admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-07 14:00:33 +00:00
parent 28cadf256b
commit 6cef2ade06
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
2 changed files with 188 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
2025/1xxx/CVE-2025-1107.json
View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1107",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint \u2018/public/cgi/Gateway.php\u2019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-620: Unverified Password Change",
"cweId": "CWE-620"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Impronta",
"product": {
"product_data": [
{
"product_name": "Janto",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "r12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "With the implemented patches by the Impronta team, the detected vulnerabilities have been fixed. All customers using this product in SaaS mode have been upgraded to version r12 which fixes these issues."
}
],
"value": "With the implemented patches by the Impronta team, the detected vulnerabilities have been fixed. All customers using this product in SaaS mode have been upgraded to version r12 which fixes these issues."
}
],
"credits": [
{
"lang": "en",
"value": "Guzm\u00e1n Fern\u00e1ndez Oca\u00f1a"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
]
}

98
2025/1xxx/CVE-2025-1108.json
View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1108",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into the \u2018Xml\u2019 parameter on the \u2018/public/cgi/Gateway.php\u2019 endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-345 Insufficient Verification of Data Authenticity",
"cweId": "CWE-345"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Impronta",
"product": {
"product_data": [
{
"product_name": "Janto",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "r12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "With the implemented patches by the Impronta team, the detected vulnerabilities have been fixed. All customers using this product in SaaS mode have been upgraded to version r12 which fixes these issues."
}
],
"value": "With the implemented patches by the Impronta team, the detected vulnerabilities have been fixed. All customers using this product in SaaS mode have been upgraded to version r12 which fixes these issues."
}
],
"credits": [
{
"lang": "en",
"value": "Guzm\u00e1n Fern\u00e1ndez Oca\u00f1a"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
]
}