From 88800ab43233fd3c57a3d6a50dc6769bef40106a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 13 Jan 2022 21:01:04 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/23xxx/CVE-2021-23227.json | 99 ++++++- 2021/33xxx/CVE-2021-33046.json | 65 ++++- 2021/39xxx/CVE-2021-39317.json | 491 ++++++++++++++++++++++++++++++++- 2021/40xxx/CVE-2021-40722.json | 90 +++++- 2021/43xxx/CVE-2021-43761.json | 90 +++++- 2021/43xxx/CVE-2021-43762.json | 90 +++++- 2021/43xxx/CVE-2021-43764.json | 90 +++++- 2021/43xxx/CVE-2021-43765.json | 90 +++++- 2021/44xxx/CVE-2021-44176.json | 90 +++++- 2021/44xxx/CVE-2021-44177.json | 90 +++++- 2021/44xxx/CVE-2021-44178.json | 90 +++++- 2021/45xxx/CVE-2021-45053.json | 90 +++++- 2021/45xxx/CVE-2021-45054.json | 90 +++++- 2021/45xxx/CVE-2021-45055.json | 90 +++++- 2021/45xxx/CVE-2021-45056.json | 90 +++++- 2021/45xxx/CVE-2021-45057.json | 90 +++++- 2021/45xxx/CVE-2021-45058.json | 90 +++++- 2021/45xxx/CVE-2021-45059.json | 90 +++++- 2022/22xxx/CVE-2022-22988.json | 94 ++++++- 2022/22xxx/CVE-2022-22989.json | 87 +++++- 2022/22xxx/CVE-2022-22990.json | 93 ++++++- 2022/22xxx/CVE-2022-22991.json | 93 ++++++- 22 files changed, 2246 insertions(+), 126 deletions(-) diff --git a/2021/23xxx/CVE-2021-23227.json b/2021/23xxx/CVE-2021-23227.json index 4c29744ae21..5afffd920f0 100644 --- a/2021/23xxx/CVE-2021-23227.json +++ b/2021/23xxx/CVE-2021-23227.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-01-13T10:26:00.000Z", "ID": "CVE-2021-23227", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress PHP Everywhere plugin <= 2.0.2 - Cross-Site Request Forgery (CSRF) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PHP Everywhere (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 2.0.2", + "version_value": "2.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Alexander Fuchs" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Rasi Afeef (Patchstack Red Team project)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Everywhere (WordPress plugin) versions (<= 2.0.2)." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/php-everywhere/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/php-everywhere/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/php-everywhere/wordpress-php-everywhere-plugin-2-0-2-cross-site-request-forgery-csrf-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/php-everywhere/wordpress-php-everywhere-plugin-2-0-2-cross-site-request-forgery-csrf-vulnerability" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 2.0.3 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33046.json b/2021/33xxx/CVE-2021-33046.json index 997de956282..c2157793fc3 100644 --- a/2021/33xxx/CVE-2021-33046.json +++ b/2021/33xxx/CVE-2021-33046.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33046", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@dahuatech.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Access control vulnerability found in some Dahua products", + "version": { + "version_data": [ + { + "version_value": "Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX" + }, + { + "version_value": "PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL" + }, + { + "version_value": "Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221" + }, + { + "version_value": "VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7. NVR devices NVR4XXX, and NVR5XXX" + }, + { + "version_value": "XVR devices XVR4XXX, and XVR5XXX" + }, + { + "version_value": "HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.dahuasecurity.com/support/cybersecurity/details/957", + "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords." } ] } diff --git a/2021/39xxx/CVE-2021-39317.json b/2021/39xxx/CVE-2021-39317.json index e2901faf105..bcc3e3e6b30 100644 --- a/2021/39xxx/CVE-2021-39317.json +++ b/2021/39xxx/CVE-2021-39317.json @@ -5,7 +5,7 @@ "DATE_PUBLIC": "2021-10-06T19:17:00.000Z", "ID": "CVE-2021-39317", "STATE": "PUBLIC", - "TITLE": "Access Demo Importer <= 1.0.6 Authenticated Arbitrary File Upload" + "TITLE": "AccessPress Themes - Authenticated Malicious File Upload" }, "affects": { "vendor": { @@ -24,6 +24,474 @@ } ] } + }, + { + "product_name": "accesspress-basic", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "3.2.1", + "version_value": "3.2.1" + } + ] + } + }, + { + "product_name": "accesspress-lite ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.9.2", + "version_value": "2.9.2" + } + ] + } + }, + { + "product_name": "accesspress-mag", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.6.5", + "version_value": "2.6.5" + } + ] + } + }, + { + "product_name": "accesspress-parallax", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "4.5", + "version_value": "4.5" + } + ] + } + }, + { + "product_name": "accesspress-root ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.5", + "version_value": "2.5" + } + ] + } + }, + { + "product_name": "accesspress-store", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.4.9", + "version_value": "2.4.9" + } + ] + } + }, + { + "product_name": "agency-lite", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1.6", + "version_value": "1.1.6" + } + ] + } + }, + { + "product_name": "arrival", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.4.2", + "version_value": "1.4.2" + } + ] + } + }, + { + "product_name": "bingle", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.4", + "version_value": "1.0.4" + } + ] + } + }, + { + "product_name": "bloger", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.2.6", + "version_value": "1.2.6" + } + ] + } + }, + { + "product_name": "brovy ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.3", + "version_value": "1.3" + } + ] + } + }, + { + "product_name": "construction-lite", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.2.5", + "version_value": "1.2.5" + } + ] + } + }, + { + "product_name": "doko", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.27", + "version_value": "1.0.27" + } + ] + } + }, + { + "product_name": "edict-lite", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1.4", + "version_value": "1.1.4" + } + ] + } + }, + { + "product_name": "enlighten", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.3.5", + "version_value": "1.3.5" + } + ] + } + }, + { + "product_name": "fotography", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.4.0", + "version_value": "2.4.0" + } + ] + } + }, + { + "product_name": "opstore", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.4.3", + "version_value": "1.4.3" + } + ] + } + }, + { + "product_name": "parallaxsome", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.3.6", + "version_value": "1.3.6" + } + ] + } + }, + { + "product_name": "punte", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1.2", + "version_value": "1.1.2" + } + ] + } + }, + { + "product_name": "revolve", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.3.1", + "version_value": "1.3.1" + } + ] + } + }, + { + "product_name": "ripple ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.2.0", + "version_value": "1.2.0" + } + ] + } + }, + { + "product_name": "sakala", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.4", + "version_value": "1.0.4" + } + ] + } + }, + { + "product_name": "scrollme ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.1.0", + "version_value": "2.1.0" + } + ] + } + }, + { + "product_name": "storevilla", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.4.1", + "version_value": "1.4.1" + } + ] + } + }, + { + "product_name": "swing-lite", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1.9", + "version_value": "1.1.9" + } + ] + } + }, + { + "product_name": "swing-lite", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1.9", + "version_value": "1.1.9" + } + ] + } + }, + { + "product_name": "the100", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1.2", + "version_value": "1.1.2" + } + ] + } + }, + { + "product_name": "the-launcher", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.3.2", + "version_value": "1.3.2" + } + ] + } + }, + { + "product_name": "the-monday", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.4.1", + "version_value": "1.4.1" + } + ] + } + }, + { + "product_name": "ultra-seven", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.2.8", + "version_value": "1.2.8" + } + ] + } + }, + { + "product_name": "uncode-lite", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.3.3", + "version_value": "1.3.3" + } + ] + } + }, + { + "product_name": "vmag", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.2.7", + "version_value": "1.2.7" + } + ] + } + }, + { + "product_name": "vmagazine-lite", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.3.5", + "version_value": "1.3.5" + } + ] + } + }, + { + "product_name": "vmagazine-news", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.5", + "version_value": "1.0.5" + } + ] + } + }, + { + "product_name": "wpparallax", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.0.6", + "version_value": "2.0.6" + } + ] + } + }, + { + "product_name": "wp-store ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1.9", + "version_value": "1.1.9" + } + ] + } + }, + { + "product_name": "zigcy-baby", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.6", + "version_value": "1.0.6" + } + ] + } + }, + { + "product_name": "zigcy-cosmetics", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.5", + "version_value": "1.0.5" + } + ] + } + }, + { + "product_name": "zigcy-lite", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.0.9", + "version_value": "2.0.9" + } + ] + } } ] }, @@ -36,6 +504,10 @@ { "lang": "eng", "value": "Chloe Chamberland, Wordfence" + }, + { + "lang": "eng", + "value": "Lenon Leite " } ], "data_format": "MITRE", @@ -45,7 +517,7 @@ "description_data": [ { "lang": "eng", - "value": "Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable to arbitrary file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the ~/inc/demo-functions.php." + "value": "A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. The complete list of affected products and their versions are below: WordPress Plugin: AccessPress Demo Importer <=1.0.6 WordPress Themes: accesspress-basic <= 3.2.1 accesspress-lite <= 2.92 accesspress-mag <= 2.6.5 accesspress-parallax <= 4.5 accesspress-root <= 2.5 accesspress-store <= 2.4.9 agency-lite <= 1.1.6 arrival <= 1.4.2 bingle <= 1.0.4 bloger <= 1.2.6 brovy <= 1.3 construction-lite <= 1.2.5 doko <= 1.0.27 edict-lite <= 1.1.4 eightlaw-lite <= 2.1.5 eightmedi-lite <= 2.1.8 eight-sec <= 1.1.4 eightstore-lite <= 1.2.5 enlighten <= 1.3.5 fotography <= 2.4.0 opstore <= 1.4.3 parallaxsome <= 1.3.6 punte <= 1.1.2 revolve <= 1.3.1 ripple <= 1.2.0 sakala <= 1.0.4 scrollme <= 2.1.0 storevilla <= 1.4.1 swing-lite <= 1.1.9 the100 <= 1.1.2 the-launcher <= 1.3.2 the-monday <= 1.4.1 ultra-seven <= 1.2.8 uncode-lite <= 1.3.3 vmag <= 1.2.7 vmagazine-lite <= 1.3.5 vmagazine-news <= 1.0.5 wpparallax <= 2.0.6 wp-store <= 1.1.9 zigcy-baby <= 1.0.6 zigcy-cosmetics <= 1.0.5 zigcy-lite <= 2.0.9" } ] }, @@ -77,6 +549,14 @@ "value": "CWE-285 Improper Authorization" } ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type" + } + ] } ] }, @@ -96,13 +576,18 @@ "refsource": "MISC", "url": "https://plugins.trac.wordpress.org/changeset/2602132/access-demo-importer/trunk/inc/demo-functions.php", "name": "https://plugins.trac.wordpress.org/changeset/2602132/access-demo-importer/trunk/inc/demo-functions.php" + }, + { + "refsource": "MISC", + "url": "https://patchstack.com/articles/authenticated-vulnerability-in-unpatched-wordpress-themes/", + "name": "https://patchstack.com/articles/authenticated-vulnerability-in-unpatched-wordpress-themes/" } ] }, "solution": [ { "lang": "eng", - "value": "Update to version 1.0.7 or newer. " + "value": "Update to the latest available version of software for each, or uninstall from WordPress site if no updated software available. " } ], "source": { diff --git a/2021/40xxx/CVE-2021-40722.json b/2021/40xxx/CVE-2021-40722.json index e88ac33326e..7a0e50f7dbb 100644 --- a/2021/40xxx/CVE-2021-40722.json +++ b/2021/40xxx/CVE-2021-40722.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-12-14T23:00:00.000Z", "ID": "CVE-2021-40722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Forms Improper Restriction of XML External Entity Reference" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.10.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 9.8, + "baseSeverity": "Critical", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43761.json b/2021/43xxx/CVE-2021-43761.json index a2e89bb2c32..8ab21343f46 100644 --- a/2021/43xxx/CVE-2021-43761.json +++ b/2021/43xxx/CVE-2021-43761.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-12-14T23:00:00.000Z", "ID": "CVE-2021-43761", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Experience Manager Stored XSS on Edit Tag page via Localization input" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.10.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 8.0, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Stored XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43762.json b/2021/43xxx/CVE-2021-43762.json index 858aa356609..674f780d3f3 100644 --- a/2021/43xxx/CVE-2021-43762.json +++ b/2021/43xxx/CVE-2021-43762.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-12-14T23:00:00.000Z", "ID": "CVE-2021-43762", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Experience Manager Unicode normalization leads to dispatcher bypass" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.10.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security controls. Sensitive areas of the web application may be exposed through exploitation of the vulnerability." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 6.5, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43764.json b/2021/43xxx/CVE-2021-43764.json index cf1179e47c7..e02f820499d 100644 --- a/2021/43xxx/CVE-2021-43764.json +++ b/2021/43xxx/CVE-2021-43764.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-12-14T23:00:00.000Z", "ID": "CVE-2021-43764", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Experience Manager Stored XSS in the Spin Set" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.10.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 8.0, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Stored XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43765.json b/2021/43xxx/CVE-2021-43765.json index 43f5b1b60b1..3036b1a6328 100644 --- a/2021/43xxx/CVE-2021-43765.json +++ b/2021/43xxx/CVE-2021-43765.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-12-14T23:00:00.000Z", "ID": "CVE-2021-43765", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Experience Manager Stored XSS in the Carousel Set" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.10.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 8.1, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Stored XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44176.json b/2021/44xxx/CVE-2021-44176.json index 9127d2604cd..2ae306ab1d8 100644 --- a/2021/44xxx/CVE-2021-44176.json +++ b/2021/44xxx/CVE-2021-44176.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-12-14T23:00:00.000Z", "ID": "CVE-2021-44176", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Experience Manager Stored XSS in workflow Stages parameter" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.10.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 8.1, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Stored XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44177.json b/2021/44xxx/CVE-2021-44177.json index 2d65f365dda..75d5c549c04 100644 --- a/2021/44xxx/CVE-2021-44177.json +++ b/2021/44xxx/CVE-2021-44177.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-12-14T23:00:00.000Z", "ID": "CVE-2021-44177", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Experience Manager Stored XSS in user name parameter in the package manager" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.10.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 8.1, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Stored XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44178.json b/2021/44xxx/CVE-2021-44178.json index e401ec703d6..07582d92937 100644 --- a/2021/44xxx/CVE-2021-44178.json +++ b/2021/44xxx/CVE-2021-44178.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-12-14T23:00:00.000Z", "ID": "CVE-2021-44178", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Experience Manager Reflected XSS in /bin/wcm/contentfinder/page/view.html" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.10.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/45xxx/CVE-2021-45053.json b/2021/45xxx/CVE-2021-45053.json index 05550442884..54c65ec73c0 100644 --- a/2021/45xxx/CVE-2021-45053.json +++ b/2021/45xxx/CVE-2021-45053.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-01-11T23:00:00.000Z", "ID": "CVE-2021-45053", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe InCopy JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InCopy", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "16.4" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write (CWE-787)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/incopy/apsb22-04.html", + "name": "https://helpx.adobe.com/security/products/incopy/apsb22-04.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/45xxx/CVE-2021-45054.json b/2021/45xxx/CVE-2021-45054.json index 1f69117eff2..b99d5dee061 100644 --- a/2021/45xxx/CVE-2021-45054.json +++ b/2021/45xxx/CVE-2021-45054.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-01-11T23:00:00.000Z", "ID": "CVE-2021-45054", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe InCopy JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InCopy", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "16.4" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe InCopy version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 3.4, + "baseSeverity": "Low", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/incopy/apsb22-04.html", + "name": "https://helpx.adobe.com/security/products/incopy/apsb22-04.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/45xxx/CVE-2021-45055.json b/2021/45xxx/CVE-2021-45055.json index d7bdacf0699..f0751d49dc8 100644 --- a/2021/45xxx/CVE-2021-45055.json +++ b/2021/45xxx/CVE-2021-45055.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-01-11T23:00:00.000Z", "ID": "CVE-2021-45055", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe InCopy TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InCopy", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "16.4" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/incopy/apsb22-04.html", + "name": "https://helpx.adobe.com/security/products/incopy/apsb22-04.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/45xxx/CVE-2021-45056.json b/2021/45xxx/CVE-2021-45056.json index 51fbb222222..9ea2c6581cb 100644 --- a/2021/45xxx/CVE-2021-45056.json +++ b/2021/45xxx/CVE-2021-45056.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-01-11T23:00:00.000Z", "ID": "CVE-2021-45056", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe InCopy JPEG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InCopy", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "16.4" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write (CWE-787)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/incopy/apsb22-04.html", + "name": "https://helpx.adobe.com/security/products/incopy/apsb22-04.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/45xxx/CVE-2021-45057.json b/2021/45xxx/CVE-2021-45057.json index 7abea7a4639..26600dd8eaa 100644 --- a/2021/45xxx/CVE-2021-45057.json +++ b/2021/45xxx/CVE-2021-45057.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-01-11T23:00:00.000Z", "ID": "CVE-2021-45057", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe InDesign JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InDesign", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "16.4" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG2000 file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write (CWE-787)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/indesign/apsb22-05.html", + "name": "https://helpx.adobe.com/security/products/indesign/apsb22-05.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/45xxx/CVE-2021-45058.json b/2021/45xxx/CVE-2021-45058.json index b058b195d62..576a1f4a789 100644 --- a/2021/45xxx/CVE-2021-45058.json +++ b/2021/45xxx/CVE-2021-45058.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-01-11T23:00:00.000Z", "ID": "CVE-2021-45058", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe InDesign JPEG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InDesign", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "16.4" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write (CWE-787)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/indesign/apsb22-05.html", + "name": "https://helpx.adobe.com/security/products/indesign/apsb22-05.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/45xxx/CVE-2021-45059.json b/2021/45xxx/CVE-2021-45059.json index 265e78e56a0..7808a294447 100644 --- a/2021/45xxx/CVE-2021-45059.json +++ b/2021/45xxx/CVE-2021-45059.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-01-11T23:00:00.000Z", "ID": "CVE-2021-45059", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe InDesign JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InDesign", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "16.4" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe InDesign version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 3.4, + "baseSeverity": "Low", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/indesign/apsb22-05.html", + "name": "https://helpx.adobe.com/security/products/indesign/apsb22-05.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22988.json b/2022/22xxx/CVE-2022-22988.json index 7586cc3bdd2..997ac1a6c49 100644 --- a/2022/22xxx/CVE-2022-22988.json +++ b/2022/22xxx/CVE-2022-22988.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@wdc.com", "ID": "CVE-2022-22988", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Insecure file and directory permissions on EdgeRover" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EdgeRover", + "version": { + "version_data": [ + { + "platform": "Mac", + "version_affected": "<", + "version_name": "EdgeRover Mac Desktop App", + "version_value": "1.5.0-576" + }, + { + "platform": "Windows", + "version_affected": "<", + "version_name": "EdgeRover Windows Desktop App", + "version_value": "1.5.0-576" + } + ] + } + } + ] + }, + "vendor_name": "Western Digital" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-275 Permission Issues" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.westerndigital.com/support/product-security/wdc-22003-edgerover-desktop-app-version-1-5-0-576", + "name": "https://www.westerndigital.com/support/product-security/wdc-22003-edgerover-desktop-app-version-1-5-0-576" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update your EdgeRover Application to version 1.5.0-576 on Windows and Mac systems. " + } + ], + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22989.json b/2022/22xxx/CVE-2022-22989.json index 180e0ee7be2..599da26d4ab 100644 --- a/2022/22xxx/CVE-2022-22989.json +++ b/2022/22xxx/CVE-2022-22989.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@wdc.com", "ID": "CVE-2022-22989", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Pre-authenticated stack overflow vulnerability on FTP Service" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "My Cloud", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "My Cloud OS 5", + "version_value": "5.19.117" + } + ] + } + } + ] + }, + "vendor_name": "Western Digital" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service. Addressed the vulnerability by adding defenses against stack overflow issues.c" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117", + "name": "https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update your My Cloud device to firmware version 5.19.117." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22990.json b/2022/22xxx/CVE-2022-22990.json index 3b9e405f821..84d5f99cf46 100644 --- a/2022/22xxx/CVE-2022-22990.json +++ b/2022/22xxx/CVE-2022-22990.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@wdc.com", "ID": "CVE-2022-22990", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Limited authentication bypass vulnerability on Western Digital My Cloud devices" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "My Cloud", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "My Cloud OS 5", + "version_value": "5.19.117" + } + ] + } + } + ] + }, + "vendor_name": "Western Digital" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Reported By: Sam Thomas (@_s_n_t) of Pentest Ltd (@pentestltd) working with Trend Micro\u2019s Zero Day Initiative" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117", + "name": "https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update your My Cloud device to firmware version 5.19.117." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22991.json b/2022/22xxx/CVE-2022-22991.json index d2a66a7d92e..df27cb3f003 100644 --- a/2022/22xxx/CVE-2022-22991.json +++ b/2022/22xxx/CVE-2022-22991.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@wdc.com", "ID": "CVE-2022-22991", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Command injection through unsecured HTTP calls on Western Digital My Cloud devices" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "My Cloud", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "My Cloud OS 5", + "version_value": "5.19.117" + } + ] + } + } + ] + }, + "vendor_name": "Western Digital" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Reported By: Martin Rakhmanov (@mrakhmanov) working with Trend Micro\u2019s Zero Day Initiative" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117", + "name": "https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update your My Cloud device to firmware version 5.19.117." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file