Merge branch 'Avaya_ASA-2018-384' of https://github.com/AvayaCNA/cvelist

2025-06-10 02:04:31 +00:00 · 2019-01-23 11:18:37 -05:00 · 2019-01-23 11:18:37 -05:00 · 9053f923b5
commit 9053f923b5
parent 734727d5ea 45ac05555a
1 changed files with 82 additions and 11 deletions
--- a/2018/15xxx/CVE-2018-15614.json
+++ b/2018/15xxx/CVE-2018-15614.json
@ -1,18 +1,89 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-15614",
-      "STATE" : "RESERVED"
+   "CVE_data_meta": {
+      "ASSIGNER": "securityalerts@avaya.com",
+      "ID": "CVE-2018-15614",
+      "STATE": "PUBLIC",
+      "TITLE": "IP Office one-X Portal XSS"
   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "IP Office",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": "<",
+                                 "version_name": "11.x",
+                                 "version_value": "11.0 SP1"
+                              },
+                              {
+                                 "affected": "<",
+                                 "version_name": "10.x",
+                                 "version_value": "10.1 SP4"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Avaya"
+            }
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "lang": "eng",
+            "value": "A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1."
         }
      ]
+   },
+   "impact": {
+      "cvss": {
+         "attackComplexity": "HIGH",
+         "attackVector": "NETWORK",
+         "availabilityImpact": "NONE",
+         "baseScore": 6.8,
+         "baseSeverity": "MEDIUM",
+         "confidentialityImpact": "HIGH",
+         "integrityImpact": "HIGH",
+         "privilegesRequired": "LOW",
+         "scope": "UNCHANGED",
+         "userInteraction": "NONE",
+         "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
+         "version": "3.0"
+      }
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\n"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "name": "https://downloads.avaya.com/css/P8/documents/101054317",
+            "refsource": "CONFIRM",
+            "url": "https://downloads.avaya.com/css/P8/documents/101054317"
+         }
+      ]
+   },
+   "source": {
+      "advisory": "ASA-2018-384"
   }
 }