admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#4393

Browse Source 
Auto-merge PR#4393
This commit is contained in:
CVE Team 2022-02-04 17:45:18 -05:00 committed by GitHub
commit 9490a964d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 1301 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
2021/26xxx/CVE-2021-26471.json
View File

@ -1,8 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2021-07-07T10:49:00.000Z",
"ID": "CVE-2021-26471",
"STATE": "PUBLIC"
"STATE": "PUBLIC",
"TITLE": "Unauthenticated remote command execution in Vembu products"
},
"affects": {
"vendor": {
@ -11,22 +13,104 @@
"product": {
"product_data": [
{
"product_name": "n/a",
"product_name": "VembuBDR",
"version": {
"version_data": [
{
"version_value": "n/a"
"version_affected": "=",
"version_name": "4.2.x",
"version_value": "4.2.0.1"
},
{
"version_affected": "=",
"version_name": "4.2.x",
"version_value": "4.2.0"
},
{
"version_affected": "=",
"version_name": "4.1.x",
"version_value": "4.1.0"
},
{
"version_affected": "=",
"version_name": "4.0.x",
"version_value": "4.0.2"
},
{
"version_affected": "=",
"version_name": "4.0.x",
"version_value": "4.0.1"
},
{
"version_affected": "=",
"version_name": "4.0.x",
"version_value": "4.0.0"
},
{
"version_affected": "=",
"version_name": "3.9.x",
"version_value": "3.9.1 Update1"
},
{
"version_affected": "=",
"version_name": "3.9.x",
"version_value": "3.9.0 Update1"
},
{
"version_affected": "=",
"version_name": "3.9.x",
"version_value": "3.9.0"
},
{
"version_affected": "=",
"version_name": "3.8.x",
"version_value": "3.8.0"
},
{
"version_affected": "=",
"version_name": "3.7.x",
"version_value": "3.7.0"
},
{
"version_affected": "=",
"version_name": "3.5.x",
"version_value": "3.5.0.0"
}
]
}
},
{
"product_name": "VembuOffsiteDR ",
"version": {
"version_data": [
{
"version_name": "4.2.x",
"version_value": "4.2.0.1"
},
{
"version_name": "4.2.x",
"version_value": "4.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
"vendor_name": "VembuBDR"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by Wietse Boonstra"
},
{
"lang": "eng",
"value": "Addional research by Frank Breedijk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
@ -34,17 +118,36 @@
"description_data": [
{
"lang": "eng",
"value": "Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execution by placing a command in a GET request (issue 1 of 2)."
"value": "In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands.\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "CWE-78 OS Command Injection"
}
]
}
@ -53,30 +156,29 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.divd.nl/",
"url": "https://www.divd.nl/"
"name": "https://csirt.divd.nl/cves/CVE-2021-26471/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/cves/CVE-2021-26471/"
},
{
"refsource": "MISC",
"name": "https://www.wbsec.nl/vembu",
"url": "https://www.wbsec.nl/vembu"
},
{
"refsource": "MISC",
"name": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/",
"url": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/"
},
{
"refsource": "MISC",
"name": "https://csirt.divd.nl/cases/DIVD-2020-00011/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/cases/DIVD-2020-00011/"
},
{
"refsource": "MISC",
"name": "https://csirt.divd.nl/cves/CVE-2021-26471/",
"url": "https://csirt.divd.nl/cves/CVE-2021-26471/"
"name": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/"
},
{
"name": "https://www.wbsec.nl/vembu",
"refsource": "CONFIRM",
"url": "https://www.wbsec.nl/vembu"
}
]
},
"source": {
"advisory": "DIVD-2020-00011",
"discovery": "EXTERNAL"
}
}

149
2021/26xxx/CVE-2021-26472.json
View File

@ -1,8 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2021-07-07T10:49:00.000Z",
"ID": "CVE-2021-26472",
"STATE": "PUBLIC"
"STATE": "PUBLIC",
"TITLE": "Unauthenticated remote command execution with SYSTEM privileges in Vembu products"
},
"affects": {
"vendor": {
@ -11,22 +13,105 @@
"product": {
"product_data": [
{
"product_name": "n/a",
"product_name": "VembuBDR",
"version": {
"version_data": [
{
"version_value": "n/a"
"version_affected": "=",
"version_name": "4.2.x",
"version_value": "4.2.0.1"
},
{
"version_affected": "=",
"version_name": "4.2.x",
"version_value": "4.2.0"
},
{
"version_affected": "=",
"version_name": "4.1.x",
"version_value": "4.1.0"
},
{
"version_affected": "=",
"version_name": "4.0.x",
"version_value": "4.0.2"
},
{
"version_affected": "=",
"version_name": "4.0.x",
"version_value": "4.0.1"
},
{
"version_affected": "=",
"version_name": "4.0.x",
"version_value": "4.0.0"
},
{
"version_affected": "=",
"version_name": "3.9.x",
"version_value": "3.9.1 Update1"
},
{
"version_affected": "=",
"version_name": "3.9.x",
"version_value": "3.9.0 Update1"
},
{
"version_affected": "=",
"version_name": "3.9.x",
"version_value": "3.9.0"
},
{
"version_affected": "=",
"version_name": "3.8.x",
"version_value": "3.8.0"
},
{
"version_affected": "=",
"version_name": "3.7.x",
"version_value": "3.7.0"
},
{
"version_affected": "=",
"version_name": "3.5.x",
"version_value": "3.5.0.0"
}
]
}
},
{
"product_name": "VembuOffsiteDR ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "4.2.x",
"version_value": "4.2.0.1"
},
{
"version_name": "4.2.x",
"version_value": "4.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
"vendor_name": "VembuBDR"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by Wietse Boonstra"
},
{
"lang": "eng",
"value": "Addional research by Frank Breedijk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
@ -34,17 +119,36 @@
"description_data": [
{
"lang": "eng",
"value": "Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execution by placing a command in a GET request (issue 2 of 2)."
"value": "In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "CWE-78 OS Command Injection"
}
]
}
@ -53,30 +157,29 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.divd.nl/",
"url": "https://www.divd.nl/"
"name": "https://csirt.divd.nl/cves/CVE-2021-26472/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/cves/CVE-2021-26472/"
},
{
"refsource": "MISC",
"name": "https://www.wbsec.nl/vembu",
"url": "https://www.wbsec.nl/vembu"
},
{
"refsource": "MISC",
"name": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/",
"url": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/"
},
{
"refsource": "MISC",
"name": "https://csirt.divd.nl/cases/DIVD-2020-00011/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/cases/DIVD-2020-00011/"
},
{
"refsource": "MISC",
"name": "https://csirt.divd.nl/cves/CVE-2021-26472/",
"url": "https://csirt.divd.nl/cves/CVE-2021-26472/"
"name": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/"
},
{
"name": "https://www.wbsec.nl/vembu",
"refsource": "CONFIRM",
"url": "https://www.wbsec.nl/vembu"
}
]
},
"source": {
"advisory": "DIVD-2020-00011",
"discovery": "EXTERNAL"
}
}

149
2021/26xxx/CVE-2021-26473.json
View File

@ -1,8 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2021-07-07T10:49:00.000Z",
"ID": "CVE-2021-26473",
"STATE": "PUBLIC"
"STATE": "PUBLIC",
"TITLE": "Unauthenticated arbitrary file upload and command execution in Vembu products"
},
"affects": {
"vendor": {
@ -11,22 +13,105 @@
"product": {
"product_data": [
{
"product_name": "n/a",
"product_name": "VembuBDR",
"version": {
"version_data": [
{
"version_value": "n/a"
"version_affected": "=",
"version_name": "4.2.x",
"version_value": "4.2.0.1"
},
{
"version_affected": "=",
"version_name": "4.2.x",
"version_value": "4.2.0"
},
{
"version_affected": "=",
"version_name": "4.1.x",
"version_value": "4.1.0"
},
{
"version_affected": "=",
"version_name": "4.0.x",
"version_value": "4.0.2"
},
{
"version_affected": "=",
"version_name": "4.0.x",
"version_value": "4.0.1"
},
{
"version_affected": "=",
"version_name": "4.0.x",
"version_value": "4.0.0"
},
{
"version_affected": "=",
"version_name": "3.9.x",
"version_value": "3.9.1 Update1"
},
{
"version_affected": "=",
"version_name": "3.9.x",
"version_value": "3.9.0 Update1"
},
{
"version_affected": "=",
"version_name": "3.9.x",
"version_value": "3.9.0"
},
{
"version_affected": "=",
"version_name": "3.8.x",
"version_value": "3.8.0"
},
{
"version_affected": "=",
"version_name": "3.7.x",
"version_value": "3.7.0"
},
{
"version_affected": "=",
"version_name": "3.5.x",
"version_value": "3.5.0.0"
}
]
}
},
{
"product_name": "VembuOffsiteDR ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "4.2.x",
"version_value": "4.2.0.1"
},
{
"version_name": "4.2.x",
"version_value": "4.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
"vendor_name": "VembuBDR"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by Wietse Boonstra"
},
{
"lang": "eng",
"value": "Addional research by Frank Breedijk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
@ -34,17 +119,36 @@
"description_data": [
{
"lang": "eng",
"value": "Vembu BDR Suite before 4.2.0 allows Unauthenticated file write via a GET request that specifies a file's name and content."
"value": "In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
@ -53,30 +157,29 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.divd.nl/",
"url": "https://www.divd.nl/"
"name": "https://csirt.divd.nl/cves/CVE-2021-26473/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/cves/CVE-2021-26473/"
},
{
"refsource": "MISC",
"name": "https://www.wbsec.nl/vembu",
"url": "https://www.wbsec.nl/vembu"
},
{
"refsource": "MISC",
"name": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/",
"url": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/"
},
{
"refsource": "MISC",
"name": "https://csirt.divd.nl/cases/DIVD-2020-00011/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/cases/DIVD-2020-00011/"
},
{
"refsource": "MISC",
"name": "https://csirt.divd.nl/cves/CVE-2021-26473/",
"url": "https://csirt.divd.nl/cves/CVE-2021-26473/"
"name": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/",
"refsource": "CONFIRM",
"url": "https://csirt.divd.nl/2021/05/11/Vembu-zero-days/"
},
{
"name": "https://www.wbsec.nl/vembu",
"refsource": "CONFIRM",
"url": "https://www.wbsec.nl/vembu"
}
]
},
"source": {
"advisory": "DIVD-2020-00011",
"discovery": "EXTERNAL"
}
}

947
2021/26xxx/CVE-2021-26474.json
View File

File diff suppressed because it is too large Load Diff