admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-09 05:00:38 +00:00
parent ba9eb44695
commit 816d547de7
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
18 changed files with 1912 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

135
2024/34xxx/CVE-2024-34689.json
View File

@ -1,17 +1,144 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34689",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "WebFlow Services of SAP Business Workflow allows\nan authenticated attacker to enumerate accessible HTTP endpoints in the\ninternal network by specially crafting HTTP requests. On successful\nexploitation this can result in information disclosure. It has no impact on\nintegrity and availability of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"product": {
"product_data": [
{
"product_name": "SAP Business Workflow (WebFlow Services)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "SAP_BASIS 700"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 701"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 702"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 731"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 740"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 750"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 751"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 752"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 753"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 754"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 755"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 756"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 757"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 758"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://url.sap/sapsecuritypatchday",
"refsource": "MISC",
"name": "https://url.sap/sapsecuritypatchday"
},
{
"url": "https://me.sap.com/notes/3458789",
"refsource": "MISC",
"name": "https://me.sap.com/notes/3458789"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
}

91
2024/34xxx/CVE-2024-34692.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34692",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Due to missing verification of file type or\ncontent, SAP Enable Now allows an authenticated attacker to upload arbitrary\nfiles. These files include executables which might be downloaded and executed\nby the user which could host malware. On successful exploitation an attacker\ncan cause limited impact on confidentiality and Integrity of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"product": {
"product_data": [
{
"product_name": "SAP Enable Now",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "WPB_MANAGER_CE 10"
},
{
"version_affected": "=",
"version_value": "WPB_MANAGER_HANA 10"
},
{
"version_affected": "=",
"version_value": "ENABLE_NOW_CONSUMP_DEL 1704"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://url.sap/sapsecuritypatchday",
"refsource": "MISC",
"name": "https://url.sap/sapsecuritypatchday"
},
{
"url": "https://me.sap.com/notes/3476340",
"refsource": "MISC",
"name": "https://me.sap.com/notes/3476340"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

95
2024/37xxx/CVE-2024-37171.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37171",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Transportation Management (Collaboration\nPortal) allows an attacker with non-administrative privileges to send a crafted\nrequest from a vulnerable web application. This will trigger the application\nhandler to send a request to an unintended service, which may reveal\ninformation about that service. The information obtained could be used to\ntarget internal systems behind firewalls that are normally inaccessible to an\nattacker from the external network, resulting in a Server-Side Request Forgery\nvulnerability. There is no effect on integrity or availability of the\napplication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"product": {
"product_data": [
{
"product_name": "SAP Transportation Management (Collaboration Portal)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "SAPTMUI 140"
},
{
"version_affected": "=",
"version_value": "SAPTMUI 150"
},
{
"version_affected": "=",
"version_value": "SAPTMUI 160"
},
{
"version_affected": "=",
"version_value": "SAPTMUI 170"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://url.sap/sapsecuritypatchday",
"refsource": "MISC",
"name": "https://url.sap/sapsecuritypatchday"
},
{
"url": "https://me.sap.com/notes/3469958",
"refsource": "MISC",
"name": "https://me.sap.com/notes/3469958"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
}

87
2024/37xxx/CVE-2024-37172.json
View File

@ -1,17 +1,96 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37172",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP S/4HANA Finance (Advanced Payment\nManagement) does not perform necessary authorization check for an authenticated\nuser, resulting in escalation of privileges. As a result, it has a low impact\nto confidentiality and availability but there is no impact on the integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"product": {
"product_data": [
{
"product_name": "SAP S/4HANA Finance (Advanced Payment Management)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "S4CORE 107"
},
{
"version_affected": "=",
"version_value": "S4CORE 108"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://url.sap/sapsecuritypatchday",
"refsource": "MISC",
"name": "https://url.sap/sapsecuritypatchday"
},
{
"url": "https://me.sap.com/notes/3457354",
"refsource": "MISC",
"name": "https://me.sap.com/notes/3457354"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
]
}

143
2024/37xxx/CVE-2024-37174.json
View File

@ -1,17 +1,152 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37174",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Custom CSS support option in SAP CRM WebClient\nUI does not sufficiently encode user-controlled inputs resulting in Cross-Site\nScripting vulnerability. On successful exploitation an attacker can cause\nlimited impact on confidentiality and integrity of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"product": {
"product_data": [
{
"product_name": "SAP CRM WebClient UI",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "S4FND 102"
},
{
"status": "affected",
"version": "S4FND 103"
},
{
"status": "affected",
"version": "S4FND 104"
},
{
"status": "affected",
"version": "S4FND 105"
},
{
"status": "affected",
"version": "S4FND 106"
},
{
"status": "affected",
"version": "S4FND 107"
},
{
"status": "affected",
"version": "S4FND 108"
},
{
"status": "affected",
"version": "WEBCUIF 701"
},
{
"status": "affected",
"version": "WEBCUIF 731"
},
{
"status": "affected",
"version": "WEBCUIF 746"
},
{
"status": "affected",
"version": "WEBCUIF 747"
},
{
"status": "affected",
"version": "WEBCUIF 748"
},
{
"status": "affected",
"version": "WEBCUIF 800"
},
{
"status": "affected",
"version": "WEBCUIF 801"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://url.sap/sapsecuritypatchday",
"refsource": "MISC",
"name": "https://url.sap/sapsecuritypatchday"
},
{
"url": "https://me.sap.com/notes/3467377",
"refsource": "MISC",
"name": "https://me.sap.com/notes/3467377"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

135
2024/37xxx/CVE-2024-37175.json
View File

@ -1,17 +1,144 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37175",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP CRM WebClient does not\nperform necessary authorization check for an authenticated user, resulting in\nescalation of privileges. This could allow an attacker to access some sensitive\ninformation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"product": {
"product_data": [
{
"product_name": "SAP CRM WebClient UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "S4FND 102"
},
{
"version_affected": "=",
"version_value": "S4FND 103"
},
{
"version_affected": "=",
"version_value": "S4FND 104"
},
{
"version_affected": "=",
"version_value": "S4FND 105"
},
{
"version_affected": "=",
"version_value": "S4FND 106"
},
{
"version_affected": "=",
"version_value": "S4FND 107"
},
{
"version_affected": "=",
"version_value": "S4FND 108"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 701"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 731"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 746"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 747"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 748"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 800"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 801"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://url.sap/sapsecuritypatchday",
"refsource": "MISC",
"name": "https://url.sap/sapsecuritypatchday"
},
{
"url": "https://me.sap.com/notes/3467377",
"refsource": "MISC",
"name": "https://me.sap.com/notes/3467377"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

135
2024/37xxx/CVE-2024-37180.json
View File

@ -1,17 +1,144 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37180",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Under certain conditions SAP NetWeaver\nApplication Server for ABAP and ABAP Platform allows an attacker to access\nremote-enabled function module with no further authorization which would\notherwise be restricted, the function can be used to read non-sensitive\ninformation with low impact on confidentiality of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Application Server for ABAP and ABAP Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "SAP_BASIS 700"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 701"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 702"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 731"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 740"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 750"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 751"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 752"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 753"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 754"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 755"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 756"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 757"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 758"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://url.sap/sapsecuritypatchday",
"refsource": "MISC",
"name": "https://url.sap/sapsecuritypatchday"
},
{
"url": "https://me.sap.com/notes/3454858",
"refsource": "MISC",
"name": "https://me.sap.com/notes/3454858"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
}

143
2024/39xxx/CVE-2024-39594.json
View File

@ -1,17 +1,152 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39594",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user controlled inputs,\nresulting in Reflected Cross-Site Scripting (XSS) vulnerability. After\nsuccessful exploitation, an attacker can cause low impact on the confidentiality\nand integrity of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"product": {
"product_data": [
{
"product_name": "SAP Business Warehouse - Business Planning and Simulation",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "SAP_BW 700"
},
{
"version_affected": "=",
"version_value": "SAP_BW 701"
},
{
"version_affected": "=",
"version_value": "SAP_BW 702"
},
{
"version_affected": "=",
"version_value": "SAP_BW 730"
},
{
"version_affected": "=",
"version_value": "SAP_BW 731"
},
{
"version_affected": "=",
"version_value": "SAP_BW 740"
},
{
"version_affected": "=",
"version_value": "SAP_BW 750"
},
{
"version_affected": "=",
"version_value": "SAP_BW 751"
},
{
"version_affected": "=",
"version_value": "SAP_BW 752"
},
{
"version_affected": "=",
"version_value": "SAP_BW 753"
},
{
"version_affected": "=",
"version_value": "SAP_BW 754"
},
{
"version_affected": "=",
"version_value": "SAP_BW 755"
},
{
"version_affected": "=",
"version_value": "SAP_BW 756"
},
{
"version_affected": "=",
"version_value": "SAP_BW 757"
},
{
"version_affected": "=",
"version_value": "SAP_BW 758"
},
{
"version_affected": "=",
"version_value": "SAP_BW_VIRTUAL_COMP 701"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://url.sap/sapsecuritypatchday",
"refsource": "MISC",
"name": "https://url.sap/sapsecuritypatchday"
},
{
"url": "https://me.sap.com/notes/3482217",
"refsource": "MISC",
"name": "https://me.sap.com/notes/3482217"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

143
2024/39xxx/CVE-2024-39595.json
View File

@ -1,17 +1,152 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39595",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user-controlled inputs,\nresulting in Stored Cross-Site Scripting (XSS) vulnerability. This\nvulnerability allows users to modify website content and on successful\nexploitation, an attacker can cause low impact to the confidentiality and\nintegrity of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"product": {
"product_data": [
{
"product_name": "SAP Business Warehouse - Business Planning and Simulation",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "SAP_BW 700"
},
{
"version_affected": "=",
"version_value": "SAP_BW 701"
},
{
"version_affected": "=",
"version_value": "SAP_BW 702"
},
{
"version_affected": "=",
"version_value": "SAP_BW 730"
},
{
"version_affected": "=",
"version_value": "SAP_BW 731"
},
{
"version_affected": "=",
"version_value": "SAP_BW 740"
},
{
"version_affected": "=",
"version_value": "SAP_BW 750"
},
{
"version_affected": "=",
"version_value": "SAP_BW 751"
},
{
"version_affected": "=",
"version_value": "SAP_BW 752"
},
{
"version_affected": "=",
"version_value": "SAP_BW 753"
},
{
"version_affected": "=",
"version_value": "SAP_BW 754"
},
{
"version_affected": "=",
"version_value": "SAP_BW 755"
},
{
"version_affected": "=",
"version_value": "SAP_BW 756"
},
{
"version_affected": "=",
"version_value": "SAP_BW 757"
},
{
"version_affected": "=",
"version_value": "SAP_BW 758"
},
{
"version_affected": "=",
"version_value": "SAP_BW_VIRTUAL_COMP 701"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://url.sap/sapsecuritypatchday",
"refsource": "MISC",
"name": "https://url.sap/sapsecuritypatchday"
},
{
"url": "https://me.sap.com/notes/3482217",
"refsource": "MISC",
"name": "https://me.sap.com/notes/3482217"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

91
2024/39xxx/CVE-2024-39596.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39596",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Due to missing authorization checks, SAP Enable\nNow allows an author to escalate privileges to access information which should\notherwise be restricted. On successful exploitation, the attacker can cause\nlimited impact on confidentiality of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"product": {
"product_data": [
{
"product_name": "SAP Enable Now",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "WPB_MANAGER_CE 10"
},
{
"version_affected": "=",
"version_value": "WPB_MANAGER_HANA 10"
},
{
"version_affected": "=",
"version_value": "ENABLE_NOW_CONSUMP_DEL 1704"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://url.sap/sapsecuritypatchday",
"refsource": "MISC",
"name": "https://url.sap/sapsecuritypatchday"
},
{
"url": "https://me.sap.com/notes/3476348",
"refsource": "MISC",
"name": "https://me.sap.com/notes/3476348"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

135
2024/39xxx/CVE-2024-39598.json
View File

@ -1,17 +1,144 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39598",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP CRM (WebClient UI Framework) allows an\nauthenticated attacker to enumerate accessible HTTP endpoints in the internal\nnetwork by specially crafting HTTP requests. On successful exploitation this\ncan result in information disclosure. It has no impact on integrity and\navailability of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"product": {
"product_data": [
{
"product_name": "SAP CRM WebClient UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "S4FND 102"
},
{
"version_affected": "=",
"version_value": "S4FND 103"
},
{
"version_affected": "=",
"version_value": "S4FND 104"
},
{
"version_affected": "=",
"version_value": "S4FND 105"
},
{
"version_affected": "=",
"version_value": "S4FND 106"
},
{
"version_affected": "=",
"version_value": "S4FND 107"
},
{
"version_affected": "=",
"version_value": "S4FND 108"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 701"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 731"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 746"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 747"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 748"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 800"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 801"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://url.sap/sapsecuritypatchday",
"refsource": "MISC",
"name": "https://url.sap/sapsecuritypatchday"
},
{
"url": "https://me.sap.com/notes/3467377",
"refsource": "MISC",
"name": "https://me.sap.com/notes/3467377"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
}

143
2024/39xxx/CVE-2024-39599.json
View File

@ -1,17 +1,152 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39599",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Due to a Protection Mechanism Failure in SAP\nNetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass\nthe configured malware scanner API because of a programming error. This leads\nto a low impact on the application's confidentiality, integrity, and\navailability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure",
"cweId": "CWE-693"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Application Server for ABAP and ABAP Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "SAP_BASIS 700"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 701"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 702"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 731"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 740"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 750"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 751"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 752"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 753"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 754"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 755"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 756"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 757"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 758"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 795"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 796"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://url.sap/sapsecuritypatchday",
"refsource": "MISC",
"name": "https://url.sap/sapsecuritypatchday"
},
{
"url": "https://me.sap.com/notes/3456952",
"refsource": "MISC",
"name": "https://me.sap.com/notes/3456952"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

83
2024/39xxx/CVE-2024-39600.json
View File

@ -1,17 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39600",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Under certain conditions, the memory of SAP GUI\nfor Windows contains the password used to log on to an SAP system, which might\nallow an attacker to get hold of the password and impersonate the affected\nuser. As a result, it has a high impact on the confidentiality but there is no\nimpact on the integrity and availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"product": {
"product_data": [
{
"product_name": "SAP GUI for Windows",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "BC-FES-GUI 8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://url.sap/sapsecuritypatchday",
"refsource": "MISC",
"name": "https://url.sap/sapsecuritypatchday"
},
{
"url": "https://me.sap.com/notes/3461110",
"refsource": "MISC",
"name": "https://me.sap.com/notes/3461110"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

80
2024/4xxx/CVE-2024-4667.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4667",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Blog, Posts and Category Filter for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post and Category Filter widget in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied 'post_types' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "plugindevs",
"product": {
"product_data": [
{
"product_name": "Blog, Posts and Category Filter for Elementor",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a24c2d7d-8df8-4a3a-a538-09e11ebc6dd5?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a24c2d7d-8df8-4a3a-a538-09e11ebc6dd5?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/blog-posts-and-category-for-elementor/trunk/widgets/post-category-filter.php#L885",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/blog-posts-and-category-for-elementor/trunk/widgets/post-category-filter.php#L885"
},
{
"url": "https://wordpress.org/plugins/blog-posts-and-category-for-elementor/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/blog-posts-and-category-for-elementor/#developers"
}
]
},
"credits": [
{
"lang": "en",
"value": "Matthew Rollings"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

80
2024/6xxx/CVE-2024-6166.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6166",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018addons_order\u2019 parameter in all versions up to, and including, 1.5.112 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above and granted plugin setting edit permissions by an administrator, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "unitecms",
"product": {
"product_data": [
{
"product_name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.5.112"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9826c91c-0f6e-4d3b-bc14-4af6b60ef246?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9826c91c-0f6e-4d3b-bc14-4af6b60ef246?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_addons.class.php#L79",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_addons.class.php#L79"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3112307/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3112307/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Khayal Farzaliyev"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

95
2024/6xxx/CVE-2024-6169.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6169",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018username\u2019 parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above and granted plugin setting edit permissions by an administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "unitecms",
"product": {
"product_data": [
{
"product_name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.5.112"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f2f11c32-d58e-4ac8-83c7-30927a626e10?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f2f11c32-d58e-4ac8-83c7-30927a626e10?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/framework/instagram/helper.class.php#L168",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/framework/instagram/helper.class.php#L168"
},
{
"url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/framework/instagram/helper.class.php#L178",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/framework/instagram/helper.class.php#L178"
},
{
"url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/framework/instagram/helper.class.php#L182",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/framework/instagram/helper.class.php#L182"
},
{
"url": "https://github.com/hakluke/weaponised-XSS-payloads/blob/master/wordpress_create_admin_user.js",
"refsource": "MISC",
"name": "https://github.com/hakluke/weaponised-XSS-payloads/blob/master/wordpress_create_admin_user.js"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3112307/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3112307/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Khayal Farzaliyev"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

85
2024/6xxx/CVE-2024-6170.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6170",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018email\u2019 parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "unitecms",
"product": {
"product_data": [
{
"product_name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.5.112"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db14b141-521b-464d-a638-2228b1a86c2b?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db14b141-521b-464d-a638-2228b1a86c2b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_settings_output.class.php#L398",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_settings_output.class.php#L398"
},
{
"url": "https://github.com/hakluke/weaponised-XSS-payloads/blob/master/wordpress_create_admin_user.js",
"refsource": "MISC",
"name": "https://github.com/hakluke/weaponised-XSS-payloads/blob/master/wordpress_create_admin_user.js"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3112307/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3112307/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Khayal Farzaliyev"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

85
2024/6xxx/CVE-2024-6171.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6171",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass antispam functionality in the Form Builder widgets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-348 Use of Less Trusted Source"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "unitecms",
"product": {
"product_data": [
{
"product_name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.5.112"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/714acd7d-6d19-4087-bb27-b9a4ccbb678b?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/714acd7d-6d19-4087-bb27-b9a4ccbb678b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_form.class.php#L742",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_form.class.php#L742"
},
{
"url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/framework/functions.class.php#L3407",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/framework/functions.class.php#L3407"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3112307/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3112307/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Khayal Farzaliyev"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}