diff --git a/2021/36xxx/CVE-2021-36338.json b/2021/36xxx/CVE-2021-36338.json index e2a6aae0511..f56382b692a 100644 --- a/2021/36xxx/CVE-2021-36338.json +++ b/2021/36xxx/CVE-2021-36338.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to." + "value": "Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338." } ] }, @@ -63,9 +63,8 @@ "references": { "reference_data": [ { - "refsource": "MISC", - "url": "https://www.dell.com/support/kbdoc/000194640", - "name": "https://www.dell.com/support/kbdoc/000194640" + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/kbdoc/000194640" } ] } diff --git a/2022/31xxx/CVE-2022-31233.json b/2022/31xxx/CVE-2022-31233.json index 714171ff944..2d2109b8beb 100644 --- a/2022/31xxx/CVE-2022-31233.json +++ b/2022/31xxx/CVE-2022-31233.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2022-06-27", "ID": "CVE-2022-31233", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Unisphere for PowerMax", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2.3.15" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 6.3, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-602: Client-Side Enforcement of Server-Side Security" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/kbdoc/000200975" } ] } diff --git a/2022/34xxx/CVE-2022-34373.json b/2022/34xxx/CVE-2022-34373.json index 0d22f4ce676..ae7c8a81b39 100644 --- a/2022/34xxx/CVE-2022-34373.json +++ b/2022/34xxx/CVE-2022-34373.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2022-07-26", "ID": "CVE-2022-34373", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CPG SW", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "6.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell Command Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 7.3, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/kbdoc/000201877" } ] } diff --git a/2022/34xxx/CVE-2022-34383.json b/2022/34xxx/CVE-2022-34383.json index 0804d7d133f..91d0788fba2 100644 --- a/2022/34xxx/CVE-2022-34383.json +++ b/2022/34xxx/CVE-2022-34383.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2022-08-24", "ID": "CVE-2022-34383", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Edge Gateway 5200", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.03.10" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 8.1, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/kbdoc/en-us/000202711" } ] }