admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-07-20 14:00:37 +00:00
parent f38c6e3a7d
commit 755f8d1574
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
4 changed files with 301 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

195
2023/32xxx/CVE-2023-32265.json
View File

@ -1,17 +1,204 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32265",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@opentext.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nA potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server.\nAn attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users\u00e2\u20ac\u2122 permissions in the Micro Focus Directory Server also reduce the exposure to this issue.\n\nGiven the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Micro Focus",
"product": {
"product_data": [
{
"product_name": "Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.0",
"version_value": "6.0 update 24"
},
{
"version_affected": "<=",
"version_name": "7.0",
"version_value": "7.0 update 17"
},
{
"version_affected": "<=",
"version_name": "8.0",
"version_value": "8.0 update 6"
}
]
}
},
{
"product_name": "Enterprise Test Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.0",
"version_value": "6.0 update 24"
},
{
"version_affected": "<=",
"version_name": "7.0",
"version_value": "7.0 update 17"
},
{
"version_affected": "<=",
"version_name": "8.0",
"version_value": "8.0 update 6"
}
]
}
},
{
"product_name": "Enterprise Developer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.0",
"version_value": "6.0 update 24"
},
{
"version_affected": "<=",
"version_name": "7.0",
"version_value": "7.0 update 17"
},
{
"version_affected": "<=",
"version_name": "8.0",
"version_value": "8.0 update 6"
}
]
}
},
{
"product_name": "Visual COBOL",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.0",
"version_value": "6.0 update 24"
},
{
"version_affected": "<=",
"version_name": "7.0",
"version_value": "7.0 update 17"
},
{
"version_affected": "<=",
"version_name": "8.0 ",
"version_value": "8.0 update 6"
}
]
}
},
{
"product_name": "COBOL Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.0",
"version_value": "6.0 update 24"
},
{
"version_affected": "<=",
"version_name": "7.0",
"version_value": "7.0 update 17"
},
{
"version_affected": "<=",
"version_name": "8.0 ",
"version_value": "8.0 update 6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://portal.microfocus.com/s/article/KM000019323?language=en_US",
"refsource": "MISC",
"name": "https://portal.microfocus.com/s/article/KM000019323?language=en_US"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server Versions 6.0, 7.0, and 8.0 all include a fix for this issue in their latest released patch updates.</span>\n\n<br>"
}
],
"value": "\nEnterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server Versions 6.0, 7.0, and 8.0 all include a fix for this issue in their latest released patch updates.\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Richard R Rohrkemper III @Early Warning Security "
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
]
}

78
2023/32xxx/CVE-2023-32476.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32476",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@dell.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nDell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability. An unauthenticated malicious user on the device can access hard coded secrets in javascript files.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dell",
"product": {
"product_data": [
{
"product_name": "Dell Hybrid Client (DHC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000215862/dsa-2023-258-dell",
"refsource": "MISC",
"name": "https://www.dell.com/support/kbdoc/en-us/000215862/dsa-2023-258-dell"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2023/3xxx/CVE-2023-3812.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3812",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/3xxx/CVE-2023-3813.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3813",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}