From 688ad2efc27e694a9de44e16b8fdf1d020d9ffd1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 9 Aug 2021 19:01:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2013/4xxx/CVE-2013-4717.json | 48 +++++++++++++++++++++++- 2013/4xxx/CVE-2013-4718.json | 48 +++++++++++++++++++++++- 2014/9xxx/CVE-2014-9320.json | 68 +++++++++++++++++++++++++++++++++- 2015/2xxx/CVE-2015-2073.json | 63 ++++++++++++++++++++++++++++++- 2015/2xxx/CVE-2015-2074.json | 63 ++++++++++++++++++++++++++++++- 2015/7xxx/CVE-2015-7731.json | 53 +++++++++++++++++++++++++- 2018/17xxx/CVE-2018-17861.json | 58 ++++++++++++++++++++++++++++- 2018/17xxx/CVE-2018-17862.json | 58 ++++++++++++++++++++++++++++- 2018/17xxx/CVE-2018-17865.json | 48 +++++++++++++++++++++++- 2021/38xxx/CVE-2021-38297.json | 18 +++++++++ 2021/38xxx/CVE-2021-38298.json | 18 +++++++++ 2021/38xxx/CVE-2021-38299.json | 18 +++++++++ 2021/38xxx/CVE-2021-38300.json | 18 +++++++++ 13 files changed, 561 insertions(+), 18 deletions(-) create mode 100644 2021/38xxx/CVE-2021-38297.json create mode 100644 2021/38xxx/CVE-2021-38298.json create mode 100644 2021/38xxx/CVE-2021-38299.json create mode 100644 2021/38xxx/CVE-2021-38300.json diff --git a/2013/4xxx/CVE-2013-4717.json b/2013/4xxx/CVE-2013-4717.json index f90b4bc2ea0..779bfd0367e 100644 --- a/2013/4xxx/CVE-2013-4717.json +++ b/2013/4xxx/CVE-2013-4717.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4717", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/", + "url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/" } ] } diff --git a/2013/4xxx/CVE-2013-4718.json b/2013/4xxx/CVE-2013-4718.json index d7b270a099f..6a026a5e5ed 100644 --- a/2013/4xxx/CVE-2013-4718.json +++ b/2013/4xxx/CVE-2013-4718.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4718", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/", + "url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/" } ] } diff --git a/2014/9xxx/CVE-2014-9320.json b/2014/9xxx/CVE-2014-9320.json index b7fe18b5171..2605b68d73d 100644 --- a/2014/9xxx/CVE-2014-9320.json +++ b/2014/9xxx/CVE-2014-9320.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9320", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html" + }, + { + "refsource": "MISC", + "name": "https://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba", + "url": "https://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/archive/1/archive/1/534249/100/0/threaded", + "url": "https://www.securityfocus.com/archive/1/archive/1/534249/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Dec/60", + "url": "http://seclists.org/fulldisclosure/2014/Dec/60" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99607", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99607" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] } ] } diff --git a/2015/2xxx/CVE-2015-2073.json b/2015/2xxx/CVE-2015-2073.json index 3e71d2a47be..5f0b3b0a877 100644 --- a/2015/2xxx/CVE-2015-2073.json +++ b/2015/2xxx/CVE-2015-2073.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2073", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/130520/SAP-Business-Objects-Unauthorized-File-Repository-Server-Read.html", + "url": "http://packetstormsecurity.com/files/130520/SAP-Business-Objects-Unauthorized-File-Repository-Server-Read.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/534748/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/534748/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Feb/92", + "url": "http://seclists.org/fulldisclosure/2015/Feb/92" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/72774", + "url": "http://www.securityfocus.com/bid/72774" } ] } diff --git a/2015/2xxx/CVE-2015-2074.json b/2015/2xxx/CVE-2015-2074.json index c1b5787b62e..7fe74d7120b 100644 --- a/2015/2xxx/CVE-2015-2074.json +++ b/2015/2xxx/CVE-2015-2074.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2074", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/130521/SAP-Business-Objects-Unauthorized-File-Repository-Server-Write.html", + "url": "http://packetstormsecurity.com/files/130521/SAP-Business-Objects-Unauthorized-File-Repository-Server-Write.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/534749/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/534749/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Feb/93", + "url": "http://seclists.org/fulldisclosure/2015/Feb/93" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/72776", + "url": "http://www.securityfocus.com/bid/72776" } ] } diff --git a/2015/7xxx/CVE-2015-7731.json b/2015/7xxx/CVE-2015-7731.json index a9965f0e925..84db69df529 100644 --- a/2015/7xxx/CVE-2015-7731.json +++ b/2015/7xxx/CVE-2015-7731.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7731", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.onapsis.com/research/security-advisories/SAP-Mobile-Platform-DataVault-Keystream-Recovery", + "url": "https://www.onapsis.com/research/security-advisories/SAP-Mobile-Platform-DataVault-Keystream-Recovery" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2015/Aug/39", + "url": "https://seclists.org/bugtraq/2015/Aug/39" } ] } diff --git a/2018/17xxx/CVE-2018-17861.json b/2018/17xxx/CVE-2018-17861.json index a69679e3d48..2a81b8cda71 100644 --- a/2018/17xxx/CVE-2018-17861.json +++ b/2018/17xxx/CVE-2018-17861.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17861", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151945/SAP-J2EE-Engine-7.01-Portal-EPP-Protocol-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/151945/SAP-J2EE-Engine-7.01-Portal-EPP-Protocol-Cross-Site-Scripting.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20190304 SAP J2EE Engine/7.01/Portal/EPP Reflected Cross Site Scripting (XSS)", + "url": "https://seclists.org/bugtraq/2019/Mar/4" + }, + { + "refsource": "FULLDISC", + "name": "20190305 SAP J2EE Engine/7.01/Portal/EPP Reflected Cross Site Scripting (XSS)", + "url": "http://seclists.org/fulldisclosure/2019/Mar/6" } ] } diff --git a/2018/17xxx/CVE-2018-17862.json b/2018/17xxx/CVE-2018-17862.json index d8e0886595a..92d55fc8ee5 100644 --- a/2018/17xxx/CVE-2018-17862.json +++ b/2018/17xxx/CVE-2018-17862.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17862", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "BUGTRAQ", + "name": "20190304 SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS)", + "url": "https://seclists.org/bugtraq/2019/Mar/5" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151946/SAP-J2EE-Engine-7.01-Fiori-test2-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/151946/SAP-J2EE-Engine-7.01-Fiori-test2-Cross-Site-Scripting.html" + }, + { + "refsource": "FULLDISC", + "name": "20190305 SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS)", + "url": "http://seclists.org/fulldisclosure/2019/Mar/8" } ] } diff --git a/2018/17xxx/CVE-2018-17865.json b/2018/17xxx/CVE-2018-17865.json index e0e50d7a065..152d5b9b987 100644 --- a/2018/17xxx/CVE-2018-17865.json +++ b/2018/17xxx/CVE-2018-17865.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17865", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2019/Mar/6", + "url": "https://seclists.org/bugtraq/2019/Mar/6" } ] } diff --git a/2021/38xxx/CVE-2021-38297.json b/2021/38xxx/CVE-2021-38297.json new file mode 100644 index 00000000000..6654e50b7aa --- /dev/null +++ b/2021/38xxx/CVE-2021-38297.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-38297", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38298.json b/2021/38xxx/CVE-2021-38298.json new file mode 100644 index 00000000000..a418489b8bb --- /dev/null +++ b/2021/38xxx/CVE-2021-38298.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-38298", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38299.json b/2021/38xxx/CVE-2021-38299.json new file mode 100644 index 00000000000..7e36e48f4ca --- /dev/null +++ b/2021/38xxx/CVE-2021-38299.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-38299", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38300.json b/2021/38xxx/CVE-2021-38300.json new file mode 100644 index 00000000000..1b6a664e951 --- /dev/null +++ b/2021/38xxx/CVE-2021-38300.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-38300", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file