mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
6fd2e89136
commit
91a9ad5114
@ -1,17 +1,229 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-20868",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Use of Hard-coded Cryptographic Key"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Cisco",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Cisco Web Security Appliance (WSA)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "11.8.0-414",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.8.1-023",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.8.3-018",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.8.3-021",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.0.1-268",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.0.3-005",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.0.3-007",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.5.2-007",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.5.2-011",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.5.1-011",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.5.4-005",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.5.4-011",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "14.5.0-498",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Cisco Email Security Appliance (ESA)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "13.0.0-392",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "13.5.1-277",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "14.0.0-698",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "14.2.0-620",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Cisco Content Security Management Appliance (SMA)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "12.0.0-452",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.0.1-011",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.5.0-636",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.5.0-658",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.5.0-678",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.5.0-670",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "13.0.0-277",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "13.6.2-078",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "13.8.1-068",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "13.8.1-074",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.8.1-002",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "14.0.0-404",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "14.1.0-223",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "14.1.0-227",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasmawsa-vulns-YRuSW5mD",
|
||||
"refsource": "MISC",
|
||||
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasmawsa-vulns-YRuSW5mD"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "cisco-sa-esasmawsa-vulns-YRuSW5mD",
|
||||
"discovery": "EXTERNAL",
|
||||
"defects": [
|
||||
"CSCwc12181",
|
||||
"CSCwc12183",
|
||||
"CSCwc12184"
|
||||
]
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
|
||||
"baseScore": 4.7,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,257 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-20937",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Insufficient Resource Pool"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Cisco",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Cisco Identity Services Engine Software",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2.4.0",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p1",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p10",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p11",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p12",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p2",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p3",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p5",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p6",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p7",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p8",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p9",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p13",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p14",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p1",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p2",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p3",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p5",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p6",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p7",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p8",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p9",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p10",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p11",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p12",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p1",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p2",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p3",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p4",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p5",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p6",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p7",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0 p1",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0 p2",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0 p3",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0 p4",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0 p5",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.1.0",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.1.0 p1",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-sec-atk-dos-zw5RCUYp",
|
||||
"refsource": "MISC",
|
||||
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-sec-atk-dos-zw5RCUYp"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "cisco-sa-ise-sec-atk-dos-zw5RCUYp",
|
||||
"discovery": "INTERNAL",
|
||||
"defects": [
|
||||
"CSCvz99311"
|
||||
]
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "LOW"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,329 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-20942",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak enforcement of back-end authorization checks. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain confidential data that is stored on the affected device."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Exposure of Private Personal Information to an Unauthorized Actor"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Cisco",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Cisco Web Security Appliance (WSA)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "10.5.1-270",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "10.5.1-296",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "10.5.2-061",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "10.5.2-072",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "10.5.6-022",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "10.5.3-000",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "10.5.5-000",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.5.1-124",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.5.1-125",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.5.1-115",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.5.3-016",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.5.2-000",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.7.0-406",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.7.0-418",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.7.1-049",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.7.1-006",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.7.1-020",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.7.2-011",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.8.0-414",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.8.1-023",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.8.3-018",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.8.3-021",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.0.1-268",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.0.3-007",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "10.6.0-000",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.5.2-007",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.5.1-011",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Cisco Email Security Appliance (ESA)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "10.0.1-087",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.0.0-419",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.1.0-071",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.1.0-087",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.1.0-089",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "13.0.0-392",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "13.5.1-277",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.5.0-066",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "14.0.0-698",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "14.2.0-620",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Cisco Content Security Management Appliance (SMA)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "11.0.0-115",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.0.1-161",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.0.4-000",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.5.1-105",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.0.0-452",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.0.1-011",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.5.0-636",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.5.0-658",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.5.0-678",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.5.0-670",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "13.0.0-277",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "13.6.2-078",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "13.8.1-068",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "13.8.1-074",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.8.1-002",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "14.0.0-404",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "14.1.0-223",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "14.1.0-227",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "14.2.0-212",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnt-sec-infodiscl-BVKKnUG",
|
||||
"refsource": "MISC",
|
||||
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnt-sec-infodiscl-BVKKnUG"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "cisco-sa-cnt-sec-infodiscl-BVKKnUG",
|
||||
"discovery": "INTERNAL",
|
||||
"defects": [
|
||||
"CSCwc43106",
|
||||
"CSCwc43102",
|
||||
"CSCwc43104"
|
||||
]
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,153 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-20960",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device. An attacker could exploit this vulnerability by establishing a large number of concurrent TLS connections to an affected device. A successful exploit could allow the attacker to cause the device to drop new TLS email messages that come from the associated email servers. Exploitation of this vulnerability does not cause the affected device to unexpectedly reload. The device will recover autonomously within a few hours of when the attack is halted or mitigated."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Uncontrolled Resource Consumption"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Cisco",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Cisco Email Security Appliance (ESA)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "10.0.1-087",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.0.3-238",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.1.0-069",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.1.0-131",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.1.0-128",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.1.1-000",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "11.1.2-000",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.0.0-419",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.1.0-071",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.1.0-087",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.1.0-089",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "13.0.0-392",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "13.5.1-277",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "12.5.0-066",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "14.0.0-698",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "14.2.0-620",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-gdghHmbV",
|
||||
"refsource": "MISC",
|
||||
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-gdghHmbV"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "cisco-sa-esa-dos-gdghHmbV",
|
||||
"discovery": "INTERNAL",
|
||||
"defects": [
|
||||
"CSCwc35162"
|
||||
]
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,257 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-20961",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-Site Request Forgery (CSRF)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Cisco",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Cisco Identity Services Engine Software",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2.4.0",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p1",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p10",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p11",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p12",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p2",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p3",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p5",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p6",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p7",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p8",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p9",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p13",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p14",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p1",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p2",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p3",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p5",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p6",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p7",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p8",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p9",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p10",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p11",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p1",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p2",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p3",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p4",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p5",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p6",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p7",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0 p1",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0 p2",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0 p3",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0 p4",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0 p5",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.1.0",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.1.0 p1",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.1.0 p3",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-csrf-vgNtTpAs",
|
||||
"refsource": "MISC",
|
||||
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-csrf-vgNtTpAs"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "cisco-sa-ise-csrf-vgNtTpAs",
|
||||
"discovery": "INTERNAL",
|
||||
"defects": [
|
||||
"CSCwb75954"
|
||||
]
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,265 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-20963",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid credentials to access the web-based management interface of an affected device."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper Neutralization of Alternate XSS Syntax"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Cisco",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Cisco Identity Services Engine Software",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2.4.0",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p1",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p10",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p11",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p12",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p2",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p3",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p5",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p6",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p7",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p8",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p9",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p13",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0 p14",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p1",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p2",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p3",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p5",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p6",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p7",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p8",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p9",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p10",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p11",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.6.0 p12",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p1",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p2",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p3",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p4",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p5",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p6",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "2.7.0 p7",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0 p1",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0 p2",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0 p3",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0 p4",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0 p5",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0 p6",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.1.0",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.1.0 p1",
|
||||
"version_affected": "="
|
||||
},
|
||||
{
|
||||
"version_value": "3.1.0 p3",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stor-xss-kpRBWXY",
|
||||
"refsource": "MISC",
|
||||
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stor-xss-kpRBWXY"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "cisco-sa-ise-stor-xss-kpRBWXY",
|
||||
"discovery": "INTERNAL",
|
||||
"defects": [
|
||||
"CSCwb75959"
|
||||
]
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
|
||||
"baseScore": 5.4,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user