"-Synchronized-Data."

2025-05-07 03:02:46 +00:00 · 2023-09-13 21:00:33 +00:00 · 2023-09-13 21:00:33 +00:00 · 756bebab63
commit 756bebab63
parent d7f5f54cfd
1 changed files with 82 additions and 4 deletions
--- a/2023/4xxx/CVE-2023-4568.json
+++ b/2023/4xxx/CVE-2023-4568.json
@ -1,17 +1,95 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2023-4568",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "vulnreport@tenable.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-287 Improper Authentication",
+                        "cweId": "CWE-287"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "PaperCut",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "PaperCut NG",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "not down converted",
+                                            "x_cve_json_5_version_data": {
+                                                "versions": [
+                                                    {
+                                                        "status": "unknown",
+                                                        "version": "0"
+                                                    }
+                                                ],
+                                                "defaultStatus": "unaffected"
+                                            }
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://www.tenable.com/security/research/tra-2023-31",
+                "refsource": "MISC",
+                "name": "https://www.tenable.com/security/research/tra-2023-31"
+            }
+        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.1.0-dev"
+    },
+    "source": {
+        "discovery": "UNKNOWN"
+    },
+    "impact": {
+        "cvss": [
+            {
+                "attackComplexity": "LOW",
+                "attackVector": "NETWORK",
+                "availabilityImpact": "NONE",
+                "baseScore": 6.5,
+                "baseSeverity": "MEDIUM",
+                "confidentialityImpact": "LOW",
+                "integrityImpact": "LOW",
+                "privilegesRequired": "NONE",
+                "scope": "UNCHANGED",
+                "userInteraction": "NONE",
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
+                "version": "3.1"
            }
        ]
    }