", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "600" + }, + { + "version_name": "<", + "version_value": "604" + }, + { + "version_name": "<", + "version_value": "608" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3104456", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3104456" } ] } diff --git a/2021/43xxx/CVE-2021-43563.json b/2021/43xxx/CVE-2021-43563.json new file mode 100644 index 00000000000..ede79aac58a --- /dev/null +++ b/2021/43xxx/CVE-2021-43563.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to download various media files from the DAM system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-017", + "refsource": "MISC", + "name": "https://typo3.org/security/advisory/typo3-ext-sa-2021-017" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43564.json b/2021/43xxx/CVE-2021-43564.json new file mode 100644 index 00000000000..0ce0e0b10d7 --- /dev/null +++ b/2021/43xxx/CVE-2021-43564.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files (e.g., uploads/tx_jobfair/cv.pdf)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-018", + "refsource": "MISC", + "name": "https://typo3.org/security/advisory/typo3-ext-sa-2021-018" + } + ] + } +} \ No newline at end of file