admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2020-36547 - CVE-2020-36549

Browse Source
This commit is contained in:
Marc Ruef 2022-06-17 15:07:43 +02:00 committed by GitHub
parent af9d9bc422
commit a98253f048
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 177 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2020/36xxx/CVE-2020-36547.json
View File

@ -4,15 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36547",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "GE Voluson S8 Service Browser hard-coded credentials",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GE",
"product": {
"product_data": [
{
"product_name": "Voluson S8",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Hard-coded Credentials"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in GE Voluson S8. It has been rated as critical. This issue affects the Service Browser which itroduces hard-coded credentials. Attacking locally is a requirement. It is recommended to change the configuration settings."
}
]
},
"credit": "Marc Ruef\/Rocco Gagliardi",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.9",
"vectorString": "CVSS:3.1\/AV:L\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/vuldb.com\/?id.129833"
},
{
"url": "https:\/\/www.scip.ch\/?news.20200701"
}
]
}
}

62
2020/36xxx/CVE-2020-36548.json
View File

@ -4,15 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36548",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "GE Voluson S8 Service Browser users.cgi improper authentication",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GE",
"product": {
"product_data": [
{
"product_name": "Voluson S8",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic has been found in GE Voluson S8. Affected is the file \/uscgi-bin\/users.cgi of the Service Browser. The manipulation leads to improper authentication and elevated access possibilities. It is possible to launch the attack on the local host."
}
]
},
"credit": "Marc Ruef\/Rocco Gagliardi",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.9",
"vectorString": "CVSS:3.1\/AV:L\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/vuldb.com\/?id.129834"
},
{
"url": "https:\/\/www.scip.ch\/?news.20200701"
}
]
}
}

62
2020/36xxx/CVE-2020-36549.json
View File

@ -4,15 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36549",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "GE Voluson S8 Windows Operating System Patches privileges management",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GE",
"product": {
"product_data": [
{
"product_name": "Voluson S8",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in GE Voluson S8. Affected is the underlying Windows XP operating system. Missing patches might introduce an excessive attack surface. Access to the local network is required for this attack to succeed."
}
]
},
"credit": "Marc Ruef\/Rocco Gagliardi",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "8.8",
"vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/vuldb.com\/?id.129835"
},
{
"url": "https:\/\/www.scip.ch\/?news.20200701"
}
]
}
}