diff --git a/2020/13xxx/CVE-2020-13388.json b/2020/13xxx/CVE-2020-13388.json index 023ff9f3d14..664367364d5 100644 --- a/2020/13xxx/CVE-2020-13388.json +++ b/2020/13xxx/CVE-2020-13388.json @@ -56,6 +56,11 @@ "url": "https://joel-malwarebenchmark.github.io", "refsource": "MISC", "name": "https://joel-malwarebenchmark.github.io" + }, + { + "refsource": "MISC", + "name": "https://joel-malwarebenchmark.github.io/blog/2020/04/27/cve-2020-13388-jw-util-vulnerability/", + "url": "https://joel-malwarebenchmark.github.io/blog/2020/04/27/cve-2020-13388-jw-util-vulnerability/" } ] } diff --git a/2020/13xxx/CVE-2020-13389.json b/2020/13xxx/CVE-2020-13389.json index 0a63b27cf2c..c1505ac6220 100644 --- a/2020/13xxx/CVE-2020-13389.json +++ b/2020/13xxx/CVE-2020-13389.json @@ -56,6 +56,11 @@ "url": "https://joel-malwarebenchmark.github.io", "refsource": "MISC", "name": "https://joel-malwarebenchmark.github.io" + }, + { + "refsource": "MISC", + "name": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/", + "url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/" } ] } diff --git a/2020/13xxx/CVE-2020-13390.json b/2020/13xxx/CVE-2020-13390.json index c383c9c2a3c..b9633861eb4 100644 --- a/2020/13xxx/CVE-2020-13390.json +++ b/2020/13xxx/CVE-2020-13390.json @@ -56,6 +56,11 @@ "url": "https://joel-malwarebenchmark.github.io", "refsource": "MISC", "name": "https://joel-malwarebenchmark.github.io" + }, + { + "refsource": "MISC", + "name": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/", + "url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/" } ] } diff --git a/2020/13xxx/CVE-2020-13391.json b/2020/13xxx/CVE-2020-13391.json index d5b791c4ecc..08b8f4a8bac 100644 --- a/2020/13xxx/CVE-2020-13391.json +++ b/2020/13xxx/CVE-2020-13391.json @@ -56,6 +56,11 @@ "url": "https://joel-malwarebenchmark.github.io", "refsource": "MISC", "name": "https://joel-malwarebenchmark.github.io" + }, + { + "refsource": "MISC", + "name": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/", + "url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/" } ] } diff --git a/2020/13xxx/CVE-2020-13392.json b/2020/13xxx/CVE-2020-13392.json index b3ed4628580..5f755fa4f68 100644 --- a/2020/13xxx/CVE-2020-13392.json +++ b/2020/13xxx/CVE-2020-13392.json @@ -56,6 +56,11 @@ "url": "https://joel-malwarebenchmark.github.io", "refsource": "MISC", "name": "https://joel-malwarebenchmark.github.io" + }, + { + "refsource": "MISC", + "name": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/", + "url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/" } ] } diff --git a/2020/13xxx/CVE-2020-13393.json b/2020/13xxx/CVE-2020-13393.json index 52632dc66f1..0a4bacf518e 100644 --- a/2020/13xxx/CVE-2020-13393.json +++ b/2020/13xxx/CVE-2020-13393.json @@ -56,6 +56,11 @@ "url": "https://joel-malwarebenchmark.github.io", "refsource": "MISC", "name": "https://joel-malwarebenchmark.github.io" + }, + { + "refsource": "MISC", + "name": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/", + "url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/" } ] } diff --git a/2020/13xxx/CVE-2020-13394.json b/2020/13xxx/CVE-2020-13394.json index 99faf985600..b4490b55010 100644 --- a/2020/13xxx/CVE-2020-13394.json +++ b/2020/13xxx/CVE-2020-13394.json @@ -56,6 +56,11 @@ "url": "https://joel-malwarebenchmark.github.io", "refsource": "MISC", "name": "https://joel-malwarebenchmark.github.io" + }, + { + "refsource": "MISC", + "name": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/", + "url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/" } ] } diff --git a/2020/13xxx/CVE-2020-13596.json b/2020/13xxx/CVE-2020-13596.json new file mode 100644 index 00000000000..043b9e4600c --- /dev/null +++ b/2020/13xxx/CVE-2020-13596.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13596", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9039.json b/2020/9xxx/CVE-2020-9039.json index 9d463cfe4a2..542de328fcd 100644 --- a/2020/9xxx/CVE-2020-9039.json +++ b/2020/9xxx/CVE-2020-9039.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access)." + "value": "Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs." } ] }, diff --git a/2020/9xxx/CVE-2020-9046.json b/2020/9xxx/CVE-2020-9046.json index 05b6b3f04bd..127f0220385 100644 --- a/2020/9xxx/CVE-2020-9046.json +++ b/2020/9xxx/CVE-2020-9046.json @@ -1,18 +1,119 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "productsecurity@jci.com", "ID": "CVE-2020-9046", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Kantech EntraPass Security Management Software - System Permissions Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kantech EntraPass Security Management Software Special Edition versions 8.22 and prior", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "8.22" + } + ] + } + }, + { + "product_name": "Kantech EntraPass Security Management Software Corporate Edition versions 8.22 and prior", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "8.22" + } + ] + } + }, + { + "product_name": "Kantech EntraPass Security Management Software Global Edition versions 8.22 and prior", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "8.22" + } + ] + } + } + ] + }, + "vendor_name": "Johnson Controls" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 : Access Control (Authorization) Issues" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", + "refsource": "CONFIRM", + "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories" + }, + { + "name": "ICS-CERT Advisory", + "refsource": "CERT", + "url": "https://www.us-cert.gov/ics/advisories/ICSA-20-147-02" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade all Kantech EntraPass Editions to version 8.23.\n\nRegistered users can obtain the critical software update by downloading the zip file from the Software Downloads location at https://kantech.com/Support/SoftwareDownloads.aspx." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file