admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-06 17:00:34 +00:00
parent 7bcbf76053
commit 9eecd3ae3b
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
37 changed files with 6759 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
2024/10xxx/CVE-2024-10318.json
View File

@ -1,17 +1,130 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10318",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they can force the session to associate it with the attacker-controlled account, leading to potential misuse of the victim's session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384 Session Fixation",
"cweId": "CWE-384"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "F5",
"product": {
"product_data": [
{
"product_name": "NGINX OpenID Connect",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "fa1ad160e2637d1d583611124478039170d726ab",
"version_value": "133504f4fd9f72f3e36668f9f2f3d32a86fcb269"
}
]
}
},
{
"product_name": "NGINX Instance Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.5.0",
"version_value": "2.17.4"
}
]
}
},
{
"product_name": "NGINX API Connectivity Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.0",
"version_value": "1.9.3"
}
]
}
},
{
"product_name": "NGINX Ingress Controller",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.0",
"version_value": "3.7.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://my.f5.com/manage/s/article/K000148232",
"refsource": "MISC",
"name": "https://my.f5.com/manage/s/article/K000148232"
}
]
},
"generator": {
"engine": "F5 SIRTBot v1.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Christian August Holm Hansen of Binary Security AS"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

60
2024/10xxx/CVE-2024-10826.json
View File

@ -1,17 +1,69 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10826",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "130.0.6723.116",
"version_value": "130.0.6723.116"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/370217726",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/370217726"
}
]
}

60
2024/10xxx/CVE-2024-10827.json
View File

@ -1,17 +1,69 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10827",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "130.0.6723.116",
"version_value": "130.0.6723.116"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/375065084",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/375065084"
}
]
}

109
2024/10xxx/CVE-2024-10919.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10919",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cov/triggerUnitCover. The manipulation of the argument uuid leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In didi Super-Jacoco 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /cov/triggerUnitCover. Durch Beeinflussen des Arguments uuid mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection",
"cweId": "CWE-78"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "didi",
"product": {
"product_data": [
{
"product_name": "Super-Jacoco",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.283315",
"refsource": "MISC",
"name": "https://vuldb.com/?id.283315"
},
{
"url": "https://vuldb.com/?ctiid.283315",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.283315"
},
{
"url": "https://vuldb.com/?submit.432689",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.432689"
},
{
"url": "https://github.com/didi/super-jacoco/issues/49",
"refsource": "MISC",
"name": "https://github.com/didi/super-jacoco/issues/49"
}
]
},
"credits": [
{
"lang": "en",
"value": "gaogaostone (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

113
2024/10xxx/CVE-2024-10920.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10920",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\\src\\main\\java\\io\\github\\mariazevedo88\\travelsjavaapi\\filters\\JwtAuthenticationTokenFilter.java of the component JWT Secret Handler. The manipulation leads to use of hard-coded cryptographic key\r . The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in mariazevedo88 travels-java-api bis 5.0.1 gefunden. Sie wurde als problematisch eingestuft. Es geht hierbei um die Funktion doFilterInternal der Datei travels-java-api-master\\src\\main\\java\\io\\github\\mariazevedo88\\travelsjavaapi\\filters\\JwtAuthenticationTokenFilter.java der Komponente JWT Secret Handler. Dank der Manipulation mit unbekannten Daten kann eine use of hard-coded cryptographic key\r -Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Cryptographic Key",
"cweId": "CWE-321"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Key Management Error",
"cweId": "CWE-320"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mariazevedo88",
"product": {
"product_data": [
{
"product_name": "travels-java-api",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.0.0"
},
{
"version_affected": "=",
"version_value": "5.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.283316",
"refsource": "MISC",
"name": "https://vuldb.com/?id.283316"
},
{
"url": "https://vuldb.com/?ctiid.283316",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.283316"
},
{
"url": "https://vuldb.com/?submit.433458",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.433458"
},
{
"url": "https://github.com/mariazevedo88/travels-java-api/issues/23",
"refsource": "MISC",
"name": "https://github.com/mariazevedo88/travels-java-api/issues/23"
}
]
},
"credits": [
{
"lang": "en",
"value": "susu199 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.1,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.1,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N"
}
]
}

18
2024/10xxx/CVE-2024-10925.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10925",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/10xxx/CVE-2024-10926.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10926",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/10xxx/CVE-2024-10927.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10927",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/10xxx/CVE-2024-10928.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10928",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/10xxx/CVE-2024-10929.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10929",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/10xxx/CVE-2024-10930.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10930",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

117
2024/20xxx/CVE-2024-20371.json
View File

@ -1,17 +1,126 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20371",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device.&nbsp;\r\n\r\nThis vulnerability exists because ACL deny rules are not properly enforced at the time of device reboot. An attacker could exploit this vulnerability by attempting to send traffic to the management interface of an affected device. A successful exploit could allow the attacker to send traffic to the management interface of the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Permissions, Privileges, and Access Control",
"cweId": "CWE-264"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Nexus 3550 System Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3550-F_1.11.3"
},
{
"version_affected": "=",
"version_value": "3550-F_1.12.0"
},
{
"version_affected": "=",
"version_value": "3550-F_1.16.0"
},
{
"version_affected": "=",
"version_value": "3550-F_1.17.1"
},
{
"version_affected": "=",
"version_value": "3550-F_1.11.1"
},
{
"version_affected": "=",
"version_value": "3550-F_1.11.2"
},
{
"version_affected": "=",
"version_value": "3550-F_1.15.0"
},
{
"version_affected": "=",
"version_value": "3550-F_1.13.0"
},
{
"version_affected": "=",
"version_value": "3550-F_1.14.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3550-acl-bypass-mhskZc2q",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3550-acl-bypass-mhskZc2q"
}
]
},
"source": {
"advisory": "cisco-sa-3550-acl-bypass-mhskZc2q",
"discovery": "EXTERNAL",
"defects": [
"CSCwi98129"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

85
2024/20xxx/CVE-2024-20418.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20418",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system.\r\n\r\nThis vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Aironet Access Point Software (IOS XE Controller)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs"
}
]
},
"source": {
"advisory": "cisco-sa-backhaul-ap-cmdinj-R7E28Ecs",
"discovery": "INTERNAL",
"defects": [
"CSCwk98052"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

333
2024/20xxx/CVE-2024-20445.json
View File

@ -1,17 +1,342 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20445",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r\nThis vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records.\r\nNote: Web Access is disabled by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Session Initiation Protocol (SIP) Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1(1)SR1"
},
{
"version_affected": "=",
"version_value": "11.5(1)"
},
{
"version_affected": "=",
"version_value": "10.3(2)"
},
{
"version_affected": "=",
"version_value": "10.2(2)"
},
{
"version_affected": "=",
"version_value": "10.3(1)"
},
{
"version_affected": "=",
"version_value": "10.3(1)SR4"
},
{
"version_affected": "=",
"version_value": "11.0(1)"
},
{
"version_affected": "=",
"version_value": "10.4(1)SR2 3rd Party"
},
{
"version_affected": "=",
"version_value": "11.7(1)"
},
{
"version_affected": "=",
"version_value": "12.1(1)"
},
{
"version_affected": "=",
"version_value": "11.0(0.7) MPP"
},
{
"version_affected": "=",
"version_value": "9.3(4) 3rd Party"
},
{
"version_affected": "=",
"version_value": "12.5(1)SR2"
},
{
"version_affected": "=",
"version_value": "10.2(1)SR1"
},
{
"version_affected": "=",
"version_value": "9.3(4)SR3 3rd Party"
},
{
"version_affected": "=",
"version_value": "10.2(1)"
},
{
"version_affected": "=",
"version_value": "12.5(1)"
},
{
"version_affected": "=",
"version_value": "10.3(1)SR2"
},
{
"version_affected": "=",
"version_value": "11-0-1MSR1-1"
},
{
"version_affected": "=",
"version_value": "10.4(1) 3rd Party"
},
{
"version_affected": "=",
"version_value": "12.5(1)SR1"
},
{
"version_affected": "=",
"version_value": "11.5(1)SR1"
},
{
"version_affected": "=",
"version_value": "10.1(1)SR2"
},
{
"version_affected": "=",
"version_value": "12.0(1)SR2"
},
{
"version_affected": "=",
"version_value": "12.6(1)"
},
{
"version_affected": "=",
"version_value": "10.3(1.11) 3rd Party"
},
{
"version_affected": "=",
"version_value": "12.0(1)"
},
{
"version_affected": "=",
"version_value": "12.0(1)SR1"
},
{
"version_affected": "=",
"version_value": "9.3(3)"
},
{
"version_affected": "=",
"version_value": "12.5(1)SR3"
},
{
"version_affected": "=",
"version_value": "10.3(1)SR4b"
},
{
"version_affected": "=",
"version_value": "9.3(4)SR1 3rd Party"
},
{
"version_affected": "=",
"version_value": "10.3(1)SR5"
},
{
"version_affected": "=",
"version_value": "10.1(1.9)"
},
{
"version_affected": "=",
"version_value": "10.3(1.9) 3rd Party"
},
{
"version_affected": "=",
"version_value": "9.3(4)SR2 3rd Party"
},
{
"version_affected": "=",
"version_value": "10.3(1)SR1"
},
{
"version_affected": "=",
"version_value": "10.3(1)SR3"
},
{
"version_affected": "=",
"version_value": "10.1(1)SR1"
},
{
"version_affected": "=",
"version_value": "12.0(1)SR3"
},
{
"version_affected": "=",
"version_value": "12.6(1)SR1"
},
{
"version_affected": "=",
"version_value": "12.7(1)"
},
{
"version_affected": "=",
"version_value": "10.3(1)SR6"
},
{
"version_affected": "=",
"version_value": "12.8(1)"
},
{
"version_affected": "=",
"version_value": "12.7(1)SR1"
},
{
"version_affected": "=",
"version_value": "12.8(1)SR1"
},
{
"version_affected": "=",
"version_value": "12.8(1)SR2"
},
{
"version_affected": "=",
"version_value": "14.0(1)"
},
{
"version_affected": "=",
"version_value": "14.0(1)SR1"
},
{
"version_affected": "=",
"version_value": "10.3(1)SR7"
},
{
"version_affected": "=",
"version_value": "14.0(1)SR2"
},
{
"version_affected": "=",
"version_value": "14.1(1)"
},
{
"version_affected": "=",
"version_value": "14.0(1)SR3"
},
{
"version_affected": "=",
"version_value": "14.1(1)SR1"
},
{
"version_affected": "=",
"version_value": "14.1(1)SR2"
},
{
"version_affected": "=",
"version_value": "14.2(1)"
},
{
"version_affected": "=",
"version_value": "14.2(1)SR1"
},
{
"version_affected": "=",
"version_value": "14.1(1)SR3"
},
{
"version_affected": "=",
"version_value": "14.2(1)SR2"
},
{
"version_affected": "=",
"version_value": "3.1(1)"
},
{
"version_affected": "=",
"version_value": "3.0(1)"
},
{
"version_affected": "=",
"version_value": "14.2(1)SR3"
},
{
"version_affected": "=",
"version_value": "3.1(1)SR1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG"
}
]
},
"source": {
"advisory": "cisco-sa-phone-infodisc-sbyqQVbG",
"discovery": "EXTERNAL",
"defects": [
"CSCwk25862"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

281
2024/20xxx/CVE-2024-20457.json
View File

@ -1,17 +1,290 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20457",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the logging component of Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r\nThis vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Unified Communications Manager IM and Presence Service",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.5(1)SU6"
},
{
"version_affected": "=",
"version_value": "10.5(1)SU1"
},
{
"version_affected": "=",
"version_value": "10.5(1)SU2"
},
{
"version_affected": "=",
"version_value": "12.5(1)"
},
{
"version_affected": "=",
"version_value": "10.5(2)SU2a"
},
{
"version_affected": "=",
"version_value": "11.5(1)SU3a"
},
{
"version_affected": "=",
"version_value": "10.0(1)SU2"
},
{
"version_affected": "=",
"version_value": "10.5(2)SU2"
},
{
"version_affected": "=",
"version_value": "11.0"
},
{
"version_affected": "=",
"version_value": "10.5(2)SU3"
},
{
"version_affected": "=",
"version_value": "10.5(1)SU3"
},
{
"version_affected": "=",
"version_value": "11.5(1)SU1"
},
{
"version_affected": "=",
"version_value": "11.0(1)"
},
{
"version_affected": "=",
"version_value": "10.5(2)SU4"
},
{
"version_affected": "=",
"version_value": "11.0(1)SU1"
},
{
"version_affected": "=",
"version_value": "11.5(1)SU2"
},
{
"version_affected": "=",
"version_value": "11.5(1)SU5"
},
{
"version_affected": "=",
"version_value": "10.0(1)SU1"
},
{
"version_affected": "=",
"version_value": "11.5(1)SU3"
},
{
"version_affected": "=",
"version_value": "10.5(2)SU4a"
},
{
"version_affected": "=",
"version_value": "10.5(2)"
},
{
"version_affected": "=",
"version_value": "11.5(1)SU5a"
},
{
"version_affected": "=",
"version_value": "11.5(1)SU4"
},
{
"version_affected": "=",
"version_value": "12.5(1)SU1"
},
{
"version_affected": "=",
"version_value": "10.0(1)"
},
{
"version_affected": "=",
"version_value": "10.5(2b)"
},
{
"version_affected": "=",
"version_value": "10.5(2)SU1"
},
{
"version_affected": "=",
"version_value": "10.5(1)"
},
{
"version_affected": "=",
"version_value": "10.5(2a)"
},
{
"version_affected": "=",
"version_value": "11.5(1)"
},
{
"version_affected": "=",
"version_value": "12.5(1)SU2"
},
{
"version_affected": "=",
"version_value": "11.5(1)SU7"
},
{
"version_affected": "=",
"version_value": "11.5(1)SU8"
},
{
"version_affected": "=",
"version_value": "12.5(1)SU3"
},
{
"version_affected": "=",
"version_value": "11.5(1)SU9"
},
{
"version_affected": "=",
"version_value": "12.5(1)SU4"
},
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "11.5(1)SU10"
},
{
"version_affected": "=",
"version_value": "12.5(1)SU5"
},
{
"version_affected": "=",
"version_value": "14SU1"
},
{
"version_affected": "=",
"version_value": "12.5(1)SU6"
},
{
"version_affected": "=",
"version_value": "11.5(1)SU11"
},
{
"version_affected": "=",
"version_value": "14SU2"
},
{
"version_affected": "=",
"version_value": "14SU2a"
},
{
"version_affected": "=",
"version_value": "12.5(1)SU7"
},
{
"version_affected": "=",
"version_value": "14SU3"
},
{
"version_affected": "=",
"version_value": "12.5(1)SU8"
},
{
"version_affected": "=",
"version_value": "15"
},
{
"version_affected": "=",
"version_value": "15SU1"
},
{
"version_affected": "=",
"version_value": "14SU4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n"
}
]
},
"source": {
"advisory": "cisco-sa-imp-inf-disc-cUPKuA5n",
"discovery": "INTERNAL",
"defects": [
"CSCwk31853"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

205
2024/20xxx/CVE-2024-20476.json
View File

@ -1,17 +1,214 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20476",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions.\r\n\r\nThis vulnerability is due to lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to upload files to a location that should be restricted. To exploit this vulnerability, an attacker would need valid Read-Only Administrator&nbsp;credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Client-Side Enforcement of Server-Side Security",
"cweId": "CWE-602"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p5"
},
{
"version_affected": "=",
"version_value": "3.1.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "2.7.0 p8"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p7"
},
{
"version_affected": "=",
"version_value": "3.1.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0 p2"
},
{
"version_affected": "=",
"version_value": "3.1.0 p7"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p3"
},
{
"version_affected": "=",
"version_value": "3.0.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p6"
},
{
"version_affected": "=",
"version_value": "3.1.0 p9"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 2"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 1"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vulns-AF544ED5",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vulns-AF544ED5"
}
]
},
"source": {
"advisory": "cisco-sa-ise-multi-vulns-AF544ED5",
"discovery": "EXTERNAL",
"defects": [
"CSCwk23108"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

381
2024/20xxx/CVE-2024-20484.json
View File

@ -1,17 +1,390 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20484",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources &gt; Services &gt; Unified CCE &gt; EAAS, then click Start."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Enterprise Chat and Email",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.6(1)_ES3"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES4"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES6"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES9"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES6"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES5"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ET1"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES3_ET1"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES3"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES11"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES4"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES5"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES2"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES9a"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES10"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES1"
},
{
"version_affected": "=",
"version_value": "12.0(1)"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES3"
},
{
"version_affected": "=",
"version_value": "12.6(1)"
},
{
"version_affected": "=",
"version_value": "11.5(1)"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES2"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES7"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ET1"
},
{
"version_affected": "=",
"version_value": "11.6(1)"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ET2"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES3_ET2"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES6_ET2"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES1"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES12"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ET3"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES4_ET1"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES6_ET3"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES1_ET1"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES2"
},
{
"version_affected": "=",
"version_value": "12.6_ES2_ET1"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES5"
},
{
"version_affected": "=",
"version_value": "12.6_ES2_ET2"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES7"
},
{
"version_affected": "=",
"version_value": "12.6_ES2_ET3"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES7_ET1"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES5_ET1"
},
{
"version_affected": "=",
"version_value": "12.6_ES2_ET4"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES3"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES12_ET1"
},
{
"version_affected": "=",
"version_value": "12.6_ES3_ET1"
},
{
"version_affected": "=",
"version_value": "12.6_ES3_ET2"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES4"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES7"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES4_ET1"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES5"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES5_ET1"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES5_ET2"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES6"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES6_ET1"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES8"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES6_ET2"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES7"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES8"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES4_ET2"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES3_ET3"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES2_ET5"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES1_ET2"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES8_ET1"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES7_ET1"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES6_ET3"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES5_ET3"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES8_ET1"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES3_ET3"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES5_ET2"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES6_ET1"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES4_ET2"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES7_ET1"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES8_ET2"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES9"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES9_ET1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv"
}
]
},
"source": {
"advisory": "cisco-sa-ece-dos-Oqb9uFEv",
"discovery": "INTERNAL",
"defects": [
"CSCwj26667"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

205
2024/20xxx/CVE-2024-20487.json
View File

@ -1,17 +1,214 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20487",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p5"
},
{
"version_affected": "=",
"version_value": "3.1.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "2.7.0 p8"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p7"
},
{
"version_affected": "=",
"version_value": "3.1.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0 p2"
},
{
"version_affected": "=",
"version_value": "3.1.0 p7"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p3"
},
{
"version_affected": "=",
"version_value": "3.0.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p6"
},
{
"version_affected": "=",
"version_value": "3.1.0 p9"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 2"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 1"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vulns-AF544ED5",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vulns-AF544ED5"
}
]
},
"source": {
"advisory": "cisco-sa-ise-multi-vulns-AF544ED5",
"discovery": "EXTERNAL",
"defects": [
"CSCwk14907"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

243
2024/20xxx/CVE-2024-20504.json
View File

@ -1,17 +1,252 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20504",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"cweId": "CWE-80"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Secure Email",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14.0.0-698"
},
{
"version_affected": "=",
"version_value": "14.2.0-620"
},
{
"version_affected": "=",
"version_value": "14.2.1-020"
},
{
"version_affected": "=",
"version_value": "14.3.0-032"
},
{
"version_affected": "=",
"version_value": "15.0.0-104"
},
{
"version_affected": "=",
"version_value": "15.0.1-030"
},
{
"version_affected": "=",
"version_value": "15.5.0-048"
},
{
"version_affected": "=",
"version_value": "15.5.1-055"
}
]
}
},
{
"product_name": "Cisco Secure Email and Web Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14.0.0-404"
},
{
"version_affected": "=",
"version_value": "14.1.0-223"
},
{
"version_affected": "=",
"version_value": "14.1.0-227"
},
{
"version_affected": "=",
"version_value": "14.2.0-212"
},
{
"version_affected": "=",
"version_value": "14.2.0-224"
},
{
"version_affected": "=",
"version_value": "14.2.1-020"
},
{
"version_affected": "=",
"version_value": "14.3.0-120"
},
{
"version_affected": "=",
"version_value": "15.0.0-334"
},
{
"version_affected": "=",
"version_value": "15.5.1-024"
},
{
"version_affected": "=",
"version_value": "15.5.1-029"
}
]
}
},
{
"product_name": "Cisco Secure Web Appliance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14.1.0-032"
},
{
"version_affected": "=",
"version_value": "14.1.0-047"
},
{
"version_affected": "=",
"version_value": "14.1.0-041"
},
{
"version_affected": "=",
"version_value": "14.0.2-012"
},
{
"version_affected": "=",
"version_value": "14.5.0-498"
},
{
"version_affected": "=",
"version_value": "14.0.3-014"
},
{
"version_affected": "=",
"version_value": "14.0.4-005"
},
{
"version_affected": "=",
"version_value": "14.5.1-008"
},
{
"version_affected": "=",
"version_value": "14.5.1-016"
},
{
"version_affected": "=",
"version_value": "15.0.0-355"
},
{
"version_affected": "=",
"version_value": "15.0.0-322"
},
{
"version_affected": "=",
"version_value": "15.1.0-287"
},
{
"version_affected": "=",
"version_value": "14.5.2-011"
},
{
"version_affected": "=",
"version_value": "15.2.0-116"
},
{
"version_affected": "=",
"version_value": "14.0.5-007"
},
{
"version_affected": "=",
"version_value": "15.2.0-164"
},
{
"version_affected": "=",
"version_value": "14.5.1-510"
},
{
"version_affected": "=",
"version_value": "14.5.1-607"
},
{
"version_affected": "=",
"version_value": "14.5.3-033"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-xss-zYm3f49n",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-xss-zYm3f49n"
}
]
},
"source": {
"advisory": "cisco-sa-esa-wsa-sma-xss-zYm3f49n",
"discovery": "EXTERNAL",
"defects": [
"CSCwj72814"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

125
2024/20xxx/CVE-2024-20507.json
View File

@ -1,17 +1,134 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20507",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r\nThis vulnerability is due to improper storage of sensitive information within the web-based management interface of an affected device. An attacker could exploit this vulnerability by logging in to the web-based management interface. A successful exploit could allow the attacker to view sensitive data that is stored on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Meeting Management",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "CMM3.4.0"
},
{
"version_affected": "=",
"version_value": "CMM3.2.0"
},
{
"version_affected": "=",
"version_value": "CMM2.9.1"
},
{
"version_affected": "=",
"version_value": "CMM2.9.0"
},
{
"version_affected": "=",
"version_value": "CMM3.1.0"
},
{
"version_affected": "=",
"version_value": "CMM3.5.0"
},
{
"version_affected": "=",
"version_value": "CMM3.6.0"
},
{
"version_affected": "=",
"version_value": "CMM3.6.1"
},
{
"version_affected": "=",
"version_value": "CMM3.7.0"
},
{
"version_affected": "=",
"version_value": "CMM3.8.0"
},
{
"version_affected": "=",
"version_value": "CMM3.9.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-info-disc-9ZEMAhGA",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-info-disc-9ZEMAhGA"
}
]
},
"source": {
"advisory": "cisco-sa-cmm-info-disc-9ZEMAhGA",
"discovery": "INTERNAL",
"defects": [
"CSCwm05372"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

185
2024/20xxx/CVE-2024-20511.json
View File

@ -1,17 +1,194 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20511",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Unified Communications Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.5(1)SU2"
},
{
"version_affected": "=",
"version_value": "12.0(1)SU2"
},
{
"version_affected": "=",
"version_value": "12.0(1)SU3"
},
{
"version_affected": "=",
"version_value": "12.5(1)SU1"
},
{
"version_affected": "=",
"version_value": "12.5(1)"
},
{
"version_affected": "=",
"version_value": "12.0(1)SU1"
},
{
"version_affected": "=",
"version_value": "12.5(1)SU3"
},
{
"version_affected": "=",
"version_value": "12.0(1)SU4"
},
{
"version_affected": "=",
"version_value": "12.5(1)SU4"
},
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "12.0(1)SU5"
},
{
"version_affected": "=",
"version_value": "12.5(1)SU5"
},
{
"version_affected": "=",
"version_value": "14SU1"
},
{
"version_affected": "=",
"version_value": "12.5(1)SU6"
},
{
"version_affected": "=",
"version_value": "14SU2"
},
{
"version_affected": "=",
"version_value": "12.5(1)SU7"
},
{
"version_affected": "=",
"version_value": "12.5(1)SU7a"
},
{
"version_affected": "=",
"version_value": "14SU3"
},
{
"version_affected": "=",
"version_value": "12.5(1)SU8"
},
{
"version_affected": "=",
"version_value": "12.5(1)SU8a"
},
{
"version_affected": "=",
"version_value": "15"
},
{
"version_affected": "=",
"version_value": "15SU1"
},
{
"version_affected": "=",
"version_value": "14SU4"
},
{
"version_affected": "=",
"version_value": "14SU4a"
},
{
"version_affected": "=",
"version_value": "15SU1a"
},
{
"version_affected": "=",
"version_value": "12.5(1)SU9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-SVCkMMW",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-SVCkMMW"
}
]
},
"source": {
"advisory": "cisco-sa-cucm-xss-SVCkMMW",
"discovery": "EXTERNAL",
"defects": [
"CSCwk99263"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

1096
2024/20xxx/CVE-2024-20514.json
View File

File diff suppressed because it is too large Load Diff

205
2024/20xxx/CVE-2024-20525.json
View File

@ -1,17 +1,214 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20525",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p5"
},
{
"version_affected": "=",
"version_value": "3.1.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p7"
},
{
"version_affected": "=",
"version_value": "3.1.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0 p2"
},
{
"version_affected": "=",
"version_value": "3.1.0 p7"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p3"
},
{
"version_affected": "=",
"version_value": "3.0.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p6"
},
{
"version_affected": "=",
"version_value": "3.1.0 p9"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 2"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 1"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 3"
},
{
"version_affected": "=",
"version_value": "3.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy"
}
]
},
"source": {
"advisory": "cisco-sa-ise-multi-vuln-DBQdWRy",
"discovery": "INTERNAL",
"defects": [
"CSCwk47423"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

205
2024/20xxx/CVE-2024-20527.json
View File

@ -1,17 +1,214 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20527",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read or delete arbitrary files on the underlying operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p5"
},
{
"version_affected": "=",
"version_value": "3.1.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p7"
},
{
"version_affected": "=",
"version_value": "3.1.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0 p2"
},
{
"version_affected": "=",
"version_value": "3.1.0 p7"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p3"
},
{
"version_affected": "=",
"version_value": "3.0.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p6"
},
{
"version_affected": "=",
"version_value": "3.1.0 p9"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 2"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 1"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 3"
},
{
"version_affected": "=",
"version_value": "3.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy"
}
]
},
"source": {
"advisory": "cisco-sa-ise-multi-vuln-DBQdWRy",
"discovery": "EXTERNAL",
"defects": [
"CSCwk47489"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

165
2024/20xxx/CVE-2024-20528.json
View File

@ -1,17 +1,174 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20528",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super&nbsp;Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to upload custom files to arbitrary locations on the underlying operating system, execute arbitrary code, and elevate privileges to root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_affected": "=",
"version_value": "3.1.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0 p2"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p1"
},
{
"version_affected": "=",
"version_value": "3.1.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0 p2"
},
{
"version_affected": "=",
"version_value": "3.1.0 p7"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p3"
},
{
"version_affected": "=",
"version_value": "3.2.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p6"
},
{
"version_affected": "=",
"version_value": "3.1.0 p9"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 2"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 1"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy"
}
]
},
"source": {
"advisory": "cisco-sa-ise-multi-vuln-DBQdWRy",
"discovery": "EXTERNAL",
"defects": [
"CSCwk47451"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 3.8,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

165
2024/20xxx/CVE-2024-20529.json
View File

@ -1,17 +1,174 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20529",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read or delete arbitrary files on the underlying operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_affected": "=",
"version_value": "3.1.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0 p2"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p1"
},
{
"version_affected": "=",
"version_value": "3.1.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0 p2"
},
{
"version_affected": "=",
"version_value": "3.1.0 p7"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p3"
},
{
"version_affected": "=",
"version_value": "3.2.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p6"
},
{
"version_affected": "=",
"version_value": "3.1.0 p9"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 2"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 1"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy"
}
]
},
"source": {
"advisory": "cisco-sa-ise-multi-vuln-DBQdWRy",
"discovery": "EXTERNAL",
"defects": [
"CSCwk47445"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

205
2024/20xxx/CVE-2024-20530.json
View File

@ -1,17 +1,214 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20530",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p5"
},
{
"version_affected": "=",
"version_value": "3.1.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p7"
},
{
"version_affected": "=",
"version_value": "3.1.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0 p2"
},
{
"version_affected": "=",
"version_value": "3.1.0 p7"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p3"
},
{
"version_affected": "=",
"version_value": "3.0.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p6"
},
{
"version_affected": "=",
"version_value": "3.1.0 p9"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 2"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 1"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 3"
},
{
"version_affected": "=",
"version_value": "3.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy"
}
]
},
"source": {
"advisory": "cisco-sa-ise-multi-vuln-DBQdWRy",
"discovery": "EXTERNAL",
"defects": [
"CSCwk47454"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

205
2024/20xxx/CVE-2024-20531.json
View File

@ -1,17 +1,214 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20531",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing XML input. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system or conduct an SSRF attack through the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p5"
},
{
"version_affected": "=",
"version_value": "3.1.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p7"
},
{
"version_affected": "=",
"version_value": "3.1.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0 p2"
},
{
"version_affected": "=",
"version_value": "3.1.0 p7"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p3"
},
{
"version_affected": "=",
"version_value": "3.0.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p6"
},
{
"version_affected": "=",
"version_value": "3.1.0 p9"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 2"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 1"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 3"
},
{
"version_affected": "=",
"version_value": "3.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy"
}
]
},
"source": {
"advisory": "cisco-sa-ise-multi-vuln-DBQdWRy",
"discovery": "EXTERNAL",
"defects": [
"CSCwk47465"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

205
2024/20xxx/CVE-2024-20532.json
View File

@ -1,17 +1,214 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20532",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read or delete arbitrary files on the underlying operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p5"
},
{
"version_affected": "=",
"version_value": "3.1.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p7"
},
{
"version_affected": "=",
"version_value": "3.1.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0 p2"
},
{
"version_affected": "=",
"version_value": "3.1.0 p7"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p3"
},
{
"version_affected": "=",
"version_value": "3.0.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p6"
},
{
"version_affected": "=",
"version_value": "3.1.0 p9"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 2"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 1"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 3"
},
{
"version_affected": "=",
"version_value": "3.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy"
}
]
},
"source": {
"advisory": "cisco-sa-ise-multi-vuln-DBQdWRy",
"discovery": "EXTERNAL",
"defects": [
"CSCwk47475"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

268
2024/20xxx/CVE-2024-20533.json
View File

@ -1,17 +1,277 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20533",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users.\r\n\r\nThis vulnerability exists because the web UI of an affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone and the attacker must have Admin credentials on the device. Web Access is disabled by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IP Phones with Multiplatform Firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.1.2"
},
{
"version_affected": "=",
"version_value": "11.2.1"
},
{
"version_affected": "=",
"version_value": "11.2.3"
},
{
"version_affected": "=",
"version_value": "11.2.2"
},
{
"version_affected": "=",
"version_value": "11.2.3 MSR1-1"
},
{
"version_affected": "=",
"version_value": "11.1.2 MSR1-1"
},
{
"version_affected": "=",
"version_value": "11.1.1"
},
{
"version_affected": "=",
"version_value": "11.1.2 MSR3-1"
},
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "11.1.1 MSR1-1"
},
{
"version_affected": "=",
"version_value": "11.0.1"
},
{
"version_affected": "=",
"version_value": "11.1.1 MSR2-1"
},
{
"version_affected": "=",
"version_value": "11.2.4"
},
{
"version_affected": "=",
"version_value": "11.0.1 MSR1-1"
},
{
"version_affected": "=",
"version_value": "11.0.2"
},
{
"version_affected": "=",
"version_value": "11.3.1"
},
{
"version_affected": "=",
"version_value": "11.3.1 MSR1-3"
},
{
"version_affected": "=",
"version_value": "11.3.2"
},
{
"version_affected": "=",
"version_value": "11.3.1 MSR2-6"
},
{
"version_affected": "=",
"version_value": "11-3-1MSR2UPG"
},
{
"version_affected": "=",
"version_value": "11.3.1 MSR3-3"
},
{
"version_affected": "=",
"version_value": "11.3.3"
},
{
"version_affected": "=",
"version_value": "11.3.1 MSR4-1"
},
{
"version_affected": "=",
"version_value": "11.3.4"
},
{
"version_affected": "=",
"version_value": "11.3.5"
},
{
"version_affected": "=",
"version_value": "11.3.3 MSR1"
},
{
"version_affected": "=",
"version_value": "11.3.3 MSR2"
},
{
"version_affected": "=",
"version_value": "11.3.6"
},
{
"version_affected": "=",
"version_value": "11-3-1MPPSR4UPG"
},
{
"version_affected": "=",
"version_value": "11.3.6SR1"
},
{
"version_affected": "=",
"version_value": "11.3.7"
},
{
"version_affected": "=",
"version_value": "11.3.7SR1"
},
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.2"
},
{
"version_affected": "=",
"version_value": "11.3.7SR2"
},
{
"version_affected": "=",
"version_value": "12.0.3"
},
{
"version_affected": "=",
"version_value": "12.0.3SR1"
},
{
"version_affected": "=",
"version_value": "12.0.4"
},
{
"version_affected": "=",
"version_value": "12.0.4SR1"
},
{
"version_affected": "=",
"version_value": "12.0.5"
},
{
"version_affected": "=",
"version_value": "12.0.5SR1"
},
{
"version_affected": "=",
"version_value": "12.0.3SR2"
}
]
}
},
{
"product_name": "Cisco Session Initiation Protocol (SIP) Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1(1)"
},
{
"version_affected": "=",
"version_value": "3.0(1)"
},
{
"version_affected": "=",
"version_value": "3.1(1)SR1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mpp-xss-8tAV2TvF",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mpp-xss-8tAV2TvF"
}
]
},
"source": {
"advisory": "cisco-sa-mpp-xss-8tAV2TvF",
"discovery": "INTERNAL",
"defects": [
"CSCwm38104"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

292
2024/20xxx/CVE-2024-20534.json
View File

@ -1,17 +1,301 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20534",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users.\r\n\r\nThis vulnerability exists because the web UI of an affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone and the attacker must have Admin credentials on the device. Web Access is disabled by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IP Phones with Multiplatform Firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.1.2"
},
{
"version_affected": "=",
"version_value": "11.2.1"
},
{
"version_affected": "=",
"version_value": "11.2.3"
},
{
"version_affected": "=",
"version_value": "11.2.2"
},
{
"version_affected": "=",
"version_value": "11.2.3 MSR1-1"
},
{
"version_affected": "=",
"version_value": "11.1.2 MSR1-1"
},
{
"version_affected": "=",
"version_value": "11.1.1"
},
{
"version_affected": "=",
"version_value": "11.1.2 MSR3-1"
},
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "11.1.1 MSR1-1"
},
{
"version_affected": "=",
"version_value": "11.0.1"
},
{
"version_affected": "=",
"version_value": "11.1.1 MSR2-1"
},
{
"version_affected": "=",
"version_value": "11.2.4"
},
{
"version_affected": "=",
"version_value": "11.0.1 MSR1-1"
},
{
"version_affected": "=",
"version_value": "11.0.2"
},
{
"version_affected": "=",
"version_value": "11.3.1"
},
{
"version_affected": "=",
"version_value": "11.3.1 MSR1-3"
},
{
"version_affected": "=",
"version_value": "11.3.2"
},
{
"version_affected": "=",
"version_value": "11.3.1 MSR2-6"
},
{
"version_affected": "=",
"version_value": "11-3-1MSR2UPG"
},
{
"version_affected": "=",
"version_value": "4.7.1"
},
{
"version_affected": "=",
"version_value": "4.6 MSR1"
},
{
"version_affected": "=",
"version_value": "11.3.1 MSR3-3"
},
{
"version_affected": "=",
"version_value": "4.8.1"
},
{
"version_affected": "=",
"version_value": "11.3.3"
},
{
"version_affected": "=",
"version_value": "11.3.1 MSR4-1"
},
{
"version_affected": "=",
"version_value": "11.3.4"
},
{
"version_affected": "=",
"version_value": "4.8.1 SR1"
},
{
"version_affected": "=",
"version_value": "11.3.5"
},
{
"version_affected": "=",
"version_value": "11.3.3 MSR1"
},
{
"version_affected": "=",
"version_value": "5.0.1"
},
{
"version_affected": "=",
"version_value": "11.3.3 MSR2"
},
{
"version_affected": "=",
"version_value": "11.3.6"
},
{
"version_affected": "=",
"version_value": "11-3-1MPPSR4UPG"
},
{
"version_affected": "=",
"version_value": "11.3.6SR1"
},
{
"version_affected": "=",
"version_value": "11.3.7"
},
{
"version_affected": "=",
"version_value": "5.1.1"
},
{
"version_affected": "=",
"version_value": "11.3.7SR1"
},
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.2"
},
{
"version_affected": "=",
"version_value": "11.3.7SR2"
},
{
"version_affected": "=",
"version_value": "12.0.3"
},
{
"version_affected": "=",
"version_value": "12.0.3SR1"
},
{
"version_affected": "=",
"version_value": "12.0.4"
},
{
"version_affected": "=",
"version_value": "12.0.4SR1"
},
{
"version_affected": "=",
"version_value": "12.0.5"
},
{
"version_affected": "=",
"version_value": "12.0.5SR1"
},
{
"version_affected": "=",
"version_value": "12.0.3SR2"
}
]
}
},
{
"product_name": "Cisco Session Initiation Protocol (SIP) Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1(1)"
},
{
"version_affected": "=",
"version_value": "3.0(1)"
},
{
"version_affected": "=",
"version_value": "3.1(1)SR1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mpp-xss-8tAV2TvF",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mpp-xss-8tAV2TvF"
}
]
},
"source": {
"advisory": "cisco-sa-mpp-xss-8tAV2TvF",
"discovery": "INTERNAL",
"defects": [
"CSCwm39676"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

93
2024/20xxx/CVE-2024-20536.json
View File

@ -1,17 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20536",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a specific REST API endpoint or web-based management interface. A successful exploit could allow the attacker to read, modify, or delete arbitrary data on an internal database, which could affect the availability of the device.&nbsp;"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Data Center Network Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.2e"
},
{
"version_affected": "=",
"version_value": "12.1.2p"
},
{
"version_affected": "=",
"version_value": "12.1.3b"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-sqli-CyPPAxrL",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-sqli-CyPPAxrL"
}
]
},
"source": {
"advisory": "cisco-sa-ndfc-sqli-CyPPAxrL",
"discovery": "EXTERNAL",
"defects": [
"CSCwm50506"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

197
2024/20xxx/CVE-2024-20537.json
View File

@ -1,17 +1,206 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20537",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions.\r\n\r\nThis vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to conduct administrative functions beyond their intended access level. To exploit this vulnerability, an attacker would need Read-Only Administrator credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p5"
},
{
"version_affected": "=",
"version_value": "3.1.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p7"
},
{
"version_affected": "=",
"version_value": "3.1.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0 p2"
},
{
"version_affected": "=",
"version_value": "3.1.0 p7"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p3"
},
{
"version_affected": "=",
"version_value": "3.0.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p6"
},
{
"version_affected": "=",
"version_value": "3.1.0 p9"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 2"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE"
}
]
},
"source": {
"advisory": "cisco-sa-ise-auth-bypass-BBRf7mkE",
"discovery": "INTERNAL",
"defects": [
"CSCwj28643"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

201
2024/20xxx/CVE-2024-20538.json
View File

@ -1,17 +1,210 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20538",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface on an affected system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p5"
},
{
"version_affected": "=",
"version_value": "3.1.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p7"
},
{
"version_affected": "=",
"version_value": "3.1.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0 p2"
},
{
"version_affected": "=",
"version_value": "3.1.0 p7"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p3"
},
{
"version_affected": "=",
"version_value": "3.0.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p6"
},
{
"version_affected": "=",
"version_value": "3.1.0 p9"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 2"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 1"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE"
}
]
},
"source": {
"advisory": "cisco-sa-ise-auth-bypass-BBRf7mkE",
"discovery": "EXTERNAL",
"defects": [
"CSCwj96002"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

193
2024/20xxx/CVE-2024-20539.json
View File

@ -1,17 +1,202 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20539",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials on an affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p5"
},
{
"version_affected": "=",
"version_value": "3.1.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p7"
},
{
"version_affected": "=",
"version_value": "3.1.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0 p2"
},
{
"version_affected": "=",
"version_value": "3.1.0 p7"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p3"
},
{
"version_affected": "=",
"version_value": "3.0.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p6"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 2"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE"
}
]
},
"source": {
"advisory": "cisco-sa-ise-auth-bypass-BBRf7mkE",
"discovery": "INTERNAL",
"defects": [
"CSCwj29451"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

393
2024/20xxx/CVE-2024-20540.json
View File

@ -1,17 +1,402 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20540",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into a specific page of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. To exploit this vulnerability, the attacker must have at least a Supervisor role on an affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Unified Contact Center Management Portal",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.5(1)_ES1"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES11"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES3"
},
{
"version_affected": "=",
"version_value": "11.6(1)ES2"
},
{
"version_affected": "=",
"version_value": "10.5(1)ES7"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES17"
},
{
"version_affected": "=",
"version_value": "11.5(1)ES6"
},
{
"version_affected": "=",
"version_value": "12.5(1)"
},
{
"version_affected": "=",
"version_value": "11.6(1)ES1"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES4"
},
{
"version_affected": "=",
"version_value": "10.5(1)ES1"
},
{
"version_affected": "=",
"version_value": "11.5(1)ES1"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES5"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES3"
},
{
"version_affected": "=",
"version_value": "11.5(1)ES5"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES7"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES1"
},
{
"version_affected": "=",
"version_value": "11.5(1)ES8"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES9"
},
{
"version_affected": "=",
"version_value": "10.5(1)ES12"
},
{
"version_affected": "=",
"version_value": "11.0(1)ES1"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES16"
},
{
"version_affected": "=",
"version_value": "11.5(1)ES7"
},
{
"version_affected": "=",
"version_value": "11.5(1)ES3"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES3"
},
{
"version_affected": "=",
"version_value": "10.5(1)ES11"
},
{
"version_affected": "=",
"version_value": "10.5(1)ES10"
},
{
"version_affected": "=",
"version_value": "11.5(1)ES4"
},
{
"version_affected": "=",
"version_value": "10.5(1)ES3"
},
{
"version_affected": "=",
"version_value": "12.6(1)"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES1"
},
{
"version_affected": "=",
"version_value": "11.6(1)"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES2"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES13"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES2"
},
{
"version_affected": "=",
"version_value": "10.5(1)ES2"
},
{
"version_affected": "=",
"version_value": "10.5(1)ES13"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES12"
},
{
"version_affected": "=",
"version_value": "11.0(1)ES3"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES5"
},
{
"version_affected": "=",
"version_value": "11.5(1)ES9"
},
{
"version_affected": "=",
"version_value": "10.5(1)ES4"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES2"
},
{
"version_affected": "=",
"version_value": "12.0(1)"
},
{
"version_affected": "=",
"version_value": "10.5(1)ES6"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES4"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES14"
},
{
"version_affected": "=",
"version_value": "11.0(1)ES2"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES5"
},
{
"version_affected": "=",
"version_value": "10.5(1)ES5"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES4"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES15"
},
{
"version_affected": "=",
"version_value": "10.5(1)ES8"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES6"
},
{
"version_affected": "=",
"version_value": "10.5(1)ES9"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES10"
},
{
"version_affected": "=",
"version_value": "11.5(1)ES2"
},
{
"version_affected": "=",
"version_value": "11.0(1)"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES6"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES3"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES4"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES7"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES5"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES6"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES8"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES9"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES7"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES8"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES10"
},
{
"version_affected": "=",
"version_value": "10.5(1)"
},
{
"version_affected": "=",
"version_value": "11.5(1)"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES9"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES10"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES11"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES11"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES12"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES12"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ES13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-sxss-qBTDBZDD",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-sxss-qBTDBZDD"
}
]
},
"source": {
"advisory": "cisco-sa-ccmp-sxss-qBTDBZDD",
"discovery": "EXTERNAL",
"defects": [
"CSCwm77360"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

66
2024/50xxx/CVE-2024-50637.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50637",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-50637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. \u00b6\u00b6 The vulnerability allows attackers to perform XSS in SVG file extension, which can be used to stealing cookies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/unopim/unopim/issues/41",
"refsource": "MISC",
"name": "https://github.com/unopim/unopim/issues/41"
},
{
"url": "https://github.com/unopim/unopim/releases/tag/v0.1.4",
"refsource": "MISC",
"name": "https://github.com/unopim/unopim/releases/tag/v0.1.4"
},
{
"url": "https://github.com/yamerooo123/ResearchNBugBountyEncyclopedia/blob/main/Researches/Unopim/Findings.md",
"refsource": "MISC",
"name": "https://github.com/yamerooo123/ResearchNBugBountyEncyclopedia/blob/main/Researches/Unopim/Findings.md"
}
]
}