diff --git a/2021/40xxx/CVE-2021-40776.json b/2021/40xxx/CVE-2021-40776.json index 8fbc4cc0b96..5513852c8f7 100644 --- a/2021/40xxx/CVE-2021-40776.json +++ b/2021/40xxx/CVE-2021-40776.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-10-26T23:00:00.000Z", "ID": "CVE-2021-40776", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Lightroom Classic DLL Hijacking Local Privilege Escalation Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Lightroom Classic", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "10.3" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Physical", + "availabilityImpact": "High", + "baseScore": 7.0, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "High", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/lightroom/apsb21-97.html", + "name": "https://helpx.adobe.com/security/products/lightroom/apsb21-97.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43754.json b/2021/43xxx/CVE-2021-43754.json index b9de33a732d..c07e95735c1 100644 --- a/2021/43xxx/CVE-2021-43754.json +++ b/2021/43xxx/CVE-2021-43754.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-12-14T23:00:00.000Z", "ID": "CVE-2021-43754", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Prelude Corruption could lead to Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Prelude", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "22.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Prelude version 22.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Memory Location After End of Buffer (CWE-788)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/prelude/apsb21-114.html", + "name": "https://helpx.adobe.com/security/products/prelude/apsb21-114.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43756.json b/2021/43xxx/CVE-2021-43756.json index 8551e3d1469..48a69b18d23 100644 --- a/2021/43xxx/CVE-2021-43756.json +++ b/2021/43xxx/CVE-2021-43756.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-12-14T23:00:00.000Z", "ID": "CVE-2021-43756", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Media Encoder Memory Corruption Vulnerability could lead to Remote Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Media Encoder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "22.0" + }, + { + "version_affected": "<=", + "version_value": "15.4.2" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Memory Location After End of Buffer (CWE-788)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/media-encoder/apsb21-118.html", + "name": "https://helpx.adobe.com/security/products/media-encoder/apsb21-118.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20733.json b/2022/20xxx/CVE-2022-20733.json index 0af1904301d..3dc3bbd88e3 100644 --- a/2022/20xxx/CVE-2022-20733.json +++ b/2022/20xxx/CVE-2022-20733.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions.\r This vulnerability is due to exposed sensitive Security Assertion Markup Language (SAML) metadata. An attacker could exploit this vulnerability by using the exposed SAML metadata to bypass authentication to the user portal. A successful exploit could allow the attacker to access all roles without any restrictions.\r " + "value": "A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security Assertion Markup Language (SAML) metadata. An attacker could exploit this vulnerability by using the exposed SAML metadata to bypass authentication to the user portal. A successful exploit could allow the attacker to access all roles without any restrictions." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20736.json b/2022/20xxx/CVE-2022-20736.json index 8e271c4b5a4..dab521b1a58 100644 --- a/2022/20xxx/CVE-2022-20736.json +++ b/2022/20xxx/CVE-2022-20736.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access.\r This vulnerability is due to improper authorization checking for HTTP requests that are submitted to the affected web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected instance of AppDynamics Controller. A successful exploit could allow the attacker to access the login page for an administrative console.\r AppDynamics has released software updates that address this vulnerability. " + "value": "A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This vulnerability is due to improper authorization checking for HTTP requests that are submitted to the affected web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected instance of AppDynamics Controller. A successful exploit could allow the attacker to access the login page for an administrative console. AppDynamics has released software updates that address this vulnerability." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20798.json b/2022/20xxx/CVE-2022-20798.json index 0face7d284a..e4f94a58a44 100644 --- a/2022/20xxx/CVE-2022-20798.json +++ b/2022/20xxx/CVE-2022-20798.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device.\r This vulnerability is due to improper authentication checks when an affected device uses Lightweight Directory Access Protocol (LDAP) for external authentication. An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device. A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device.\r " + "value": "A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. This vulnerability is due to improper authentication checks when an affected device uses Lightweight Directory Access Protocol (LDAP) for external authentication. An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device. A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20817.json b/2022/20xxx/CVE-2022-20817.json index 29fd6b58886..9db3f9c84f4 100644 --- a/2022/20xxx/CVE-2022-20817.json +++ b/2022/20xxx/CVE-2022-20817.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": " A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability. " + "value": "A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20819.json b/2022/20xxx/CVE-2022-20819.json index 9ff53464656..1b3cf6cc992 100644 --- a/2022/20xxx/CVE-2022-20819.json +++ b/2022/20xxx/CVE-2022-20819.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. \r This vulnerability exists because administrative privilege levels for sensitive data are not properly enforced. An attacker with read-only privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information about the system configuration. \r " + "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because administrative privilege levels for sensitive data are not properly enforced. An attacker with read-only privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information about the system configuration." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20825.json b/2022/20xxx/CVE-2022-20825.json index 695488ab28b..f15e3aa534e 100644 --- a/2022/20xxx/CVE-2022-20825.json +++ b/2022/20xxx/CVE-2022-20825.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.\r This vulnerability is due to insufficient user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges.\r Cisco has not released software updates that address this vulnerability. " + "value": "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Cisco has not released software updates that address this vulnerability." } ] }, @@ -85,4 +85,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24004.json b/2022/24xxx/CVE-2022-24004.json index 991b7756182..9b0c91302f7 100644 --- a/2022/24xxx/CVE-2022-24004.json +++ b/2022/24xxx/CVE-2022-24004.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-24004", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-24004", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing conversation. The payload executes in the browser of any conversation participant with the sidebar shown." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log/", + "refsource": "MISC", + "name": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log/" + }, + { + "refsource": "MISC", + "name": "https://labs.nettitude.com/blog/cve-2022-24004-cve-2022-24127-vanderbilt-redcap-stored-cross-site-scripting/", + "url": "https://labs.nettitude.com/blog/cve-2022-24004-cve-2022-24127-vanderbilt-redcap-stored-cross-site-scripting/" } ] } diff --git a/2022/24xxx/CVE-2022-24127.json b/2022/24xxx/CVE-2022-24127.json index 72f51a0e506..1a30eae70f5 100644 --- a/2022/24xxx/CVE-2022-24127.json +++ b/2022/24xxx/CVE-2022-24127.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-24127", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-24127", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payload is then reflected within the title tag of the page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log/", + "refsource": "MISC", + "name": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log/" + }, + { + "refsource": "MISC", + "name": "https://labs.nettitude.com/blog/cve-2022-24004-cve-2022-24127-vanderbilt-redcap-stored-cross-site-scripting/", + "url": "https://labs.nettitude.com/blog/cve-2022-24004-cve-2022-24127-vanderbilt-redcap-stored-cross-site-scripting/" } ] } diff --git a/2022/26xxx/CVE-2022-26057.json b/2022/26xxx/CVE-2022-26057.json index b7b620be399..c90b68e88b1 100644 --- a/2022/26xxx/CVE-2022-26057.json +++ b/2022/26xxx/CVE-2022-26057.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cybersecurity@ch.abb.com", + "DATE_PUBLIC": "2022-06-14T15:00:00.000Z", "ID": "CVE-2022-26057", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Mint WorkBench Link Following Local Privilege Escalation Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mint WorkBench", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "build", + "version_value": "5866" + } + ] + } + } + ] + }, + "vendor_name": "ABB" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability was discovered by Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative. ABB appreciates their actions to keep our products safe for our customers." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a \"repair\" operation on the product" } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The problem is corrected in the following product versions:\nDrive Composer entry version 2.7.1\nDrive Composer pro version 2.7.1\nCustomers using Drive composer pro integrated in ABB Automation Builder should refer to section \n\u201cWorkarounds\u201d in this document. \nMint WorkBench Build 5868\nABB recommends that customers apply the update at earliest convenience. Updated versions of Drive Composer are available immediately. ABB Automation Builder 2.5.1 and Mint WorkBench Build 5868 will be available before or during Q3/2022." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is identified below as \u201cImpact of workaround\u201d.\n\nWith ABB Automation Builder it is possible to change the version of Drive Composer used so it is not mandatory to update that application immediately. Steps:\n1) Install or upgrade Drive Composer pro version to 2.7.1\n2) In ABB Automation Builder Options, select External tools.\n3) At Drive composer pro-line, select Custom and select the installed Drive Composer pro version 2.7.1 executable typically in C:\\Program Files (x86)\\DriveWare\\Drive Composer pro\\2.7\n\nAlternatively, users are able to remove the vulnerable Drive Composer for ABB Automation Builder. This can be done either from ABB Automation Builder Installation manager or from Windows Settings: Apps & features." + } + ] } \ No newline at end of file diff --git a/2022/29xxx/CVE-2022-29443.json b/2022/29xxx/CVE-2022-29443.json index 45395e6ddc6..f5ccbe2d641 100644 --- a/2022/29xxx/CVE-2022-29443.json +++ b/2022/29xxx/CVE-2022-29443.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-05-26T12:29:00.000Z", "ID": "CVE-2022-29443", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Hotel Booking plugin <= 3.0 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hotel Booking (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 3.0", + "version_value": "3.0" + } + ] + } + } + ] + }, + "vendor_name": "Nicdark" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/nd-booking/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/nd-booking/" + }, + { + "name": "https://patchstack.com/database/vulnerability/nd-booking/wordpress-hotel-booking-plugin-3-0-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/nd-booking/wordpress-hotel-booking-plugin-3-0-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/29xxx/CVE-2022-29450.json b/2022/29xxx/CVE-2022-29450.json index 34c4942d2d3..1ef56a218e6 100644 --- a/2022/29xxx/CVE-2022-29450.json +++ b/2022/29xxx/CVE-2022-29450.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-05-27T12:53:00.000Z", "ID": "CVE-2022-29450", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Admin Management Xtended plugin <= 2.4.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Admin Management Xtended (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 2.4.4", + "version_value": "2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "Oliver Schl\u00f6be" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Nguy Minh Tuan (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/admin-management-xtended/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/admin-management-xtended/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/admin-management-xtended/wordpress-admin-management-xtended-plugin-2-4-4-multiple-cross-site-request-forgery-csrf-vulnerabilities", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/admin-management-xtended/wordpress-admin-management-xtended-plugin-2-4-4-multiple-cross-site-request-forgery-csrf-vulnerabilities" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2089.json b/2022/2xxx/CVE-2022-2089.json new file mode 100644 index 00000000000..36cc3419295 --- /dev/null +++ b/2022/2xxx/CVE-2022-2089.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2089", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2090.json b/2022/2xxx/CVE-2022-2090.json new file mode 100644 index 00000000000..0f53370918d --- /dev/null +++ b/2022/2xxx/CVE-2022-2090.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2090", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31216.json b/2022/31xxx/CVE-2022-31216.json index 12f0ce36169..6b3504c1d7b 100644 --- a/2022/31xxx/CVE-2022-31216.json +++ b/2022/31xxx/CVE-2022-31216.json @@ -1,18 +1,151 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cybersecurity@ch.abb.com", + "DATE_PUBLIC": "2022-06-14T15:00:00.000Z", "ID": "CVE-2022-31216", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Drive Composer Link Following Local Privilege Escalation Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Drive Composer entry", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.0" + }, + { + "version_affected": "<=", + "version_value": "2.7" + } + ] + } + }, + { + "product_name": "Drive Composer pro", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.0" + }, + { + "version_affected": "<=", + "version_value": "2.7" + } + ] + } + }, + { + "product_name": "ABB Automation Builder", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "1.1.0" + }, + { + "version_affected": "<=", + "version_value": "2.5.0" + } + ] + } + }, + { + "product_name": "Mint WorkBench", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "build", + "version_value": "5866" + } + ] + } + } + ] + }, + "vendor_name": "ABB" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability was discovered by Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative. ABB appreciates their actions to keep our products safe for our customers." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a \"repair\" operation on the product." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The problem is corrected in the following product versions:\nDrive Composer entry version 2.7.1\nDrive Composer pro version 2.7.1\nCustomers using Drive composer pro integrated in ABB Automation Builder should refer to section \n\u201cWorkarounds\u201d in this document. \nMint WorkBench Build 5868\nABB recommends that customers apply the update at earliest convenience. Updated versions of Drive Composer are available immediately. ABB Automation Builder 2.5.1 and Mint WorkBench Build 5868 will be available before or during Q3/2022." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is identified below as \u201cImpact of workaround\u201d.\n\nWith ABB Automation Builder it is possible to change the version of Drive Composer used so it is not mandatory to update that application immediately. Steps:\n1) Install or upgrade Drive Composer pro version to 2.7.1\n2) In ABB Automation Builder Options, select External tools.\n3) At Drive composer pro-line, select Custom and select the installed Drive Composer pro version 2.7.1 executable typically in C:\\Program Files (x86)\\DriveWare\\Drive Composer pro\\2.7\n\nAlternatively, users are able to remove the vulnerable Drive Composer for ABB Automation Builder. This can be done either from ABB Automation Builder Installation manager or from Windows Settings: Apps & features." + } + ] } \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31217.json b/2022/31xxx/CVE-2022-31217.json index 05c43517f42..1463fdbe9ec 100644 --- a/2022/31xxx/CVE-2022-31217.json +++ b/2022/31xxx/CVE-2022-31217.json @@ -1,18 +1,151 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cybersecurity@ch.abb.com", + "DATE_PUBLIC": "2022-06-14T15:00:00.000Z", "ID": "CVE-2022-31217", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Drive Composer Link Following Local Privilege Escalation Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Drive Composer entry", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.0" + }, + { + "version_affected": "<=", + "version_value": "2.7" + } + ] + } + }, + { + "product_name": "Drive Composer pro", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.0" + }, + { + "version_affected": "<=", + "version_value": "2.7" + } + ] + } + }, + { + "product_name": "ABB Automation Builder", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "1.1.0" + }, + { + "version_affected": "<=", + "version_value": "2.5.0" + } + ] + } + }, + { + "product_name": "Mint WorkBench", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "build", + "version_value": "5866" + } + ] + } + } + ] + }, + "vendor_name": "ABB" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability was discovered by Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative. ABB appreciates their actions to keep our products safe for our customers." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a \"repair\" operation on the product." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The problem is corrected in the following product versions:\nDrive Composer entry version 2.7.1\nDrive Composer pro version 2.7.1\nCustomers using Drive composer pro integrated in ABB Automation Builder should refer to section \n\u201cWorkarounds\u201d in this document. \nMint WorkBench Build 5868\nABB recommends that customers apply the update at earliest convenience. Updated versions of Drive Composer are available immediately. ABB Automation Builder 2.5.1 and Mint WorkBench Build 5868 will be available before or during Q3/2022." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is identified below as \u201cImpact of workaround\u201d.\n\nWith ABB Automation Builder it is possible to change the version of Drive Composer used so it is not mandatory to update that application immediately. Steps:\n1) Install or upgrade Drive Composer pro version to 2.7.1\n2) In ABB Automation Builder Options, select External tools.\n3) At Drive composer pro-line, select Custom and select the installed Drive Composer pro version 2.7.1 executable typically in C:\\Program Files (x86)\\DriveWare\\Drive Composer pro\\2.7\n\nAlternatively, users are able to remove the vulnerable Drive Composer for ABB Automation Builder. This can be done either from ABB Automation Builder Installation manager or from Windows Settings: Apps & features." + } + ] } \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31218.json b/2022/31xxx/CVE-2022-31218.json index 5fc86c3eb42..5727bcaaf38 100644 --- a/2022/31xxx/CVE-2022-31218.json +++ b/2022/31xxx/CVE-2022-31218.json @@ -1,18 +1,151 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cybersecurity@ch.abb.com", + "DATE_PUBLIC": "2022-06-14T15:00:00.000Z", "ID": "CVE-2022-31218", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Drive Composer Link Following Local Privilege Escalation Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Drive Composer entry", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.0" + }, + { + "version_affected": "<=", + "version_value": "2.7" + } + ] + } + }, + { + "product_name": "Drive Composer pro", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.0" + }, + { + "version_affected": "<=", + "version_value": "2.7" + } + ] + } + }, + { + "product_name": "ABB Automation Builder", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "1.1.0" + }, + { + "version_affected": "<=", + "version_value": "2.5.0" + } + ] + } + }, + { + "product_name": "Mint WorkBench", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "build", + "version_value": "5866" + } + ] + } + } + ] + }, + "vendor_name": "ABB" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability was discovered by Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative. ABB appreciates their actions to keep our products safe for our customers." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a \"repair\" operation on the product." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The problem is corrected in the following product versions:\nDrive Composer entry version 2.7.1\nDrive Composer pro version 2.7.1\nCustomers using Drive composer pro integrated in ABB Automation Builder should refer to section \n\u201cWorkarounds\u201d in this document. \nMint WorkBench Build 5868\nABB recommends that customers apply the update at earliest convenience. Updated versions of Drive Composer are available immediately. ABB Automation Builder 2.5.1 and Mint WorkBench Build 5868 will be available before or during Q3/2022." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is identified below as \u201cImpact of workaround\u201d.\n\nWith ABB Automation Builder it is possible to change the version of Drive Composer used so it is not mandatory to update that application immediately. Steps:\n1) Install or upgrade Drive Composer pro version to 2.7.1\n2) In ABB Automation Builder Options, select External tools.\n3) At Drive composer pro-line, select Custom and select the installed Drive Composer pro version 2.7.1 executable typically in C:\\Program Files (x86)\\DriveWare\\Drive Composer pro\\2.7\n\nAlternatively, users are able to remove the vulnerable Drive Composer for ABB Automation Builder. This can be done either from ABB Automation Builder Installation manager or from Windows Settings: Apps & features." + } + ] } \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31219.json b/2022/31xxx/CVE-2022-31219.json index b9fc3f119e2..655c2ae1b68 100644 --- a/2022/31xxx/CVE-2022-31219.json +++ b/2022/31xxx/CVE-2022-31219.json @@ -1,18 +1,151 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cybersecurity@ch.abb.com", + "DATE_PUBLIC": "2022-06-14T15:00:00.000Z", "ID": "CVE-2022-31219", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Drive Composer Link Following Local Privilege Escalation Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Drive Composer entry", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.0" + }, + { + "version_affected": "<=", + "version_value": "2.7" + } + ] + } + }, + { + "product_name": "Drive Composer pro", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "2.0" + }, + { + "version_affected": "<=", + "version_value": "2.7" + } + ] + } + }, + { + "product_name": "ABB Automation Builder", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "1.1.0" + }, + { + "version_affected": "<=", + "version_value": "2.5.0" + } + ] + } + }, + { + "product_name": "Mint WorkBench", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "build", + "version_value": "5866" + } + ] + } + } + ] + }, + "vendor_name": "ABB" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability was discovered by Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative. ABB appreciates their actions to keep our products safe for our customers." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a \"repair\" operation on the product." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The problem is corrected in the following product versions:\nDrive Composer entry version 2.7.1\nDrive Composer pro version 2.7.1\nCustomers using Drive composer pro integrated in ABB Automation Builder should refer to section \n\u201cWorkarounds\u201d in this document. \nMint WorkBench Build 5868\nABB recommends that customers apply the update at earliest convenience. Updated versions of Drive Composer are available immediately. ABB Automation Builder 2.5.1 and Mint WorkBench Build 5868 will be available before or during Q3/2022." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is identified below as \u201cImpact of workaround\u201d.\n\nWith ABB Automation Builder it is possible to change the version of Drive Composer used so it is not mandatory to update that application immediately. Steps:\n1) Install or upgrade Drive Composer pro version to 2.7.1\n2) In ABB Automation Builder Options, select External tools.\n3) At Drive composer pro-line, select Custom and select the installed Drive Composer pro version 2.7.1 executable typically in C:\\Program Files (x86)\\DriveWare\\Drive Composer pro\\2.7\n\nAlternatively, users are able to remove the vulnerable Drive Composer for ABB Automation Builder. This can be done either from ABB Automation Builder Installation manager or from Windows Settings: Apps & features." + } + ] } \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32375.json b/2022/32xxx/CVE-2022-32375.json index 80f9c7678fa..b8da744eca4 100644 --- a/2022/32xxx/CVE-2022-32375.json +++ b/2022/32xxx/CVE-2022-32375.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32375", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32375", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_timetable.php?id=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/k0xx11/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/SQLi-6.md", + "url": "https://github.com/k0xx11/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/SQLi-6.md" } ] } diff --git a/2022/32xxx/CVE-2022-32376.json b/2022/32xxx/CVE-2022-32376.json index a938f4b04f0..478a5785938 100644 --- a/2022/32xxx/CVE-2022-32376.json +++ b/2022/32xxx/CVE-2022-32376.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32376", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32376", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_events.php?event_id=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/k0xx11/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/SQLi-8.md", + "url": "https://github.com/k0xx11/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/SQLi-8.md" } ] } diff --git a/2022/32xxx/CVE-2022-32377.json b/2022/32xxx/CVE-2022-32377.json index 1a00e11e902..f9d854909bb 100644 --- a/2022/32xxx/CVE-2022-32377.json +++ b/2022/32xxx/CVE-2022-32377.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32377", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32377", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam_timetable.php?id=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/k0xx11/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/SQLi-9.md", + "url": "https://github.com/k0xx11/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/SQLi-9.md" } ] } diff --git a/2022/32xxx/CVE-2022-32378.json b/2022/32xxx/CVE-2022-32378.json index 8dfc051bb82..0ff57927fb5 100644 --- a/2022/32xxx/CVE-2022-32378.json +++ b/2022/32xxx/CVE-2022-32378.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32378", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32378", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher_profile.php?my_index=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/k0xx11/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/SQLi-13.md", + "url": "https://github.com/k0xx11/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/SQLi-13.md" } ] } diff --git a/2022/32xxx/CVE-2022-32379.json b/2022/32xxx/CVE-2022-32379.json index 663b4066bdc..487b3b899b6 100644 --- a/2022/32xxx/CVE-2022-32379.json +++ b/2022/32xxx/CVE-2022-32379.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32379", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32379", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_parents_profile.php?my_index=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/k0xx11/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/SQLi-10.md", + "url": "https://github.com/k0xx11/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/SQLi-10.md" } ] } diff --git a/2022/32xxx/CVE-2022-32380.json b/2022/32xxx/CVE-2022-32380.json index e23504f7bf1..425dad4009e 100644 --- a/2022/32xxx/CVE-2022-32380.json +++ b/2022/32xxx/CVE-2022-32380.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32380", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32380", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_student_subject.php?index=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/k0xx11/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/SQLi-12.md", + "url": "https://github.com/k0xx11/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/SQLi-12.md" } ] } diff --git a/2022/32xxx/CVE-2022-32381.json b/2022/32xxx/CVE-2022-32381.json index e29c213319d..f2bb910616e 100644 --- a/2022/32xxx/CVE-2022-32381.json +++ b/2022/32xxx/CVE-2022-32381.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32381", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32381", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_admin_profile.php?my_index=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/k0xx11/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/SQLi-11.md", + "url": "https://github.com/k0xx11/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/SQLi-11.md" } ] } diff --git a/2022/32xxx/CVE-2022-32433.json b/2022/32xxx/CVE-2022-32433.json index b26feb5f433..b72de36936a 100644 --- a/2022/32xxx/CVE-2022-32433.json +++ b/2022/32xxx/CVE-2022-32433.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32433", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32433", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/tamchikit/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/RCE-1.md", + "url": "https://github.com/tamchikit/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/RCE-1.md" } ] }