From 8a031b5d7fa0277ba12c6e281ae0907596273fcc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Nov 2020 15:01:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/24xxx/CVE-2020-24441.json | 90 +++++++++++++++++++++++++++++++--- 2020/24xxx/CVE-2020-24442.json | 90 +++++++++++++++++++++++++++++++--- 2020/24xxx/CVE-2020-24443.json | 90 +++++++++++++++++++++++++++++++--- 3 files changed, 252 insertions(+), 18 deletions(-) diff --git a/2020/24xxx/CVE-2020-24441.json b/2020/24xxx/CVE-2020-24441.json index 790c07aa14d..f8b747bbde3 100644 --- a/2020/24xxx/CVE-2020-24441.json +++ b/2020/24xxx/CVE-2020-24441.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2020-11-10T23:00:00.000Z", "ID": "CVE-2020-24441", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Improper Access Control in Adobe Acrobat Reader for Android" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "20.6.2" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application. This could result in disclosure of sensitive information stored in databases used by the application. Exploitation requires a victim to download and run a malicious application." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/reader-mobile/apsb20-71.html", + "name": "https://helpx.adobe.com/security/products/reader-mobile/apsb20-71.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24442.json b/2020/24xxx/CVE-2020-24442.json index a51d3fa4dc4..f0ee9a08018 100644 --- a/2020/24xxx/CVE-2020-24442.json +++ b/2020/24xxx/CVE-2020-24442.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2020-11-10T23:00:00.000Z", "ID": "CVE-2020-24442", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Reflected Cross-Site Scripting (XSS) in Adobe Connect" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Connect", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "11.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 6.1, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "None", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/connect/apsb20-69.html", + "name": "https://helpx.adobe.com/security/products/connect/apsb20-69.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24443.json b/2020/24xxx/CVE-2020-24443.json index 7a66fd86336..fdec388b53f 100644 --- a/2020/24xxx/CVE-2020-24443.json +++ b/2020/24xxx/CVE-2020-24443.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2020-11-10T23:00:00.000Z", "ID": "CVE-2020-24443", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Reflected Cross-Site Scripting (XSS) in Adobe Connect" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Connect", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "11.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 6.1, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "None", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/connect/apsb20-69.html", + "name": "https://helpx.adobe.com/security/products/connect/apsb20-69.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file