Publish CVE-2016-0708, CVE-2018-11045,11049

2025-06-12 02:05:39 +00:00 · 2018-07-11 15:19:15 -04:00 · 2018-07-11 15:19:15 -04:00 · af078f0307
commit af078f0307
parent 91f84108fb
3 changed files with 198 additions and 36 deletions
--- a/2016/0xxx/CVE-2016-0708.json
+++ b/2016/0xxx/CVE-2016-0708.json
@ -1,18 +1,64 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2016-0708",
-      "STATE" : "RESERVED"
+   "CVE_data_meta": {
+      "ASSIGNER": "security_alert@emc.com",
+      "ID": "CVE-2016-0708",
+      "STATE": "PUBLIC"
   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "Cloud Foundry",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "version_value": "versions v166 through v227"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Cloud Foundry"
+            }
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "lang": "eng",
+            "value": "Applications deployed to Cloud Foundry, versions v166 through v227,  may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack detection, passed through the Java Buildpack detection script, and allow the serving of static content from within the deployed artifact. The default Apache Tomcat configuration in the affected java buildpack versions for some basic web application archive (WAR) packaged applications are vulnerable to this issue."
         }
      ]
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "Information disclosure"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "refsource": "CONFIRM",
+            "url": "https://www.cloudfoundry.org/blog/cve-2016-0708/"
+         }
+      ]
+   },
+   "source": {
+      "discovery": "UNKNOWN"
   }
-}
+}
--- a/2018/11xxx/CVE-2018-11045.json
+++ b/2018/11xxx/CVE-2018-11045.json
@ -1,18 +1,77 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-11045",
-      "STATE" : "RESERVED"
+   "CVE_data_meta": {
+      "ASSIGNER": "security_alert@emc.com",
+      "DATE_PUBLIC": "2018-07-10T04:00:00.000Z",
+      "ID": "CVE-2018-11045",
+      "STATE": "PUBLIC"
   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "Pivotal Operations Manager",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": "<",
+                                 "version_name": "2.1",
+                                 "version_value": "2.1.6"
+                              },
+                              {
+                                 "affected": "<",
+                                 "version_name": "2.0",
+                                 "version_value": "2.0.15"
+                              },
+                              {
+                                 "affected": "<",
+                                 "version_name": "1.12",
+                                 "version_value": "1.12.22"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Pivotal"
+            }
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "lang": "eng",
+            "value": "Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG."
         }
      ]
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "Random number generation"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "refsource": "CONFIRM",
+            "url": "https://pivotal.io/security/cve-2018-11045"
+         }
+      ]
+   },
+   "source": {
+      "discovery": "UNKNOWN"
   }
-}
+}
--- a/2018/11xxx/CVE-2018-11049.json
+++ b/2018/11xxx/CVE-2018-11049.json
@ -1,18 +1,75 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-11049",
-      "STATE" : "RESERVED"
+   "CVE_data_meta": {
+      "ASSIGNER": "security_alert@emc.com",
+      "DATE_PUBLIC": "2018-07-06T04:00:00.000Z",
+      "ID": "CVE-2018-11049",
+      "STATE": "PUBLIC",
+      "TITLE": "RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability"
   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "Pivotal Operations Manager",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "version_value": "RSA(r) Identity Governance and Lifecycle version 7.1.0, all patch levels (Hardware Appliance, Software Bundle, and  Virtual Application deployments only)"
+                              },
+                              {
+                                 "version_value": "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels  (Hardware Appliance and Software Bundle (also known as Soft-Appliance) deployments only)."
+                              },
+                              {
+                                 "version_value": "RSA Via Lifecycle and Governance version 7.0, all patch levels (Hardware Appliance and Software Bundle (also known as  Soft-Appliance) deployments only)"
+                              },
+                              {
+                                 "version_value": "RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (Hardware Appliance and Software  Bundle (also known as Soft-Appliance)  deployments only)"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Pivotal"
+            }
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "lang": "eng",
+            "value": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system."
         }
      ]
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "uncontrolled search path vulnerability"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "refsource": "CONFIRM",
+            "url": "http://seclists.org/fulldisclosure/2018/Jul/23"
+         }
+      ]
+   },
+   "source": {
+      "discovery": "UNKNOWN"
   }
-}
+}