- Synchronized data.

2025-07-29 05:56:59 +00:00 · 2018-09-28 13:04:57 -04:00 · 2018-09-28 13:04:57 -04:00 · 73e57d56ee
commit 73e57d56ee
parent 5d66cc098e
2 changed files with 42 additions and 38 deletions
--- a/2018/15xxx/CVE-2018-15365.json
+++ b/2018/15xxx/CVE-2018-15365.json
@ -34,7 +34,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations.  An attacker must be an authenticated user in order to exploit the vulnerability."
+            "value" : "A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability."
         }
      ]
   },
@ -53,9 +53,13 @@
   "references" : {
      "reference_data" : [
         {
+            "name" : "https://github.com/nixwizard/CVE-2018-15365/",
+            "refsource" : "MISC",
            "url" : "https://github.com/nixwizard/CVE-2018-15365/"
         },
         {
+            "name" : "https://success.trendmicro.com/solution/1121079",
+            "refsource" : "CONFIRM",
            "url" : "https://success.trendmicro.com/solution/1121079"
         }
      ]
--- a/2018/5xxx/CVE-2018-5393.json
+++ b/2018/5xxx/CVE-2018-5393.json
@ -1,68 +1,68 @@
 {
-   "CVE_data_meta": {
-      "ASSIGNER": "cert@cert.org",
-      "ID": "CVE-2018-5393",
-      "STATE": "PUBLIC",
-      "TITLE": "TP-Link EAP Controller versions 2.5.3 and earlier lack RMI authentication"
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cert@cert.org",
+      "ID" : "CVE-2018-5393",
+      "STATE" : "PUBLIC",
+      "TITLE" : "TP-Link EAP Controller versions 2.5.3 and earlier lack RMI authentication"
   },
-   "affects": {
-      "vendor": {
-         "vendor_data": [
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
            {
-               "product": {
-                  "product_data": [
+               "product" : {
+                  "product_data" : [
                     {
-                        "product_name": "EAP Controller",
-                        "version": {
-                           "version_data": [
+                        "product_name" : "EAP Controller",
+                        "version" : {
+                           "version_data" : [
                              {
-                                 "affected": "<=",
-                                 "version_name": "2.5.3",
-                                 "version_value": "2.5.3"
+                                 "affected" : "<=",
+                                 "version_name" : "2.5.3",
+                                 "version_value" : "2.5.3"
                              }
                           ]
                        }
                     }
                  ]
               },
-               "vendor_name": "TP-LINK"
+               "vendor_name" : "TP-LINK"
            }
         ]
      }
   },
-   "data_format": "MITRE",
-   "data_type": "CVE",
-   "data_version": "4.0",
-   "description": {
-      "description_data": [
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
         {
-            "lang": "eng",
-            "value": "The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode."
+            "lang" : "eng",
+            "value" : "The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode."
         }
      ]
   },
-   "problemtype": {
-      "problemtype_data": [
+   "problemtype" : {
+      "problemtype_data" : [
         {
-            "description": [
+            "description" : [
               {
-                  "lang": "eng",
-                  "value": "CWE-306: Missing Authentication for Critical Function"
+                  "lang" : "eng",
+                  "value" : "CWE-306: Missing Authentication for Critical Function"
               }
            ]
         }
      ]
   },
-   "references": {
-      "reference_data": [
+   "references" : {
+      "reference_data" : [
         {
-            "name": "VU#581311",
-            "refsource": "CERT-VN",
-            "url": "https://www.kb.cert.org/vuls/id/581311"
+            "name" : "VU#581311",
+            "refsource" : "CERT-VN",
+            "url" : "https://www.kb.cert.org/vuls/id/581311"
         }
      ]
   },
-   "source": {
-      "discovery": "UNKNOWN"
+   "source" : {
+      "discovery" : "UNKNOWN"
   }
-}
+}