From 5f5e4f1cc54d4994f449ce8b76e01e7f925a0296 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 12 Dec 2022 13:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/3xxx/CVE-2021-3437.json | 56 +++++++++++++++++++-- 2021/3xxx/CVE-2021-3661.json | 56 +++++++++++++++++++-- 2021/3xxx/CVE-2021-3821.json | 56 +++++++++++++++++++-- 2021/3xxx/CVE-2021-3919.json | 56 +++++++++++++++++++-- 2021/3xxx/CVE-2021-3942.json | 56 +++++++++++++++++++-- 2021/46xxx/CVE-2021-46846.json | 77 +++++++++++++++++++++++++++-- 2021/4xxx/CVE-2021-4243.json | 18 +++++++ 2021/4xxx/CVE-2021-4244.json | 18 +++++++ 2022/1xxx/CVE-2022-1038.json | 56 +++++++++++++++++++-- 2022/22xxx/CVE-2022-22488.json | 82 +++++++++++++++++++++++++++++-- 2022/2xxx/CVE-2022-2794.json | 56 +++++++++++++++++++-- 2022/34xxx/CVE-2022-34318.json | 87 +++++++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37018.json | 56 +++++++++++++++++++-- 2022/37xxx/CVE-2022-37897.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37898.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37899.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37900.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37901.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37902.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37903.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37904.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37905.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37906.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37907.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37908.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37909.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37910.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37911.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37912.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37919.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37920.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37927.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37928.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37929.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37930.json | 77 +++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37932.json | 77 +++++++++++++++++++++++++++-- 2022/38xxx/CVE-2022-38395.json | 56 +++++++++++++++++++-- 2022/38xxx/CVE-2022-38656.json | 77 +++++++++++++++++++++++++++-- 2022/38xxx/CVE-2022-38661.json | 77 +++++++++++++++++++++++++++-- 2022/3xxx/CVE-2022-3509.json | 89 ++++++++++++++++++++++++++++++++-- 2022/3xxx/CVE-2022-3510.json | 89 ++++++++++++++++++++++++++++++++-- 2022/42xxx/CVE-2022-42445.json | 77 +++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43518.json | 77 +++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43780.json | 56 +++++++++++++++++++-- 2022/44xxx/CVE-2022-44647.json | 62 +++++++++++++++++++++-- 2022/44xxx/CVE-2022-44648.json | 62 +++++++++++++++++++++-- 2022/44xxx/CVE-2022-44649.json | 62 +++++++++++++++++++++-- 2022/44xxx/CVE-2022-44650.json | 62 +++++++++++++++++++++-- 2022/44xxx/CVE-2022-44651.json | 62 +++++++++++++++++++++-- 2022/44xxx/CVE-2022-44652.json | 62 +++++++++++++++++++++-- 2022/44xxx/CVE-2022-44653.json | 62 +++++++++++++++++++++-- 2022/44xxx/CVE-2022-44654.json | 57 ++++++++++++++++++++-- 2022/4xxx/CVE-2022-4421.json | 18 +++++++ 53 files changed, 3408 insertions(+), 200 deletions(-) create mode 100644 2021/4xxx/CVE-2021-4243.json create mode 100644 2021/4xxx/CVE-2021-4244.json create mode 100644 2022/4xxx/CVE-2022-4421.json diff --git a/2021/3xxx/CVE-2021-3437.json b/2021/3xxx/CVE-2021-3437.json index 22219b5ee7c..a41aac1e5f2 100644 --- a/2021/3xxx/CVE-2021-3437.json +++ b/2021/3xxx/CVE-2021-3437.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3437", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP is releasing software updates to mitigate the potential vulnerabilities." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "OMEN Gaming Hub SDK", + "version": { + "version_data": [ + { + "version_value": "See HP Security Bulletin reference for affected versions.", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_4610088-4610112-16/hpsbgn03726", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_4610088-4610112-16/hpsbgn03726" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" } } \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3661.json b/2021/3xxx/CVE-2021-3661.json index e53d0fbad66..63bcc99502c 100644 --- a/2021/3xxx/CVE-2021-3661.json +++ b/2021/3xxx/CVE-2021-3661.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3661", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "HP Workstation BIOS", + "version": { + "version_data": [ + { + "version_value": "See HP Security Bulletin reference for affected versions.", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" } } \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3821.json b/2021/3xxx/CVE-2021-3821.json index ef7d367845b..0162507223a 100644 --- a/2021/3xxx/CVE-2021-3821.json +++ b/2021/3xxx/CVE-2021-3821.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3821", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "HP FutureSmart", + "version": { + "version_data": [ + { + "version_value": "See HP Security Bulletin reference for affected versions.", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_4980799-4980823-16/hpsbpi03747", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_4980799-4980823-16/hpsbpi03747" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" } } \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3919.json b/2021/3xxx/CVE-2021-3919.json index fc9b918bce4..f18e2a546af 100644 --- a/2021/3xxx/CVE-2021-3919.json +++ b/2021/3xxx/CVE-2021-3919.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3919", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "OMEN Gaming Hub and HP Command Center", + "version": { + "version_data": [ + { + "version_value": "See HP Security Bulletin reference for affected versions.", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_5481136-5481162-16/hpsbgn03761", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_5481136-5481162-16/hpsbgn03761" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" } } \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3942.json b/2021/3xxx/CVE-2021-3942.json index 52cb6da2e79..f61519cbe65 100644 --- a/2021/3xxx/CVE-2021-3942.json +++ b/2021/3xxx/CVE-2021-3942.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3942", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "HP Print products and Digital Sending products", + "version": { + "version_data": [ + { + "version_value": "See HP Security Bulletin reference for affected versions.", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" } } \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46846.json b/2021/46xxx/CVE-2021-46846.json index a0b722d43a8..a0141870be9 100644 --- a/2021/46xxx/CVE-2021-46846.json +++ b/2021/46xxx/CVE-2021-46846.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-46846", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "HPE Integrated Lights-Out 5", + "version": { + "version_data": [ + { + "version_value": "Prior to 2.44", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04133en_us", + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04133en_us" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2021/4xxx/CVE-2021-4243.json b/2021/4xxx/CVE-2021-4243.json new file mode 100644 index 00000000000..84b2b6d5f3d --- /dev/null +++ b/2021/4xxx/CVE-2021-4243.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4243", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4244.json b/2021/4xxx/CVE-2021-4244.json new file mode 100644 index 00000000000..3c916366e97 --- /dev/null +++ b/2021/4xxx/CVE-2021-4244.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4244", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1038.json b/2022/1xxx/CVE-2022-1038.json index ca8367b78ec..c0eaee340be 100644 --- a/2022/1xxx/CVE-2022-1038.json +++ b/2022/1xxx/CVE-2022-1038.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1038", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "HP Jumpstart", + "version": { + "version_data": [ + { + "version_value": "See HP Security Bulletin reference for affected versions.", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_6189329-6189528-16/hpsbhf03791", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_6189329-6189528-16/hpsbhf03791" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22488.json b/2022/22xxx/CVE-2022-22488.json index e66780f88d5..cc34e0dcc37 100644 --- a/2022/22xxx/CVE-2022-22488.json +++ b/2022/22xxx/CVE-2022-22488.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22488", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "OpenBMC", + "version": { + "version_data": [ + { + "version_value": "OP910, OP940", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6840155", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6840155" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226337", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226337" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2022/2xxx/CVE-2022-2794.json b/2022/2xxx/CVE-2022-2794.json index f4a49ed4af6..2c4a6f6d42a 100644 --- a/2022/2xxx/CVE-2022-2794.json +++ b/2022/2xxx/CVE-2022-2794.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2794", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "Certain HP PageWide Pro printers", + "version": { + "version_data": [ + { + "version_value": "See HP Security Bulletin reference for affected versions.", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_6720386-6720411-16/hpsbpi03807", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_6720386-6720411-16/hpsbpi03807" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" } } \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34318.json b/2022/34xxx/CVE-2022-34318.json index 8f51a13d5c1..c21d10b4595 100644 --- a/2022/34xxx/CVE-2022-34318.json +++ b/2022/34xxx/CVE-2022-34318.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-34318", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229461." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "CICS TX", + "version": { + "version_data": [ + { + "version_value": "11.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6833186", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6833186" + }, + { + "url": "https://www.ibm.com/support/pages/node/6833188", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6833188" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229461", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229461" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37018.json b/2022/37xxx/CVE-2022-37018.json index 17347e55057..46cc7946a73 100644 --- a/2022/37xxx/CVE-2022-37018.json +++ b/2022/37xxx/CVE-2022-37018.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37018", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "HP PC BIOS", + "version": { + "version_data": [ + { + "version_value": "See HP Security Bulletin reference for affected versions.", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_7191946-7191970-16/hpsbhf03820", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_7191946-7191970-16/hpsbhf03820" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" } } \ No newline at end of file diff --git a/2022/37xxx/CVE-2022-37897.json b/2022/37xxx/CVE-2022-37897.json index 25e208c187d..32770542af9 100644 --- a/2022/37xxx/CVE-2022-37897.json +++ b/2022/37xxx/CVE-2022-37897.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37897", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", + "version": { + "version_data": [ + { + "version_value": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37898.json b/2022/37xxx/CVE-2022-37898.json index b4f1cd65d6c..2c1b5702c4c 100644 --- a/2022/37xxx/CVE-2022-37898.json +++ b/2022/37xxx/CVE-2022-37898.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37898", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", + "version": { + "version_data": [ + { + "version_value": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37899.json b/2022/37xxx/CVE-2022-37899.json index e7cc1cb060a..afa26c53df3 100644 --- a/2022/37xxx/CVE-2022-37899.json +++ b/2022/37xxx/CVE-2022-37899.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37899", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", + "version": { + "version_data": [ + { + "version_value": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37900.json b/2022/37xxx/CVE-2022-37900.json index 1f453f013bb..da67b3588aa 100644 --- a/2022/37xxx/CVE-2022-37900.json +++ b/2022/37xxx/CVE-2022-37900.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37900", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", + "version": { + "version_data": [ + { + "version_value": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37901.json b/2022/37xxx/CVE-2022-37901.json index 5dd4976cf32..1b107a4e2ae 100644 --- a/2022/37xxx/CVE-2022-37901.json +++ b/2022/37xxx/CVE-2022-37901.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37901", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", + "version": { + "version_data": [ + { + "version_value": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37902.json b/2022/37xxx/CVE-2022-37902.json index 9f269335c56..26ef6b68eab 100644 --- a/2022/37xxx/CVE-2022-37902.json +++ b/2022/37xxx/CVE-2022-37902.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37902", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", + "version": { + "version_data": [ + { + "version_value": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37903.json b/2022/37xxx/CVE-2022-37903.json index 2c7f52b32a6..999a5b646a0 100644 --- a/2022/37xxx/CVE-2022-37903.json +++ b/2022/37xxx/CVE-2022-37903.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37903", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", + "version": { + "version_data": [ + { + "version_value": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37904.json b/2022/37xxx/CVE-2022-37904.json index f658ca82723..1ca6502143d 100644 --- a/2022/37xxx/CVE-2022-37904.json +++ b/2022/37xxx/CVE-2022-37904.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37904", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", + "version": { + "version_data": [ + { + "version_value": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37905.json b/2022/37xxx/CVE-2022-37905.json index ffb123b69c5..2430dd32532 100644 --- a/2022/37xxx/CVE-2022-37905.json +++ b/2022/37xxx/CVE-2022-37905.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37905", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", + "version": { + "version_data": [ + { + "version_value": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37906.json b/2022/37xxx/CVE-2022-37906.json index 5a02c52f2b4..41292c173c0 100644 --- a/2022/37xxx/CVE-2022-37906.json +++ b/2022/37xxx/CVE-2022-37906.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37906", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", + "version": { + "version_data": [ + { + "version_value": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37907.json b/2022/37xxx/CVE-2022-37907.json index fba40abc20e..d55484d31c9 100644 --- a/2022/37xxx/CVE-2022-37907.json +++ b/2022/37xxx/CVE-2022-37907.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37907", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", + "version": { + "version_data": [ + { + "version_value": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37908.json b/2022/37xxx/CVE-2022-37908.json index 1e5e84b261c..bbad26f323e 100644 --- a/2022/37xxx/CVE-2022-37908.json +++ b/2022/37xxx/CVE-2022-37908.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37908", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", + "version": { + "version_data": [ + { + "version_value": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37909.json b/2022/37xxx/CVE-2022-37909.json index 9a164cc9073..08f956cc8e5 100644 --- a/2022/37xxx/CVE-2022-37909.json +++ b/2022/37xxx/CVE-2022-37909.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37909", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", + "version": { + "version_data": [ + { + "version_value": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37910.json b/2022/37xxx/CVE-2022-37910.json index 31c998c7c03..02a955dd99a 100644 --- a/2022/37xxx/CVE-2022-37910.json +++ b/2022/37xxx/CVE-2022-37910.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37910", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", + "version": { + "version_data": [ + { + "version_value": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37911.json b/2022/37xxx/CVE-2022-37911.json index 2f627e0dc51..509b73ef88c 100644 --- a/2022/37xxx/CVE-2022-37911.json +++ b/2022/37xxx/CVE-2022-37911.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37911", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", + "version": { + "version_data": [ + { + "version_value": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 3.8, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37912.json b/2022/37xxx/CVE-2022-37912.json index 6863f8a933d..0fc21953d8c 100644 --- a/2022/37xxx/CVE-2022-37912.json +++ b/2022/37xxx/CVE-2022-37912.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37912", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", + "version": { + "version_data": [ + { + "version_value": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37919.json b/2022/37xxx/CVE-2022-37919.json index 5d5fe836f3c..55685cdacd5 100644 --- a/2022/37xxx/CVE-2022-37919.json +++ b/2022/37xxx/CVE-2022-37919.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37919", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can exploit this condition via the web-based management interface to create a denial-of-service condition which prevents the appliance from properly responding to API requests in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below;" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba EdgeConnect Enterprise Software", + "version": { + "version_data": [ + { + "version_value": "ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below;", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-018.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-018.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37920.json b/2022/37xxx/CVE-2022-37920.json index d30669370f5..77462906ef1 100644 --- a/2022/37xxx/CVE-2022-37920.json +++ b/2022/37xxx/CVE-2022-37920.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37920", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba EdgeConnect Enterprise Software", + "version": { + "version_data": [ + { + "version_value": "ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below;", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-018.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-018.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37927.json b/2022/37xxx/CVE-2022-37927.json index f3ec7be6736..921256f8c0f 100644 --- a/2022/37xxx/CVE-2022-37927.json +++ b/2022/37xxx/CVE-2022-37927.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37927", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "HPE OneView Global Dashboard (OVGD)", + "version": { + "version_data": [ + { + "version_value": "Prior to 2.7", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04370en_us", + "refsource": "MISC", + "name": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04370en_us" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37928.json b/2022/37xxx/CVE-2022-37928.json index ecd41e96753..bdf5270260b 100644 --- a/2022/37xxx/CVE-2022-37928.json +++ b/2022/37xxx/CVE-2022-37928.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37928", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage Secondary Flash Arrays", + "version": { + "version_data": [ + { + "version_value": "Prior to 5.2.1.900 (LTSR), 5.3.0.0 (GA)", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04359en_us", + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04359en_us" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37929.json b/2022/37xxx/CVE-2022-37929.json index 7d59cd7814b..9e23a931f92 100644 --- a/2022/37xxx/CVE-2022-37929.json +++ b/2022/37xxx/CVE-2022-37929.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37929", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage Secondary Flash Arrays", + "version": { + "version_data": [ + { + "version_value": "Prior to 5.2.1.900 (LTSR), 5.3.0.0 (GA)", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04360en_us", + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04360en_us" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37930.json b/2022/37xxx/CVE-2022-37930.json index 06b435effd8..71718bb79eb 100644 --- a/2022/37xxx/CVE-2022-37930.json +++ b/2022/37xxx/CVE-2022-37930.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37930", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage Secondary Flash Arrays", + "version": { + "version_data": [ + { + "version_value": "Prior to 5.2.1.900 (LTSR), 5.3.0.0 (GA)", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04361en_us", + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04361en_us" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/37xxx/CVE-2022-37932.json b/2022/37xxx/CVE-2022-37932.json index df571347cce..6b003572c6a 100644 --- a/2022/37xxx/CVE-2022-37932.json +++ b/2022/37xxx/CVE-2022-37932.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37932", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches", + "version": { + "version_data": [ + { + "version_value": "Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04383en_us", + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04383en_us" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/38xxx/CVE-2022-38395.json b/2022/38xxx/CVE-2022-38395.json index 4ced979578d..3f868259908 100644 --- a/2022/38xxx/CVE-2022-38395.json +++ b/2022/38xxx/CVE-2022-38395.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-38395", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "HP Support Assistant", + "version": { + "version_data": [ + { + "version_value": "See HP Security Bulletin reference for affected versions.", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_6788123-6788147-16/hpsbhf03809", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_6788123-6788147-16/hpsbhf03809" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38656.json b/2022/38xxx/CVE-2022-38656.json index 0d48adb8889..b0a93ab73e3 100644 --- a/2022/38xxx/CVE-2022-38656.json +++ b/2022/38xxx/CVE-2022-38656.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-38656", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "HCL Commerce", + "version": { + "version_data": [ + { + "version_value": "9.1.8 - 9.1.11", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101265", + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101265" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "version": "3.1" } ] } diff --git a/2022/38xxx/CVE-2022-38661.json b/2022/38xxx/CVE-2022-38661.json index cc9f2b9399c..202333a3194 100644 --- a/2022/38xxx/CVE-2022-38661.json +++ b/2022/38xxx/CVE-2022-38661.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-38661", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "HCL Workload Automation", + "version": { + "version_data": [ + { + "version_value": "< 9.4.0.7, < 9.5.0.5", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100939", + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100939" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2022/3xxx/CVE-2022-3509.json b/2022/3xxx/CVE-2022-3509.json index d532ac0267f..99ac6cc605a 100644 --- a/2022/3xxx/CVE-2022-3509.json +++ b/2022/3xxx/CVE-2022-3509.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3509", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "ProtocolBuffers", + "version": { + "version_data": [ + { + "version_value": "3.21.0", + "version_affected": "=" + }, + { + "version_value": "3.20.0", + "version_affected": "=" + }, + { + "version_value": "3.19.0", + "version_affected": "=" + }, + { + "version_value": "3.16.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/protocolbuffers/protobuf/commit/a3888f53317a8018e7a439bac4abeb8f3425d5e9", + "refsource": "MISC", + "name": "https://github.com/protocolbuffers/protobuf/commit/a3888f53317a8018e7a439bac4abeb8f3425d5e9" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2022/3xxx/CVE-2022-3510.json b/2022/3xxx/CVE-2022-3510.json index 8957adacdd5..5b28dc8e6ea 100644 --- a/2022/3xxx/CVE-2022-3510.json +++ b/2022/3xxx/CVE-2022-3510.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3510", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "ProtocolBuffers", + "version": { + "version_data": [ + { + "version_value": "3.21.0", + "version_affected": "=" + }, + { + "version_value": "3.20.0", + "version_affected": "=" + }, + { + "version_value": "3.19.0", + "version_affected": "=" + }, + { + "version_value": "3.16.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48", + "refsource": "MISC", + "name": "https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "INTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2022/42xxx/CVE-2022-42445.json b/2022/42xxx/CVE-2022-42445.json index c2a0be1a3ff..82f49760f48 100644 --- a/2022/42xxx/CVE-2022-42445.json +++ b/2022/42xxx/CVE-2022-42445.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42445", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HCL Launch could allow a user with administrative privileges, including \"Manage Security\" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "HCL Launch", + "version": { + "version_data": [ + { + "version_value": "6.2.7.0 - 6.2.7.17, 7.0.0.0 - 7.0.5.12, 7.1.0.0 - 7.1.2.8, 7.2.0.0 - 7.2.3.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101208", + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101208" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/43xxx/CVE-2022-43518.json b/2022/43xxx/CVE-2022-43518.json index 6d5e3ff8ae2..c60c8274de2 100644 --- a/2022/43xxx/CVE-2022-43518.json +++ b/2022/43xxx/CVE-2022-43518.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43518", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba EdgeConnect Enterprise Software", + "version": { + "version_data": [ + { + "version_value": "ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below;", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-018.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-018.txt" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/43xxx/CVE-2022-43780.json b/2022/43xxx/CVE-2022-43780.json index 6c27ecced26..c10b0303b7a 100644 --- a/2022/43xxx/CVE-2022-43780.json +++ b/2022/43xxx/CVE-2022-43780.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43780", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "Certain HP ENVY, OfficeJet, and DeskJet printers", + "version": { + "version_data": [ + { + "version_value": "See HP Security Bulletin reference for affected versions.", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_7095452-7095489-16/hpsbpi03813", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_7095452-7095489-16/hpsbpi03813" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" } } \ No newline at end of file diff --git a/2022/44xxx/CVE-2022-44647.json b/2022/44xxx/CVE-2022-44647.json index 2b9d7ba0dab..e305aac3e7d 100644 --- a/2022/44xxx/CVE-2022-44647.json +++ b/2022/44xxx/CVE-2022-44647.json @@ -1,17 +1,71 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44647", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44648." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Trend Micro, Inc.", + "product": { + "product_data": [ + { + "product_name": "Trend Micro Apex One", + "version": { + "version_data": [ + { + "version_value": "On Premise (14.0)", + "version_affected": "=" + }, + { + "version_value": "SaaS (14.0)", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000291770", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000291770" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1617/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1617/" } ] } diff --git a/2022/44xxx/CVE-2022-44648.json b/2022/44xxx/CVE-2022-44648.json index 901fe723d6d..4b619b5ba03 100644 --- a/2022/44xxx/CVE-2022-44648.json +++ b/2022/44xxx/CVE-2022-44648.json @@ -1,17 +1,71 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44648", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44647." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Trend Micro, Inc.", + "product": { + "product_data": [ + { + "product_name": "Trend Micro Apex One", + "version": { + "version_data": [ + { + "version_value": "On Premise (14.0)", + "version_affected": "=" + }, + { + "version_value": "SaaS (14.0)", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000291770", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000291770" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1618/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1618/" } ] } diff --git a/2022/44xxx/CVE-2022-44649.json b/2022/44xxx/CVE-2022-44649.json index 8c9e9756279..aa26a455443 100644 --- a/2022/44xxx/CVE-2022-44649.json +++ b/2022/44xxx/CVE-2022-44649.json @@ -1,17 +1,71 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44649", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Trend Micro, Inc.", + "product": { + "product_data": [ + { + "product_name": "Trend Micro Apex One", + "version": { + "version_data": [ + { + "version_value": "On Premise (14.0)", + "version_affected": "=" + }, + { + "version_value": "SaaS (14.0)", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000291770", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000291770" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1619/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1619/" } ] } diff --git a/2022/44xxx/CVE-2022-44650.json b/2022/44xxx/CVE-2022-44650.json index 8271ea934d2..8a5e2e490a4 100644 --- a/2022/44xxx/CVE-2022-44650.json +++ b/2022/44xxx/CVE-2022-44650.json @@ -1,17 +1,71 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44650", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Trend Micro, Inc.", + "product": { + "product_data": [ + { + "product_name": "Trend Micro Apex One", + "version": { + "version_data": [ + { + "version_value": "On Premise (14.0)", + "version_affected": "=" + }, + { + "version_value": "SaaS (14.0)", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000291770", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000291770" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1616/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1616/" } ] } diff --git a/2022/44xxx/CVE-2022-44651.json b/2022/44xxx/CVE-2022-44651.json index 26cd4d55f1e..56293cb9a5c 100644 --- a/2022/44xxx/CVE-2022-44651.json +++ b/2022/44xxx/CVE-2022-44651.json @@ -1,17 +1,71 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44651", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Trend Micro, Inc.", + "product": { + "product_data": [ + { + "product_name": "Trend Micro Apex One", + "version": { + "version_data": [ + { + "version_value": "On Premise (14.0)", + "version_affected": "=" + }, + { + "version_value": "SaaS (14.0)", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000291770", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000291770" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1620/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1620/" } ] } diff --git a/2022/44xxx/CVE-2022-44652.json b/2022/44xxx/CVE-2022-44652.json index 0b3d68635b4..5b64108eb1b 100644 --- a/2022/44xxx/CVE-2022-44652.json +++ b/2022/44xxx/CVE-2022-44652.json @@ -1,17 +1,71 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44652", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Trend Micro, Inc.", + "product": { + "product_data": [ + { + "product_name": "Trend Micro Apex One", + "version": { + "version_data": [ + { + "version_value": "On Premise (14.0)", + "version_affected": "=" + }, + { + "version_value": "SaaS (14.0)", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000291770", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000291770" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1621/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1621/" } ] } diff --git a/2022/44xxx/CVE-2022-44653.json b/2022/44xxx/CVE-2022-44653.json index 7cf36da9716..d3acd875079 100644 --- a/2022/44xxx/CVE-2022-44653.json +++ b/2022/44xxx/CVE-2022-44653.json @@ -1,17 +1,71 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44653", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Trend Micro, Inc.", + "product": { + "product_data": [ + { + "product_name": "Trend Micro Apex One", + "version": { + "version_data": [ + { + "version_value": "On Premise (14.0)", + "version_affected": "=" + }, + { + "version_value": "SaaS (14.0)", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000291770", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000291770" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1622/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1622/" } ] } diff --git a/2022/44xxx/CVE-2022-44654.json b/2022/44xxx/CVE-2022-44654.json index d16f9969f8c..5f91243be7d 100644 --- a/2022/44xxx/CVE-2022-44654.json +++ b/2022/44xxx/CVE-2022-44654.json @@ -1,17 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44654", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. The affected component's memory protection mechanism has been updated to enhance product security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Trend Micro, Inc.", + "product": { + "product_data": [ + { + "product_name": "Trend Micro Apex One", + "version": { + "version_data": [ + { + "version_value": "On Premise (14.0)", + "version_affected": "=" + }, + { + "version_value": "SaaS (14.0)", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000291770", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000291770" } ] } diff --git a/2022/4xxx/CVE-2022-4421.json b/2022/4xxx/CVE-2022-4421.json new file mode 100644 index 00000000000..85f07f637de --- /dev/null +++ b/2022/4xxx/CVE-2022-4421.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4421", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file