diff --git a/2024/1xxx/CVE-2024-1440.json b/2024/1xxx/CVE-2024-1440.json
index 998ea972513..17ed60a74f1 100644
--- a/2024/1xxx/CVE-2024-1440.json
+++ b/2024/1xxx/CVE-2024-1440.json
@@ -1,17 +1,312 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1440",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wso2.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users to an attacker-controlled site.\n\nBy exploiting this vulnerability, an attacker may trick users into visiting a malicious page, enabling phishing attacks to harvest sensitive information or perform other harmful actions."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
+ "cweId": "CWE-601"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "WSO2",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "WSO2 Identity Server",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "5.10.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.10.0.278",
+ "status": "affected",
+ "version": "5.10.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.11.0.347",
+ "status": "affected",
+ "version": "5.11.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "6.0.0.185",
+ "status": "affected",
+ "version": "6.0.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "6.1.0.145",
+ "status": "affected",
+ "version": "6.1.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "7.0.0.30",
+ "status": "affected",
+ "version": "7.0.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 API Manager",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "3.1.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "3.1.0.262",
+ "status": "affected",
+ "version": "3.1.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "3.2.0.344",
+ "status": "affected",
+ "version": "3.2.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.0.0.296",
+ "status": "affected",
+ "version": "4.0.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Identity Server as Key Manager",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "5.10.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.10.0.298",
+ "status": "affected",
+ "version": "5.10.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Open Banking AM",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "2.0.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "2.0.0.308",
+ "status": "affected",
+ "version": "2.0.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Open Banking IAM",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "2.0.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "2.0.0.327",
+ "status": "affected",
+ "version": "2.0.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Carbon Identity Application Authentication Endpoint(Utils)",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "5.17.5.256",
+ "status": "affected",
+ "version": "5.17.5",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.18.187.257",
+ "status": "affected",
+ "version": "5.18.187",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.23.8.174",
+ "status": "affected",
+ "version": "5.23.8",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.25.92.77",
+ "status": "affected",
+ "version": "5.25.92",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "7.0.78.18",
+ "status": "affected",
+ "version": "7.0.78",
+ "versionType": "custom"
+ },
+ {
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "version": "7.0.111",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3171/",
+ "refsource": "MISC",
+ "name": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3171/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "WSO2-2024-3171",
+ "discovery": "INTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3..."
+ }
+ ],
+ "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3... https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3171/#solution"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2024/3xxx/CVE-2024-3509.json b/2024/3xxx/CVE-2024-3509.json
index 8f9a6e50ade..49309860b15 100644
--- a/2024/3xxx/CVE-2024-3509.json
+++ b/2024/3xxx/CVE-2024-3509.json
@@ -1,17 +1,405 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3509",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wso2.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section.\nTo exploit this vulnerability, a malicious actor must have a valid user account with administrative access to the Management Console. If successful, the actor could inject persistent JavaScript payloads, enabling the theft of user data or execution of unauthorized actions on behalf of other users.\n\nWhile this issue enables persistent client-side script execution, session-related cookies remain protected with the httpOnly flag, preventing session hijacking."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "WSO2",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "WSO2 Enterprise Integrator",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "6.6.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "6.6.0.202",
+ "status": "affected",
+ "version": "6.6.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 API Manager",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "3.1.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "3.1.0.275",
+ "status": "affected",
+ "version": "3.1.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "3.2.0.392",
+ "status": "affected",
+ "version": "3.2.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "3.2.1.19",
+ "status": "affected",
+ "version": "3.2.1",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.0.0.308",
+ "status": "affected",
+ "version": "4.0.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.1.0.171",
+ "status": "affected",
+ "version": "4.1.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.2.0.107",
+ "status": "affected",
+ "version": "4.2.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.3.0.21",
+ "status": "affected",
+ "version": "4.3.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Open Banking AM",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "2.0.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "2.0.0.325",
+ "status": "affected",
+ "version": "2.0.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Open Banking IAM",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "2.0.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "2.0.0.345",
+ "status": "affected",
+ "version": "2.0.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Identity Server as Key Manager",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "5.10.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.10.0.292",
+ "status": "affected",
+ "version": "5.10.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Identity Server",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "5.10.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.10.0.296",
+ "status": "affected",
+ "version": "5.10.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.11.0.333",
+ "status": "affected",
+ "version": "5.11.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "6.0.0.181",
+ "status": "affected",
+ "version": "6.0.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "6.1.0.142",
+ "status": "affected",
+ "version": "6.1.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "7.0.0.9",
+ "status": "affected",
+ "version": "7.0.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Carbon Registry Resources UI",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "4.7.24.6",
+ "status": "affected",
+ "version": "4.7.24",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.7.32.10",
+ "status": "affected",
+ "version": "4.7.32",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.7.33.8",
+ "status": "affected",
+ "version": "4.7.33",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.7.35.8",
+ "status": "affected",
+ "version": "4.7.35",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.7.39.6",
+ "status": "affected",
+ "version": "4.7.39",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.7.51.2",
+ "status": "affected",
+ "version": "4.7.51",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.8.3.7",
+ "status": "affected",
+ "version": "4.8.3",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.8.9.3",
+ "status": "affected",
+ "version": "4.8.9",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.8.12.2",
+ "status": "affected",
+ "version": "4.8.12",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.8.13.4",
+ "status": "affected",
+ "version": "4.8.13",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.8.24.1",
+ "status": "affected",
+ "version": "4.8.24",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.8.32.2",
+ "status": "affected",
+ "version": "4.8.32",
+ "versionType": "custom"
+ },
+ {
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "version": "4.8.35",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-2701",
+ "refsource": "MISC",
+ "name": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-2701"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "WSO2-2024-2701",
+ "discovery": "INTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-2...
"
+ }
+ ],
+ "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-2... https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-2701/#solution"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2024/7xxx/CVE-2024-7073.json b/2024/7xxx/CVE-2024-7073.json
index 3cca42d4f60..80f651581b1 100644
--- a/2024/7xxx/CVE-2024-7073.json
+++ b/2024/7xxx/CVE-2024-7073.json
@@ -1,17 +1,423 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7073",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wso2.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal and external resources available through the network or filesystem.\n\nExploitation of this vulnerability could lead to unauthorized access to sensitive data and systems, including resources within private networks, as long as they are reachable by the affected product."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-918 Server-Side Request Forgery (SSRF)",
+ "cweId": "CWE-918"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "WSO2",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "WSO2 Identity Server as Key Manager",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "5.3.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.3.0.37",
+ "status": "affected",
+ "version": "5.3.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.5.0.50",
+ "status": "affected",
+ "version": "5.5.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.6.0.71",
+ "status": "affected",
+ "version": "5.6.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.7.0.122",
+ "status": "affected",
+ "version": "5.7.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.9.0.165",
+ "status": "affected",
+ "version": "5.9.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.10.0.312",
+ "status": "affected",
+ "version": "5.10.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Identity Server",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "5.2.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.2.0.32",
+ "status": "affected",
+ "version": "5.2.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.3.0.32",
+ "status": "affected",
+ "version": "5.3.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.4.0.31",
+ "status": "affected",
+ "version": "5.4.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.4.1.36",
+ "status": "affected",
+ "version": "5.4.1",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.5.0.49",
+ "status": "affected",
+ "version": "5.5.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.6.0.57",
+ "status": "affected",
+ "version": "5.6.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.7.0.123",
+ "status": "affected",
+ "version": "5.7.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.8.0.105",
+ "status": "affected",
+ "version": "5.8.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.9.0.156",
+ "status": "affected",
+ "version": "5.9.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.10.0.318",
+ "status": "affected",
+ "version": "5.10.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.11.0.364",
+ "status": "affected",
+ "version": "5.11.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "6.0.0.208",
+ "status": "affected",
+ "version": "6.0.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "6.1.0.187",
+ "status": "affected",
+ "version": "6.1.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "7.0.0.59",
+ "status": "affected",
+ "version": "7.0.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Open Banking KM",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "1.3.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "1.3.0.114",
+ "status": "affected",
+ "version": "1.3.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "1.4.0.130",
+ "status": "affected",
+ "version": "1.4.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "1.5.0.120",
+ "status": "affected",
+ "version": "1.5.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Open Banking IAM",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "2.0.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "2.0.0.363",
+ "status": "affected",
+ "version": "2.0.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Carbon Policy Editor BE",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "5.2.2.14",
+ "status": "affected",
+ "version": "5.2.2",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.7.5.15",
+ "status": "affected",
+ "version": "5.7.5",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.10.86.5",
+ "status": "affected",
+ "version": "5.10.86",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.10.112.16",
+ "status": "affected",
+ "version": "5.10.112",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.11.148.15",
+ "status": "affected",
+ "version": "5.11.148",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.11.256.17",
+ "status": "affected",
+ "version": "5.11.256",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.12.153.59",
+ "status": "affected",
+ "version": "5.12.153",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.12.387.42",
+ "status": "affected",
+ "version": "5.12.387",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.14.97.76",
+ "status": "affected",
+ "version": "5.14.97",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.17.5.284",
+ "status": "affected",
+ "version": "5.17.5",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.18.187.268",
+ "status": "affected",
+ "version": "5.18.187",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.23.8.186",
+ "status": "affected",
+ "version": "5.23.8",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.25.92.95",
+ "status": "affected",
+ "version": "5.25.92",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "7.0.78.35",
+ "status": "affected",
+ "version": "7.0.78",
+ "versionType": "custom"
+ },
+ {
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "version": "7.4.3",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3562",
+ "refsource": "MISC",
+ "name": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3562"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "WSO2-2024-3562",
+ "discovery": "INTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3...
"
+ }
+ ],
+ "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3... https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3562/#solution"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2024/7xxx/CVE-2024-7074.json b/2024/7xxx/CVE-2024-7074.json
index aef49be0929..23a4b926645 100644
--- a/2024/7xxx/CVE-2024-7074.json
+++ b/2024/7xxx/CVE-2024-7074.json
@@ -1,17 +1,506 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7074",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wso2.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server.\n\nBy leveraging this vulnerability, an attacker could upload a specially crafted payload, potentially achieving remote code execution (RCE) on the server. Exploitation requires valid admin credentials, limiting its impact to authorized but potentially malicious users."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
+ "cweId": "CWE-434"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "WSO2",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "WSO2 Enterprise Integrator",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "6.0.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "6.0.0.21",
+ "status": "affected",
+ "version": "6.0.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "6.1.0.38",
+ "status": "affected",
+ "version": "6.1.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "6.1.1.42",
+ "status": "affected",
+ "version": "6.1.1",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "6.2.0.61",
+ "status": "affected",
+ "version": "6.2.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "6.3.0.69",
+ "status": "affected",
+ "version": "6.3.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "6.4.0.96",
+ "status": "affected",
+ "version": "6.4.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "6.5.0.102",
+ "status": "affected",
+ "version": "6.5.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "6.6.0.198",
+ "status": "affected",
+ "version": "6.6.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 API Manager",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "2.0.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "2.0.0.28",
+ "status": "affected",
+ "version": "2.0.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "2.1.0.38",
+ "status": "affected",
+ "version": "2.1.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "2.2.0.57",
+ "status": "affected",
+ "version": "2.2.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "2.5.0.83",
+ "status": "affected",
+ "version": "2.5.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "2.6.0.143",
+ "status": "affected",
+ "version": "2.6.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "3.0.0.162",
+ "status": "affected",
+ "version": "3.0.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "3.1.0.293",
+ "status": "affected",
+ "version": "3.1.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "3.2.0.384",
+ "status": "affected",
+ "version": "3.2.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "3.2.1.16",
+ "status": "affected",
+ "version": "3.2.1",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.0.0.305",
+ "status": "affected",
+ "version": "4.0.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.1.0.166",
+ "status": "affected",
+ "version": "4.1.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.2.0.100",
+ "status": "affected",
+ "version": "4.2.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.3.0.16",
+ "status": "affected",
+ "version": "4.3.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Enterprise Service Bus",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "4.9.0",
+ "version_value": "4.9.0.10"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "5.0.0",
+ "version_value": "5.0.0.28"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Enterprise Mobility Manager",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "2.2.0",
+ "version_value": "2.2.0.27"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Micro Integrator",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "1.0.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "1.0.0.49",
+ "status": "affected",
+ "version": "1.0.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Open Banking AM",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "1.3.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "1.3.0.132",
+ "status": "affected",
+ "version": "1.3.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "1.4.0.135",
+ "status": "affected",
+ "version": "1.4.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "1.5.0.137",
+ "status": "affected",
+ "version": "1.5.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "2.0.0.342",
+ "status": "affected",
+ "version": "2.0.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Carbon Synapse Artifact Uploader BE",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "4.4.10.3",
+ "status": "affected",
+ "version": "4.4.10",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.6.1.4",
+ "status": "affected",
+ "version": "4.6.1",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.6.6.9",
+ "status": "affected",
+ "version": "4.6.6",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.6.10.4",
+ "status": "affected",
+ "version": "4.6.10",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.6.16.2",
+ "status": "affected",
+ "version": "4.6.16",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.6.19.10",
+ "status": "affected",
+ "version": "4.6.19",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.6.64.2",
+ "status": "affected",
+ "version": "4.6.64",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.6.67.15",
+ "status": "affected",
+ "version": "4.6.67",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.6.89.12",
+ "status": "affected",
+ "version": "4.6.89",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.6.105.59",
+ "status": "affected",
+ "version": "4.6.105",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.6.150.11",
+ "status": "affected",
+ "version": "4.6.150",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.7.20.5",
+ "status": "affected",
+ "version": "4.7.20",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.7.30.42",
+ "status": "affected",
+ "version": "4.7.30",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.7.35.5",
+ "status": "affected",
+ "version": "4.7.35",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.7.61.56",
+ "status": "affected",
+ "version": "4.7.61",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.7.99.299",
+ "status": "affected",
+ "version": "4.7.99",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.7.131.15",
+ "status": "affected",
+ "version": "4.7.131",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.7.175.18",
+ "status": "affected",
+ "version": "4.7.175",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.7.188.5",
+ "status": "affected",
+ "version": "4.7.188",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.7.204.5",
+ "status": "affected",
+ "version": "4.7.204",
+ "versionType": "custom"
+ },
+ {
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "version": "4.7.216",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3566/",
+ "refsource": "MISC",
+ "name": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3566/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "WSO2-2024-3566",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3...
"
+ }
+ ],
+ "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3... https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3566/#solution"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Anonymous working with Trend Micro Zero Day Initiative"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.8,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/8xxx/CVE-2024-8008.json b/2024/8xxx/CVE-2024-8008.json
index 9e5329308ea..16131ca7c5c 100644
--- a/2024/8xxx/CVE-2024-8008.json
+++ b/2024/8xxx/CVE-2024-8008.json
@@ -1,17 +1,393 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8008",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wso2.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A reflected cross-site scripting (XSS) vulnerability exists in multiple [Vendor Name] products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser to execute arbitrary JavaScript in the context of the vulnerable page.\n\nThis vulnerability may allow UI manipulation, redirection to malicious websites, or data exfiltration from the browser. However, since all session-related sensitive cookies are protected with the httpOnly flag, session hijacking is not possible."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "WSO2",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "WSO2 Enterprise Integrator",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "6.6.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "6.6.0.211",
+ "status": "affected",
+ "version": "6.6.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 API Manager",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "3.1.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "3.1.0.305",
+ "status": "affected",
+ "version": "3.1.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "3.2.0.396",
+ "status": "affected",
+ "version": "3.2.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "3.2.1.28",
+ "status": "affected",
+ "version": "3.2.1",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.0.0.313",
+ "status": "affected",
+ "version": "4.0.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.1.0.182",
+ "status": "affected",
+ "version": "4.1.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.2.0.121",
+ "status": "affected",
+ "version": "4.2.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "4.3.0.32",
+ "status": "affected",
+ "version": "4.3.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Identity Server as Key Manager",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "5.10.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.10.0.321",
+ "status": "affected",
+ "version": "5.10.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Identity Server",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "5.10.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.10.0.328",
+ "status": "affected",
+ "version": "5.10.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.11.0.374",
+ "status": "affected",
+ "version": "5.11.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "6.0.0.216",
+ "status": "affected",
+ "version": "6.0.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "6.1.0.201",
+ "status": "affected",
+ "version": "6.1.0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "7.0.0.69",
+ "status": "affected",
+ "version": "7.0.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Open Banking IAM",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "2.0.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "2.0.0.374",
+ "status": "affected",
+ "version": "2.0.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Open Banking AM",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "2.0.0",
+ "status": "unknown",
+ "version": "0",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "2.0.0.354",
+ "status": "affected",
+ "version": "2.0.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "WSO2 Carbon Identity User Store Configuration UI",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "5.14.127.9",
+ "status": "affected",
+ "version": "5.14.127",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.17.5.289",
+ "status": "affected",
+ "version": "5.17.5",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.17.118.10",
+ "status": "affected",
+ "version": "5.17.118",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.18.187.276",
+ "status": "affected",
+ "version": "5.18.187",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.18.248.22",
+ "status": "affected",
+ "version": "5.18.248",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.23.8.193",
+ "status": "affected",
+ "version": "5.23.8",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.24.8.11",
+ "status": "affected",
+ "version": "5.24.8",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.25.92.104",
+ "status": "affected",
+ "version": "5.25.92",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "5.25.705.10",
+ "status": "affected",
+ "version": "5.25.705",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "7.0.78.46",
+ "status": "affected",
+ "version": "7.0.78",
+ "versionType": "custom"
+ },
+ {
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "version": "7.5.12",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3178/",
+ "refsource": "MISC",
+ "name": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3178/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "WSO2-2024-3178",
+ "discovery": "INTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3178/#solution
"
+ }
+ ],
+ "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3178/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3178/#solution"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.2,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2025/48xxx/CVE-2025-48994.json b/2025/48xxx/CVE-2025-48994.json
index cfc656d6f35..7f3a7bb47da 100644
--- a/2025/48xxx/CVE-2025-48994.json
+++ b/2025/48xxx/CVE-2025-48994.json
@@ -1,18 +1,73 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-48994",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=...`), versions of SignXML prior to 4.0.4 are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature algorithms using the `signxml.XMLVerifier.verify(expect_config=...)` setting, an attacker may supply a signature unexpectedly signed with a key other than the provided HMAC key, using a different (asymmetric key) signature algorithm. Starting with SignXML 4.0.4, specifying `hmac_key` causes the set of accepted signature algorithms to be restricted to HMAC only, if not already restricted by the user."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-303: Incorrect Implementation of Authentication Algorithm",
+ "cweId": "CWE-303"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "XML-Security",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "signxml",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "< 4.0.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/XML-Security/signxml/security/advisories/GHSA-6vx8-pcwv-xhf4",
+ "refsource": "MISC",
+ "name": "https://github.com/XML-Security/signxml/security/advisories/GHSA-6vx8-pcwv-xhf4"
+ },
+ {
+ "url": "https://github.com/XML-Security/signxml/commit/e3c0c2b82a3329a65d917830657649c98b8c7600",
+ "refsource": "MISC",
+ "name": "https://github.com/XML-Security/signxml/commit/e3c0c2b82a3329a65d917830657649c98b8c7600"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-6vx8-pcwv-xhf4",
+ "discovery": "UNKNOWN"
}
}
\ No newline at end of file
diff --git a/2025/48xxx/CVE-2025-48995.json b/2025/48xxx/CVE-2025-48995.json
index 78a6dba5178..1dbc7793d39 100644
--- a/2025/48xxx/CVE-2025-48995.json
+++ b/2025/48xxx/CVE-2025-48995.json
@@ -1,18 +1,73 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-48995",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=...`), versions of SignXML prior to 4.0.4 are vulnerable to a potential timing attack. The verifier may leak information about the correct HMAC when comparing it with the user supplied hash, allowing users to reconstruct the correct HMAC for any data."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-208: Observable Timing Discrepancy",
+ "cweId": "CWE-208"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "XML-Security",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "signxml",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "< 4.0.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/XML-Security/signxml/security/advisories/GHSA-gmhf-gg8w-jw42",
+ "refsource": "MISC",
+ "name": "https://github.com/XML-Security/signxml/security/advisories/GHSA-gmhf-gg8w-jw42"
+ },
+ {
+ "url": "https://github.com/XML-Security/signxml/commit/1b501faaacf34cf978a52dbc6915ec11e27611cd",
+ "refsource": "MISC",
+ "name": "https://github.com/XML-Security/signxml/commit/1b501faaacf34cf978a52dbc6915ec11e27611cd"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-gmhf-gg8w-jw42",
+ "discovery": "UNKNOWN"
}
}
\ No newline at end of file
diff --git a/2025/5xxx/CVE-2025-5036.json b/2025/5xxx/CVE-2025-5036.json
index 69ac765f39c..8e33af4bc71 100644
--- a/2025/5xxx/CVE-2025-5036.json
+++ b/2025/5xxx/CVE-2025-5036.json
@@ -1,17 +1,98 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-5036",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@autodesk.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-416 Use-After-Free",
+ "cweId": "CWE-416"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Autodesk",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Revit",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "2026",
+ "version_value": "2026.1"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "2025",
+ "version_value": "2025.4.2"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "2024",
+ "version_value": "2024.3.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0008",
+ "refsource": "MISC",
+ "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0008"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}