From 7c7981df3f2c8828d431bb95c2028417735650d4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 9 Jan 2024 02:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/26xxx/CVE-2023-26998.json | 66 +++++++++++++-- 2023/26xxx/CVE-2023-26999.json | 66 +++++++++++++-- 2023/27xxx/CVE-2023-27000.json | 66 +++++++++++++-- 2023/27xxx/CVE-2023-27098.json | 71 ++++++++++++++-- 2023/36xxx/CVE-2023-36629.json | 66 +++++++++++++-- 2023/39xxx/CVE-2023-39336.json | 73 ++++++++++++++++- 2023/46xxx/CVE-2023-46846.json | 5 ++ 2023/46xxx/CVE-2023-46847.json | 5 ++ 2023/49xxx/CVE-2023-49238.json | 61 ++++++++++++-- 2023/49xxx/CVE-2023-49285.json | 5 ++ 2023/49xxx/CVE-2023-49286.json | 5 ++ 2023/49xxx/CVE-2023-49583.json | 10 +++ 2023/50xxx/CVE-2023-50269.json | 5 ++ 2023/50xxx/CVE-2023-50422.json | 9 ++- 2023/51xxx/CVE-2023-51717.json | 61 ++++++++++++-- 2024/21xxx/CVE-2024-21736.json | 87 +++++++++++++++++++- 2024/21xxx/CVE-2024-21737.json | 83 ++++++++++++++++++- 2024/21xxx/CVE-2024-21738.json | 143 ++++++++++++++++++++++++++++++++- 2024/22xxx/CVE-2024-22124.json | 123 +++++++++++++++++++++++++++- 2024/22xxx/CVE-2024-22125.json | 83 ++++++++++++++++++- 20 files changed, 1025 insertions(+), 68 deletions(-) diff --git a/2023/26xxx/CVE-2023-26998.json b/2023/26xxx/CVE-2023-26998.json index 1579370576e..1dea2eb2c0f 100644 --- a/2023/26xxx/CVE-2023-26998.json +++ b/2023/26xxx/CVE-2023-26998.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-26998", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-26998", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://netscout.com", + "refsource": "MISC", + "name": "http://netscout.com" + }, + { + "url": "http://ngeniusone.com", + "refsource": "MISC", + "name": "http://ngeniusone.com" + }, + { + "refsource": "MISC", + "name": "https://piotrryciak.com/posts/netscout-multiple-vulnerabilities/", + "url": "https://piotrryciak.com/posts/netscout-multiple-vulnerabilities/" } ] } diff --git a/2023/26xxx/CVE-2023-26999.json b/2023/26xxx/CVE-2023-26999.json index 09db8eb50c7..19967cd0eb2 100644 --- a/2023/26xxx/CVE-2023-26999.json +++ b/2023/26xxx/CVE-2023-26999.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-26999", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-26999", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://netscout.com", + "refsource": "MISC", + "name": "http://netscout.com" + }, + { + "url": "http://ngeniusone.com", + "refsource": "MISC", + "name": "http://ngeniusone.com" + }, + { + "refsource": "MISC", + "name": "https://piotrryciak.com/posts/netscout-multiple-vulnerabilities/", + "url": "https://piotrryciak.com/posts/netscout-multiple-vulnerabilities/" } ] } diff --git a/2023/27xxx/CVE-2023-27000.json b/2023/27xxx/CVE-2023-27000.json index ca7b2181c8b..f5fce7c8745 100644 --- a/2023/27xxx/CVE-2023-27000.json +++ b/2023/27xxx/CVE-2023-27000.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-27000", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-27000", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://netscout.com", + "refsource": "MISC", + "name": "http://netscout.com" + }, + { + "url": "http://ngeniusone.com", + "refsource": "MISC", + "name": "http://ngeniusone.com" + }, + { + "refsource": "MISC", + "name": "https://piotrryciak.com/posts/netscout-multiple-vulnerabilities/", + "url": "https://piotrryciak.com/posts/netscout-multiple-vulnerabilities/" } ] } diff --git a/2023/27xxx/CVE-2023-27098.json b/2023/27xxx/CVE-2023-27098.json index f23b86f3564..395784f1093 100644 --- a/2023/27xxx/CVE-2023-27098.json +++ b/2023/27xxx/CVE-2023-27098.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-27098", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-27098", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://tp-link.com", + "refsource": "MISC", + "name": "http://tp-link.com" + }, + { + "url": "http://tp-lin.com", + "refsource": "MISC", + "name": "http://tp-lin.com" + }, + { + "url": "https://www.tp-link.com/support/contact-technical-support/#LiveChat-Support", + "refsource": "MISC", + "name": "https://www.tp-link.com/support/contact-technical-support/#LiveChat-Support" + }, + { + "refsource": "MISC", + "name": "https://github.com/c0d3x27/CVEs/tree/main/CVE-2023-27098", + "url": "https://github.com/c0d3x27/CVEs/tree/main/CVE-2023-27098" } ] } diff --git a/2023/36xxx/CVE-2023-36629.json b/2023/36xxx/CVE-2023-36629.json index 8d701805c8e..79aeeb82349 100644 --- a/2023/36xxx/CVE-2023-36629.json +++ b/2023/36xxx/CVE-2023-36629.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-36629", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-36629", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/STMicroelectronics/ST54-android-packages-apps-Nfc/releases/tag/130-20230215-23W07p0", + "refsource": "MISC", + "name": "https://github.com/STMicroelectronics/ST54-android-packages-apps-Nfc/releases/tag/130-20230215-23W07p0" + }, + { + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hunting-for-android-privilege-escalation-with-a-32-line-fuzzer/", + "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hunting-for-android-privilege-escalation-with-a-32-line-fuzzer/" + }, + { + "refsource": "MISC", + "name": "https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-007_Xiaomi_Redmi_10sNote-1.txt", + "url": "https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-007_Xiaomi_Redmi_10sNote-1.txt" } ] } diff --git a/2023/39xxx/CVE-2023-39336.json b/2023/39xxx/CVE-2023-39336.json index 206d830e332..545932651b5 100644 --- a/2023/39xxx/CVE-2023-39336.json +++ b/2023/39xxx/CVE-2023-39336.json @@ -1,17 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39336", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server. " + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Endpoint Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2022 SU 5", + "status": "unaffected", + "lessThan": "2022 SU 5", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_US", + "refsource": "MISC", + "name": "https://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_US" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/46xxx/CVE-2023-46846.json b/2023/46xxx/CVE-2023-46846.json index 09a6dd7806a..d7f6cfd3b14 100644 --- a/2023/46xxx/CVE-2023-46846.json +++ b/2023/46xxx/CVE-2023-46846.json @@ -443,6 +443,11 @@ "url": "https://security.netapp.com/advisory/ntap-20231130-0002/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20231130-0002/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html" } ] }, diff --git a/2023/46xxx/CVE-2023-46847.json b/2023/46xxx/CVE-2023-46847.json index 3cc05ba8562..e1d836bdd4a 100644 --- a/2023/46xxx/CVE-2023-46847.json +++ b/2023/46xxx/CVE-2023-46847.json @@ -534,6 +534,11 @@ "url": "https://security.netapp.com/advisory/ntap-20231130-0002/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20231130-0002/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html" } ] }, diff --git a/2023/49xxx/CVE-2023-49238.json b/2023/49xxx/CVE-2023-49238.json index 12cbfe0cc75..0d1dc4f9a8b 100644 --- a/2023/49xxx/CVE-2023-49238.json +++ b/2023/49xxx/CVE-2023-49238.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-49238", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-49238", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security.gradle.com", + "refsource": "MISC", + "name": "https://security.gradle.com" + }, + { + "refsource": "MISC", + "name": "https://security.gradle.com/advisory/2023-01", + "url": "https://security.gradle.com/advisory/2023-01" } ] } diff --git a/2023/49xxx/CVE-2023-49285.json b/2023/49xxx/CVE-2023-49285.json index 633abcfa24b..27e90b5f8ab 100644 --- a/2023/49xxx/CVE-2023-49285.json +++ b/2023/49xxx/CVE-2023-49285.json @@ -88,6 +88,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html" } ] }, diff --git a/2023/49xxx/CVE-2023-49286.json b/2023/49xxx/CVE-2023-49286.json index 50bd04e5afb..6ad748f9f09 100644 --- a/2023/49xxx/CVE-2023-49286.json +++ b/2023/49xxx/CVE-2023-49286.json @@ -87,6 +87,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html" } ] }, diff --git a/2023/49xxx/CVE-2023-49583.json b/2023/49xxx/CVE-2023-49583.json index cd94a8c3902..1a6c3fb5353 100644 --- a/2023/49xxx/CVE-2023-49583.json +++ b/2023/49xxx/CVE-2023-49583.json @@ -73,6 +73,16 @@ "url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/", "refsource": "MISC", "name": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/" + }, + { + "url": "https://me.sap.com/notes/3412456", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3412456" + }, + { + "url": "https://me.sap.com/notes/3413475", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3413475" } ] }, diff --git a/2023/50xxx/CVE-2023-50269.json b/2023/50xxx/CVE-2023-50269.json index 3215ff110dd..4544a8ee9cc 100644 --- a/2023/50xxx/CVE-2023-50269.json +++ b/2023/50xxx/CVE-2023-50269.json @@ -86,6 +86,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html" } ] }, diff --git a/2023/50xxx/CVE-2023-50422.json b/2023/50xxx/CVE-2023-50422.json index 67a5a672c3c..cb7c2262797 100644 --- a/2023/50xxx/CVE-2023-50422.json +++ b/2023/50xxx/CVE-2023-50422.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-639: Authorization Bypass Through User-Controlled Key", - "cweId": "CWE-639" + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" } ] } @@ -98,6 +98,11 @@ "url": "https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73", "refsource": "MISC", "name": "https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73" + }, + { + "url": "https://me.sap.com/notes/3413475", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3413475" } ] }, diff --git a/2023/51xxx/CVE-2023-51717.json b/2023/51xxx/CVE-2023-51717.json index 766cae03486..d5880802fbd 100644 --- a/2023/51xxx/CVE-2023-51717.json +++ b/2023/51xxx/CVE-2023-51717.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51717", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51717", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://dataiku.com", + "refsource": "MISC", + "name": "https://dataiku.com" + }, + { + "refsource": "MISC", + "name": "https://doc.dataiku.com/dss/latest/security/advisories/dsa-2023-010.html", + "url": "https://doc.dataiku.com/dss/latest/security/advisories/dsa-2023-010.html" } ] } diff --git a/2024/21xxx/CVE-2024-21736.json b/2024/21xxx/CVE-2024-21736.json index 0fb6852c737..fe85f9a2084 100644 --- a/2024/21xxx/CVE-2024-21736.json +++ b/2024/21xxx/CVE-2024-21736.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21736", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the attacker to create in-house bank accounts leading to low impact on the confidentiality of the application.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization", + "cweId": "CWE-285" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP S/4HANA Finance (Advanced Payment Management)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "SAPSCORE 128" + }, + { + "version_affected": "=", + "version_value": "S4CORE 107" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3260667", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3260667" + }, + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/21xxx/CVE-2024-21737.json b/2024/21xxx/CVE-2024-21737.json index 3b04c298130..0d9bb070163 100644 --- a/2024/21xxx/CVE-2024-21737.json +++ b/2024/21xxx/CVE-2024-21737.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21737", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SAP Application Interface Framework File Adapter - version 702, a\u00a0high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this,\u00a0such user can control\u00a0the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP Application Interface Framework (File Adapter)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "702" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3411869", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3411869" + }, + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/21xxx/CVE-2024-21738.json b/2024/21xxx/CVE-2024-21738.json index fe021f42569..20e525118a7 100644 --- a/2024/21xxx/CVE-2024-21738.json +++ b/2024/21xxx/CVE-2024-21738.json @@ -1,17 +1,152 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21738", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver ABAP Application Server and ABAP Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "SAP_BASIS 700" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 701" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 702" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 731" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 740" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 750" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 751" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 752" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 753" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 754" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 755" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 756" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 757" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 758" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 793" + }, + { + "version_affected": "=", + "version_value": "SAP_BASIS 794" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3387737", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3387737" + }, + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/22xxx/CVE-2024-22124.json b/2024/22xxx/CVE-2024-22124.json index 6faef376c6a..478db49c9ad 100644 --- a/2024/22xxx/CVE-2024-22124.json +++ b/2024/22xxx/CVE-2024-22124.json @@ -1,17 +1,132 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22124", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under certain conditions,\u00a0Internet Communication Manager (ICM) or\u00a0SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WEBDISP 7.53, WEBDISP 7.54, could\u00a0allow an attacker to access information which would otherwise be restricted causing high impact on confidentiality.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere", + "cweId": "CWE-497" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver (Internet Communication Manager)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "KERNEL 7.22" + }, + { + "version_affected": "=", + "version_value": "KERNEL 7.53" + }, + { + "version_affected": "=", + "version_value": "KERNEL 7.54" + }, + { + "version_affected": "=", + "version_value": "KRNL64UC 7.22" + }, + { + "version_affected": "=", + "version_value": "KRNL64UC 7.22EXT" + }, + { + "version_affected": "=", + "version_value": "KRNL64UC 7.53" + }, + { + "version_affected": "=", + "version_value": "KRNL64NUC 7.22" + }, + { + "version_affected": "=", + "version_value": "KRNL64NUC 7.22_EXT" + }, + { + "version_affected": "=", + "version_value": "WEBDISP 7.22_EXT" + }, + { + "version_affected": "=", + "version_value": "WEBDISP 7.53" + }, + { + "version_affected": "=", + "version_value": "WEBDISP 7.54" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3392626", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3392626" + }, + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/22xxx/CVE-2024-22125.json b/2024/22xxx/CVE-2024-22125.json index 1e97f6d0963..9cfde48538b 100644 --- a/2024/22xxx/CVE-2024-22125.json +++ b/2024/22xxx/CVE-2024-22125.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22125", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)\u00a0- version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere", + "cweId": "CWE-497" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3386378", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3386378" + }, + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", + "version": "3.1" } ] }