Merge branch 'patch-12' of https://github.com/lordoxley/cvelist into lordoxley-patch-12

2025-06-08 14:08:13 +00:00 · 2019-03-12 17:12:35 -04:00 · 2019-03-12 17:12:35 -04:00 · af70a41cdc
commit af70a41cdc
parent 7289e5e5ab 6bfb7c0929
1 changed files with 76 additions and 11 deletions
--- a/2019/3xxx/CVE-2019-3615.json
+++ b/2019/3xxx/CVE-2019-3615.json
@ -1,18 +1,83 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2019-3615",
-      "STATE" : "RESERVED"
+   "CVE_data_meta": {
+      "ASSIGNER": "psirt@mcafee.com",
+      "ID": "CVE-2019-3615",
+      "STATE": "PUBLIC",
+      "TITLE": "Data Leakage Vulnerability in McAfee Database Security web interface"
   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "McAfee Database Security (DAM)",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": "<",
+                                 "version_value": "4.6.6 March 2019 Update"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "McAfee, LCC"
+            }
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "lang": "eng",
+            "value": "Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing password fields in the admin browser login screen."
         }
      ]
+   },
+   "impact": {
+      "cvss": {
+         "attackComplexity": "LOW",
+         "attackVector": "LOCAL",
+         "availabilityImpact": "LOW",
+         "baseScore": 5.3,
+         "baseSeverity": "MEDIUM",
+         "confidentialityImpact": "LOW",
+         "integrityImpact": "LOW",
+         "privilegesRequired": "LOW",
+         "scope": "UNCHANGED",
+         "userInteraction": "NONE",
+         "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+         "version": "3.0"
+      }
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "Data Leakage Attacks vulnerability"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10277",
+            "refsource": "CONFIRM",
+            "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10277"
+         }
+      ]
+   },
+   "source": {
+      "discovery": "UNKNOWN"
   }
 }