diff --git a/2018/15xxx/CVE-2018-15447.json b/2018/15xxx/CVE-2018-15447.json index 23451534141..8b87fa4bad4 100644 --- a/2018/15xxx/CVE-2018-15447.json +++ b/2018/15xxx/CVE-2018-15447.json @@ -1,86 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2018-11-07T16:00:00-0600", - "ID": "CVE-2018-15447", - "STATE": "PUBLIC", - "TITLE": "Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco Integrated Management Controller (IMC) Supervisor ", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2018-11-07T16:00:00-0600", + "ID" : "CVE-2018-15447", + "STATE" : "PUBLIC", + "TITLE" : "Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco Integrated Management Controller (IMC) Supervisor ", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "6.5", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-89" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. " - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "6.5", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20181107 Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-cimc-sql-inject" - } - ] - }, - "source": { - "advisory": "cisco-sa-20181107-cimc-sql-inject", - "defect": [ - [ - "CSCvm10518" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20181107 Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-cimc-sql-inject" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20181107-cimc-sql-inject", + "defect" : [ + [ + "CSCvm10518" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2018/15xxx/CVE-2018-15448.json b/2018/15xxx/CVE-2018-15448.json index 4cd074c524b..f8bafe2cf16 100644 --- a/2018/15xxx/CVE-2018-15448.json +++ b/2018/15xxx/CVE-2018-15448.json @@ -1,86 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2018-11-07T16:00:00-0600", - "ID": "CVE-2018-15448", - "STATE": "PUBLIC", - "TITLE": "Cisco Registered Envelope Service Information Disclosure Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco Registered Envelope Service ", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2018-11-07T16:00:00-0600", + "ID" : "CVE-2018-15448", + "STATE" : "PUBLIC", + "TITLE" : "Cisco Registered Envelope Service Information Disclosure Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco Registered Envelope Service ", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecure configuration that allows improper indexing. An attacker could exploit this vulnerability by using a search engine to look for specific data strings. A successful exploit could allow the attacker to discover certain sensitive information about the application, including usernames." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "5.3", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-16" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecure configuration that allows improper indexing. An attacker could exploit this vulnerability by using a search engine to look for specific data strings. A successful exploit could allow the attacker to discover certain sensitive information about the application, including usernames. " - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "5.3", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-16" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20181107 Cisco Registered Envelope Service Information Disclosure Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-res-info-disc" - } - ] - }, - "source": { - "advisory": "cisco-sa-20181107-res-info-disc", - "defect": [ - [ - "CSCvj88457" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20181107 Cisco Registered Envelope Service Information Disclosure Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-res-info-disc" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20181107-res-info-disc", + "defect" : [ + [ + "CSCvj88457" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2018/15xxx/CVE-2018-15449.json b/2018/15xxx/CVE-2018-15449.json index 60bbc4f0b74..c36286ec191 100644 --- a/2018/15xxx/CVE-2018-15449.json +++ b/2018/15xxx/CVE-2018-15449.json @@ -1,86 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2018-11-07T16:00:00-0600", - "ID": "CVE-2018-15449", - "STATE": "PUBLIC", - "TITLE": "Cisco Video Surveillance Media Server Denial of Service Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco Video Surveillance Media Server Software ", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2018-11-07T16:00:00-0600", + "ID" : "CVE-2018-15449", + "STATE" : "PUBLIC", + "TITLE" : "Cisco Video Surveillance Media Server Denial of Service Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco Video Surveillance Media Server Software ", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to cause the web-based management interface to become unreachable, resulting in a DoS condition." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "4.3", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-20" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to cause the web-based management interface to become unreachable, resulting in a DoS condition. " - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "4.3", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20181107 Cisco Video Surveillance Media Server Denial of Service Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vsms-dos" - } - ] - }, - "source": { - "advisory": "cisco-sa-20181107-vsms-dos", - "defect": [ - [ - "CSCvm36780" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20181107 Cisco Video Surveillance Media Server Denial of Service Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vsms-dos" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20181107-vsms-dos", + "defect" : [ + [ + "CSCvm36780" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2018/6xxx/CVE-2018-6436.json b/2018/6xxx/CVE-2018-6436.json index d8b89809041..ada3f6da665 100644 --- a/2018/6xxx/CVE-2018-6436.json +++ b/2018/6xxx/CVE-2018-6436.json @@ -53,6 +53,8 @@ "references" : { "reference_data" : [ { + "name" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730", + "refsource" : "CONFIRM", "url" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730" } ] diff --git a/2018/6xxx/CVE-2018-6437.json b/2018/6xxx/CVE-2018-6437.json index 5c4adcc2f18..3e357a2ee10 100644 --- a/2018/6xxx/CVE-2018-6437.json +++ b/2018/6xxx/CVE-2018-6437.json @@ -53,6 +53,8 @@ "references" : { "reference_data" : [ { + "name" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-731", + "refsource" : "CONFIRM", "url" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-731" } ] diff --git a/2018/6xxx/CVE-2018-6438.json b/2018/6xxx/CVE-2018-6438.json index ce83c076ae5..890da21f9f6 100644 --- a/2018/6xxx/CVE-2018-6438.json +++ b/2018/6xxx/CVE-2018-6438.json @@ -53,6 +53,8 @@ "references" : { "reference_data" : [ { + "name" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-731", + "refsource" : "CONFIRM", "url" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-731" } ]