From 813044405330cc1e8a4f775c6a647c5a05a14a9d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 30 May 2025 16:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/4xxx/CVE-2015-4596.json | 5 + 2023/50xxx/CVE-2023-50872.json | 5 + 2024/13xxx/CVE-2024-13915.json | 106 +++++++- 2024/13xxx/CVE-2024-13916.json | 68 ++++- 2024/13xxx/CVE-2024-13917.json | 68 ++++- 2024/23xxx/CVE-2024-23589.json | 78 +++++- 2024/42xxx/CVE-2024-42190.json | 78 +++++- 2024/42xxx/CVE-2024-42191.json | 78 +++++- 2024/7xxx/CVE-2024-7097.json | 464 ++++++++++++++++++++++++++++++++- 2025/5xxx/CVE-2025-5391.json | 18 ++ 2025/5xxx/CVE-2025-5392.json | 18 ++ 2025/5xxx/CVE-2025-5393.json | 18 ++ 12 files changed, 973 insertions(+), 31 deletions(-) create mode 100644 2025/5xxx/CVE-2025-5391.json create mode 100644 2025/5xxx/CVE-2025-5392.json create mode 100644 2025/5xxx/CVE-2025-5393.json diff --git a/2015/4xxx/CVE-2015-4596.json b/2015/4xxx/CVE-2015-4596.json index 2aee665b5dd..02f8c00b2c4 100644 --- a/2015/4xxx/CVE-2015-4596.json +++ b/2015/4xxx/CVE-2015-4596.json @@ -56,6 +56,11 @@ "name": "https://support.lenovo.com/us/en/product_security/len_2015_066", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/product_security/len_2015_066" + }, + { + "refsource": "CONFIRM", + "name": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2015-4596", + "url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2015-4596" } ] } diff --git a/2023/50xxx/CVE-2023-50872.json b/2023/50xxx/CVE-2023-50872.json index ba500ec74c3..03a804850c3 100644 --- a/2023/50xxx/CVE-2023-50872.json +++ b/2023/50xxx/CVE-2023-50872.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-50872", "url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-50872" + }, + { + "refsource": "CONFIRM", + "name": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2023-50872", + "url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2023-50872" } ] } diff --git a/2024/13xxx/CVE-2024-13915.json b/2024/13xxx/CVE-2024-13915.json index fd1f362a00c..2f43edd3226 100644 --- a/2024/13xxx/CVE-2024-13915.json +++ b/2024/13xxx/CVE-2024-13915.json @@ -1,18 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13915", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cvd@cert.pl", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Android based smartphones from vendors such as Ulefone and\u00a0Kr\u00fcger&Matz contain \"com.pri.factorytest\" application preloaded onto devices during manufacturing process.\nThe application\u00a0\"com.pri.factorytest\"\u00a0(version name: 1.0, version code: 1)\u00a0exposes a \u201dcom.pri.factorytest.emmc.FactoryResetService\u201c service allowing any application to perform a factory reset of the device.\u00a0\nApplication update did not increment the APK version. Instead, it was bundled in OS builds released later than December 2024 (Ulefone) and most probably March 2025 (Kr\u00fcger&Matz, although the vendor has not confirmed it, so newer releases might be vulnerable as well)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-926 Improper Export of Android Application Components", + "cweId": "CWE-926" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ulefone", + "product": { + "product_data": [ + { + "product_name": "com.pri.factorytest", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.0", + "status": "unknown", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Kr\u00fcger&Matz", + "product": { + "product_data": [ + { + "product_name": "com.pri.factorytest", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.0", + "status": "unknown", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.pl/en/posts/2025/05/CVE-2024-13915", + "refsource": "MISC", + "name": "https://cert.pl/en/posts/2025/05/CVE-2024-13915" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Szymon Chadam" + } + ] } \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13916.json b/2024/13xxx/CVE-2024-13916.json index 3657da73fc5..66c18f9e1af 100644 --- a/2024/13xxx/CVE-2024-13916.json +++ b/2024/13xxx/CVE-2024-13916.json @@ -1,18 +1,76 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13916", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cvd@cert.pl", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An\u00a0application \"com.pri.applock\", which is pre-loaded on\u00a0Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data.\nExposed \u201dcom.android.providers.settings.fingerprint.PriFpShareProvider\u201c content provider's public method query() allows any other malicious application, without any granted Android system permissions, to exfiltrate the PIN code.\n\nVendor did not provide information about vulnerable versions.\nOnly version (version name: 13, version code: 33) was tested and confirmed to have this vulnerability" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere", + "cweId": "CWE-497" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kruger&Matz", + "product": { + "product_data": [ + { + "product_name": "com.pri.applock", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.pl/en/posts/2025/05/CVE-2024-13915", + "refsource": "MISC", + "name": "https://cert.pl/en/posts/2025/05/CVE-2024-13915" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Szymon Chadam" + } + ] } \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13917.json b/2024/13xxx/CVE-2024-13917.json index a61928d5bf4..c51d56abcac 100644 --- a/2024/13xxx/CVE-2024-13917.json +++ b/2024/13xxx/CVE-2024-13917.json @@ -1,18 +1,76 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13917", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cvd@cert.pl", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An\u00a0application \"com.pri.applock\", which is pre-loaded on\u00a0Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data.\nExposed \u201dcom.pri.applock.LockUI\u201c activity allows any other malicious application, with no granted Android system permissions, to inject an arbitrary intent with system-level privileges to a protected application. One must know the protecting PIN number (it might be revealed by exploiting\u00a0CVE-2024-13916) or ask the user to provide it.\n\nVendor did not provide information about vulnerable versions.\nOnly version (version name: 13, version code: 33) was tested and confirmed to have this vulnerability" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-926 Improper Export of Android Application Components", + "cweId": "CWE-926" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kruger&Matz", + "product": { + "product_data": [ + { + "product_name": "com.pri.applock", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.pl/en/posts/2025/05/CVE-2024-13915", + "refsource": "MISC", + "name": "https://cert.pl/en/posts/2025/05/CVE-2024-13915" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Szymon Chadam" + } + ] } \ No newline at end of file diff --git a/2024/23xxx/CVE-2024-23589.json b/2024/23xxx/CVE-2024-23589.json index 9e980b6d0d4..35a57db7838 100644 --- a/2024/23xxx/CVE-2024-23589.json +++ b/2024/23xxx/CVE-2024-23589.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23589", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary attacks efficiently using modern hardware such as GPUs or ASICs" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-328 Use of Weak Hash", + "cweId": "CWE-328" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "HCL Glovius Cloud", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "240520" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0121015", + "refsource": "MISC", + "name": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0121015" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/42xxx/CVE-2024-42190.json b/2024/42xxx/CVE-2024-42190.json index 4f9ee166e28..c7f25927668 100644 --- a/2024/42xxx/CVE-2024-42190.json +++ b/2024/42xxx/CVE-2024-42190.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42190", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427 Uncontrolled Search Path Element", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "HCL Traveler for Microsoft Outlook (HTMO)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.0.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120744", + "refsource": "MISC", + "name": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120744" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/42xxx/CVE-2024-42191.json b/2024/42xxx/CVE-2024-42191.json index ae57655b158..4858ebbc580 100644 --- a/2024/42xxx/CVE-2024-42191.json +++ b/2024/42xxx/CVE-2024-42191.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42191", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a COM hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427 Uncontrolled Search Path Element", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "HCL Traveler for Microsoft Outlook (HTMO)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.0.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120745", + "refsource": "MISC", + "name": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120745" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/7xxx/CVE-2024-7097.json b/2024/7xxx/CVE-2024-7097.json index 05ee55b3384..a48acac2d88 100644 --- a/2024/7xxx/CVE-2024-7097.json +++ b/2024/7xxx/CVE-2024-7097.json @@ -1,17 +1,473 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7097", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wso2.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper authorization.\n\nExploitation of this flaw could allow an attacker to create multiple low-privileged user accounts, gaining unauthorized access to the system. Additionally, continuous exploitation could lead to system resource exhaustion through mass user creation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WSO2", + "product": { + "product_data": [ + { + "product_name": "WSO2 Open Banking AM", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "1.3.0", + "status": "unknown", + "version": "0", + "versionType": "custom" + }, + { + "lessThan": "1.3.0.131", + "status": "affected", + "version": "1.3.0", + "versionType": "custom" + }, + { + "lessThan": "1.4.0.134", + "status": "affected", + "version": "1.4.0", + "versionType": "custom" + }, + { + "lessThan": "1.5.0.136", + "status": "affected", + "version": "1.5.0", + "versionType": "custom" + }, + { + "lessThan": "2.0.0.343", + "status": "affected", + "version": "2.0.0", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "WSO2 Open Banking KM", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "1.3.0", + "status": "unknown", + "version": "0", + "versionType": "custom" + }, + { + "lessThan": "1.3.0.114", + "status": "affected", + "version": "1.3.0", + "versionType": "custom" + }, + { + "lessThan": "1.4.0.130", + "status": "affected", + "version": "1.4.0", + "versionType": "custom" + }, + { + "lessThan": "1.5.0.120", + "status": "affected", + "version": "1.5.0", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "WSO2 Identity Server as Key Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "5.3.0", + "status": "unknown", + "version": "0", + "versionType": "custom" + }, + { + "lessThan": "5.3.0.38", + "status": "affected", + "version": "5.3.0", + "versionType": "custom" + }, + { + "lessThan": "5.5.0.51", + "status": "affected", + "version": "5.5.0", + "versionType": "custom" + }, + { + "lessThan": "5.6.0.72", + "status": "affected", + "version": "5.6.0", + "versionType": "custom" + }, + { + "lessThan": "5.7.0.122", + "status": "affected", + "version": "5.7.0", + "versionType": "custom" + }, + { + "lessThan": "5.9.0.165", + "status": "affected", + "version": "5.9.0", + "versionType": "custom" + }, + { + "lessThan": "5.10.0.312", + "status": "affected", + "version": "5.10.0", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "WSO2 API Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "2.0.0", + "status": "unknown", + "version": "0", + "versionType": "custom" + }, + { + "lessThan": "2.0.0.29", + "status": "affected", + "version": "2.0.0", + "versionType": "custom" + }, + { + "lessThan": "2.1.0.39", + "status": "affected", + "version": "2.1.0", + "versionType": "custom" + }, + { + "lessThan": "2.2.0.56", + "status": "affected", + "version": "2.2.0", + "versionType": "custom" + }, + { + "lessThan": "2.5.0.83", + "status": "affected", + "version": "2.5.0", + "versionType": "custom" + }, + { + "lessThan": "2.6.0.142", + "status": "affected", + "version": "2.6.0", + "versionType": "custom" + }, + { + "lessThan": "3.0.0.162", + "status": "affected", + "version": "3.0.0", + "versionType": "custom" + }, + { + "lessThan": "3.1.0.294", + "status": "affected", + "version": "3.1.0", + "versionType": "custom" + }, + { + "lessThan": "3.2.0.384", + "status": "affected", + "version": "3.2.0", + "versionType": "custom" + }, + { + "lessThan": "3.2.1.16", + "status": "affected", + "version": "3.2.1", + "versionType": "custom" + }, + { + "lessThan": "4.0.0.305", + "status": "affected", + "version": "4.0.0", + "versionType": "custom" + }, + { + "lessThan": "4.1.0.166", + "status": "affected", + "version": "4.1.0", + "versionType": "custom" + }, + { + "lessThan": "4.2.0.101", + "status": "affected", + "version": "4.2.0", + "versionType": "custom" + }, + { + "lessThan": "4.3.0.16", + "status": "affected", + "version": "4.3.0", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "WSO2 Identity Server", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "5.2.0", + "status": "unknown", + "version": "0", + "versionType": "custom" + }, + { + "lessThan": "5.2.0.32", + "status": "affected", + "version": "5.2.0", + "versionType": "custom" + }, + { + "lessThan": "5.3.0.33", + "status": "affected", + "version": "5.3.0", + "versionType": "custom" + }, + { + "lessThan": "5.4.0.32", + "status": "affected", + "version": "5.4.0", + "versionType": "custom" + }, + { + "lessThan": "5.4.1.36", + "status": "affected", + "version": "5.4.1", + "versionType": "custom" + }, + { + "lessThan": "5.5.0.50", + "status": "affected", + "version": "5.5.0", + "versionType": "custom" + }, + { + "lessThan": "5.6.0.58", + "status": "affected", + "version": "5.6.0", + "versionType": "custom" + }, + { + "lessThan": "5.7.0.123", + "status": "affected", + "version": "5.7.0", + "versionType": "custom" + }, + { + "lessThan": "5.8.0.106", + "status": "affected", + "version": "5.8.0", + "versionType": "custom" + }, + { + "lessThan": "5.9.0.157", + "status": "affected", + "version": "5.9.0", + "versionType": "custom" + }, + { + "lessThan": "5.10.0.318", + "status": "affected", + "version": "5.10.0", + "versionType": "custom" + }, + { + "lessThan": "5.11.0.365", + "status": "affected", + "version": "5.11.0", + "versionType": "custom" + }, + { + "lessThan": "6.0.0.209", + "status": "affected", + "version": "6.0.0", + "versionType": "custom" + }, + { + "lessThan": "6.1.0.188", + "status": "affected", + "version": "6.1.0", + "versionType": "custom" + }, + { + "lessThan": "7.0.0.60", + "status": "affected", + "version": "7.0.0", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "WSO2 Open Banking IAM", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "2.0.0", + "status": "unknown", + "version": "0", + "versionType": "custom" + }, + { + "lessThan": "2.0.0.364", + "status": "affected", + "version": "2.0.0", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "WSO2 Enterprise Mobility Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.2.0", + "version_value": "2.2.0.26" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3574/", + "refsource": "MISC", + "name": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3574/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "WSO2-2024-3574", + "discovery": "INTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3...
" + } + ], + "value": "Follow the instructions given on\u00a0 https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3... https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3574/#solution" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/5xxx/CVE-2025-5391.json b/2025/5xxx/CVE-2025-5391.json new file mode 100644 index 00000000000..8f6c9b46528 --- /dev/null +++ b/2025/5xxx/CVE-2025-5391.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-5391", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/5xxx/CVE-2025-5392.json b/2025/5xxx/CVE-2025-5392.json new file mode 100644 index 00000000000..3710c6f7ee7 --- /dev/null +++ b/2025/5xxx/CVE-2025-5392.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-5392", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/5xxx/CVE-2025-5393.json b/2025/5xxx/CVE-2025-5393.json new file mode 100644 index 00000000000..fe99421922e --- /dev/null +++ b/2025/5xxx/CVE-2025-5393.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-5393", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file