From a0375d702096b3ca481a7121036b68366340b96d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 30 May 2024 12:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/43xxx/CVE-2022-43384.json | 84 +++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43575.json | 84 +++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43841.json | 83 +++++++++++++++++++++++++++-- 2024/0xxx/CVE-2024-0851.json | 8 ++- 2024/1xxx/CVE-2024-1100.json | 73 +++++++++++++++++++++++-- 2024/5xxx/CVE-2024-5520.json | 97 ++++++++++++++++++++++++++++++++-- 2024/5xxx/CVE-2024-5521.json | 97 ++++++++++++++++++++++++++++++++-- 2024/5xxx/CVE-2024-5528.json | 18 +++++++ 8 files changed, 518 insertions(+), 26 deletions(-) create mode 100644 2024/5xxx/CVE-2024-5528.json diff --git a/2022/43xxx/CVE-2022-43384.json b/2022/43xxx/CVE-2022-43384.json index d22a03b6e34..9ee27021371 100644 --- a/2022/43xxx/CVE-2022-43384.json +++ b/2022/43xxx/CVE-2022-43384.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43384", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238645." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Aspera Console", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "3.4.0", + "version_value": "3.4.2 PL5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7155215", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7155215" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238645", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238645" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/43xxx/CVE-2022-43575.json b/2022/43xxx/CVE-2022-43575.json index 8518b4d61ef..b4ce1c24698 100644 --- a/2022/43xxx/CVE-2022-43575.json +++ b/2022/43xxx/CVE-2022-43575.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43575", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238645." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Aspera Console", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "3.4.0", + "version_value": "3.4.2 PL5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7155215", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7155215" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238680", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238680" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/43xxx/CVE-2022-43841.json b/2022/43xxx/CVE-2022-43841.json index a0abe3b231b..d6cdc214059 100644 --- a/2022/43xxx/CVE-2022-43841.json +++ b/2022/43xxx/CVE-2022-43841.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43841", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-525 Information Exposure Through Browser Caching", + "cweId": "CWE-525" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Aspera Console", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.4.0 - 3.4.2 PL9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7155202", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7155202" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239078", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239078" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0851.json b/2024/0xxx/CVE-2024-0851.json index 3cc6e1e02fe..95974494d8d 100644 --- a/2024/0xxx/CVE-2024-0851.json +++ b/2024/0xxx/CVE-2024-0851.json @@ -71,5 +71,11 @@ "TR-24-0556" ], "discovery": "UNKNOWN" - } + }, + "credits": [ + { + "lang": "en", + "value": "Yusuf Kamil \u00c7AVU\u015eO\u011eLU" + } + ] } \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1100.json b/2024/1xxx/CVE-2024-1100.json index 56ddab3579d..31f1062531a 100644 --- a/2024/1xxx/CVE-2024-1100.json +++ b/2024/1xxx/CVE-2024-1100.json @@ -1,18 +1,81 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1100", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through 2.23.5." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Vadi Corporate Information Systems", + "product": { + "product_data": [ + { + "product_name": "DIGIKENT GIS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.23.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-0589", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-24-0589" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TR-24-0589", + "defect": [ + "TR-24-0589" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Ender GEZER" + } + ] } \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5520.json b/2024/5xxx/CVE-2024-5520.json index c43f05bcc06..e0cd9298fcc 100644 --- a/2024/5xxx/CVE-2024-5520.json +++ b/2024/5xxx/CVE-2024-5520.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5520", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user\u00a0with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the \u201ctitle\u201d field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Alkacon", + "product": { + "product_data": [ + { + "product_name": "OpenCMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-stored-alkacon-opencms", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-stored-alkacon-opencms" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The Cross-Site Scripting vulnerability through the \u201ctitle\u201d field has been fixed in version 17.

However, the vendor has stated that the Cross-Site Scripting vulnerability through images in .svg format will not be fixed because filtering the JavaScript code of .svg files could bring unwanted effects.
" + } + ], + "value": "The Cross-Site Scripting vulnerability through the \u201ctitle\u201d field has been fixed in version 17.\n\nHowever, the vendor has stated that the Cross-Site Scripting vulnerability through images in .svg format will not be fixed because filtering the JavaScript code of .svg files could bring unwanted effects." + } + ], + "credits": [ + { + "lang": "en", + "value": "Miguel Segovia Gil" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/5xxx/CVE-2024-5521.json b/2024/5xxx/CVE-2024-5521.json index 62046bbcd41..bc33d9bc502 100644 --- a/2024/5xxx/CVE-2024-5521.json +++ b/2024/5xxx/CVE-2024-5521.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user\u00a0having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be executed the moment another user accesses the image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Alkacon", + "product": { + "product_data": [ + { + "product_name": "OpenCMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-stored-alkacon-opencms", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-stored-alkacon-opencms" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The Cross-Site Scripting vulnerability through the \u201ctitle\u201d field has been fixed in version 17.

However, the vendor has stated that the Cross-Site Scripting vulnerability through images in .svg format will not be fixed because filtering the JavaScript code of .svg files could bring unwanted effects.
" + } + ], + "value": "The Cross-Site Scripting vulnerability through the \u201ctitle\u201d field has been fixed in version 17.\n\nHowever, the vendor has stated that the Cross-Site Scripting vulnerability through images in .svg format will not be fixed because filtering the JavaScript code of .svg files could bring unwanted effects." + } + ], + "credits": [ + { + "lang": "en", + "value": "Miguel Segovia Gil" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/5xxx/CVE-2024-5528.json b/2024/5xxx/CVE-2024-5528.json new file mode 100644 index 00000000000..49f288987f0 --- /dev/null +++ b/2024/5xxx/CVE-2024-5528.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5528", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file