admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-03-17 23:01:24 +00:00
parent 39d1ce04d2
commit a09fbeaeba
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
3 changed files with 213 additions and 195 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2022/0xxx/CVE-2022-0237.json
View File

@ -1,107 +1,107 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2022-0237",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-02-25T00:00:00.000Z",
"TITLE": "Rapid7 Insight Agent Privilege Escalation",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [],
"advisory": "",
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rapid7",
"product": {
"product_data": [
{
"product_name": "Insight Agent",
"version": {
"version_data": [
{
"version_name": "3.1.2.38",
"version_affected": "<=",
"version_value": "3.1.2.38",
"platform": ""
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2022-0237",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-02-25T00:00:00.000Z",
"TITLE": "Rapid7 Insight Agent Privilege Escalation",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [],
"advisory": "",
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rapid7",
"product": {
"product_data": [
{
"product_name": "Insight Agent",
"version": {
"version_data": [
{
"version_name": "3.1.2.38",
"version_affected": "<=",
"version_value": "3.1.2.38",
"platform": ""
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://docs.rapid7.com/release-notes/insightagent/20220225/",
"name": "https://docs.rapid7.com/release-notes/insightagent/20220225/"
},
{
"refsource": "MISC",
"url": "https://gist.github.com/n2dez/05d43c616f2b403e84ee55d4d7aab251",
"name": "https://gist.github.com/n2dez/05d43c616f2b403e84ee55d4d7aab251"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4,
"baseSeverity": "MEDIUM"
}
},
"exploit": [],
"work_around": [],
"solution": [],
"credit": [
{
"lang": "eng",
"value": "Ryan Schachtschneider"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://docs.rapid7.com/release-notes/insightagent/20220225/",
"name": "https://docs.rapid7.com/release-notes/insightagent/20220225/"
},
{
"refsource": "MISC",
"url": "https://gist.github.com/n2dez/05d43c616f2b403e84ee55d4d7aab251",
"name": "https://gist.github.com/n2dez/05d43c616f2b403e84ee55d4d7aab251"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4,
"baseSeverity": "MEDIUM"
}
},
"exploit": [],
"work_around": [],
"solution": [],
"credit": [
{
"lang": "eng",
"value": "Ryan Schachtschneider"
}
]
}
}

190
2022/0xxx/CVE-2022-0757.json
View File

@ -1,102 +1,102 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2022-0757",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-03-02T00:00:00.000Z",
"TITLE": "Rapid7 Nexpose SQL Injection",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [],
"advisory": "",
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rapid7",
"product": {
"product_data": [
{
"product_name": "Nexpose",
"version": {
"version_data": [
{
"version_name": "6.6.93",
"version_affected": "<",
"version_value": "6.6.93",
"platform": ""
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2022-0757",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-03-02T00:00:00.000Z",
"TITLE": "Rapid7 Nexpose SQL Injection",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [],
"advisory": "",
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rapid7",
"product": {
"product_data": [
{
"product_name": "Nexpose",
"version": {
"version_data": [
{
"version_name": "6.6.93",
"version_affected": "<",
"version_value": "6.6.93",
"platform": ""
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow an attacker to manipulate the \"ANY\" and \"OR\" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://docs.rapid7.com/release-notes/nexpose/20220302/",
"name": "https://docs.rapid7.com/release-notes/nexpose/20220302/"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}
},
"exploit": [],
"work_around": [],
"solution": [],
"credit": [
{
"lang": "eng",
"value": "Aleksey Solovev"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow an attacker to manipulate the \"ANY\" and \"OR\" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://docs.rapid7.com/release-notes/nexpose/20220302/",
"name": "https://docs.rapid7.com/release-notes/nexpose/20220302/"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}
},
"exploit": [],
"work_around": [],
"solution": [],
"credit": [
{
"lang": "eng",
"value": "Aleksey Solovev"
}
]
}
}

18
2022/1xxx/CVE-2022-1019.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}