From 937723e811b02f33e9934a6098868c93e8cef2c9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 25 May 2023 19:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/26xxx/CVE-2023-26215.json | 91 ++++++++++++++++++++++++++++++++-- 2023/26xxx/CVE-2023-26216.json | 91 ++++++++++++++++++++++++++++++++-- 2 files changed, 174 insertions(+), 8 deletions(-) diff --git a/2023/26xxx/CVE-2023-26215.json b/2023/26xxx/CVE-2023-26215.json index 74f2c279bde..9cd333caccf 100644 --- a/2023/26xxx/CVE-2023-26215.json +++ b/2023/26xxx/CVE-2023-26215.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-26215", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@tibco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Any application user can potentially read files that would normally only be accessible by server administrators." + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TIBCO Software Inc.", + "product": { + "product_data": [ + { + "product_name": "TIBCO EBX Add-ons", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "4.5.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.tibco.com/services/support/advisories", + "refsource": "MISC", + "name": "https://www.tibco.com/services/support/advisories" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

TIBCO has released updated versions of the affected components which address these issues.

TIBCO EBX Add-ons versions 4.5.16 and below: update to version 4.5.17 or later

" + } + ], + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO EBX Add-ons versions 4.5.16 and below: update to version 4.5.17 or later\n\n" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/26xxx/CVE-2023-26216.json b/2023/26xxx/CVE-2023-26216.json index c0633c1c36b..85adb4c7c9e 100644 --- a/2023/26xxx/CVE-2023-26216.json +++ b/2023/26xxx/CVE-2023-26216.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-26216", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@tibco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application administrator without access to the underlying server could upload files that may be evaluated by the web server allowing them to perform actions with the privileges of the web server." + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TIBCO Software Inc.", + "product": { + "product_data": [ + { + "product_name": "TIBCO EBX Add-ons", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "4.5.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.tibco.com/services/support/advisories", + "refsource": "MISC", + "name": "https://www.tibco.com/services/support/advisories" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

TIBCO has released updated versions of the affected components which address these issues.

TIBCO EBX Add-ons versions 4.5.16 and below: update to version 4.5.17 or later

" + } + ], + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO EBX Add-ons versions 4.5.16 and below: update to version 4.5.17 or later\n\n" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] }