"-Synchronized-Data."

2025-07-29 05:56:59 +00:00 · 2022-12-29 21:00:41 +00:00 · 2022-12-29 21:00:41 +00:00 · 79103d2e6c
commit 79103d2e6c
parent 9401f113df
2 changed files with 12 additions and 10 deletions
--- a/2022/38xxx/CVE-2022-38210.json
+++ b/2022/38xxx/CVE-2022-38210.json
@ -1,6 +1,6 @@
 {
    "CVE_data_meta": {
-        "ASSIGNER": "PSIRT@esri.com",
+        "ASSIGNER": "psirt@esri.com",
        "DATE_PUBLIC": "2022-12-05T18:43:00.000Z",
        "ID": "CVE-2022-38210",
        "STATE": "PUBLIC",
@ -39,7 +39,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser."
+                "value": "There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim\u2019s browser."
            }
        ]
    },
@ -77,8 +77,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
-                "url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
+                "refsource": "MISC",
+                "url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available",
+                "name": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
            }
        ]
    },
@ -88,4 +89,4 @@
        ],
        "discovery": "EXTERNAL"
    }
-}
+}
--- a/2022/38xxx/CVE-2022-38211.json
+++ b/2022/38xxx/CVE-2022-38211.json
@ -1,6 +1,6 @@
 {
    "CVE_data_meta": {
-        "ASSIGNER": "PSIRT@esri.com",
+        "ASSIGNER": "psirt@esri.com",
        "DATE_PUBLIC": "2022-12-05T18:50:00.000Z",
        "ID": "CVE-2022-38211",
        "STATE": "PUBLIC",
@ -39,7 +39,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": " Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212. "
+                "value": "Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212."
            }
        ]
    },
@ -77,8 +77,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
-                "url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
+                "refsource": "MISC",
+                "url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available",
+                "name": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
            }
        ]
    },
@ -88,4 +89,4 @@
        ],
        "discovery": "EXTERNAL"
    }
-}
+}