admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:CVEProject/cvelist

Browse Source
This commit is contained in:
CVE Team 2019-03-12 17:14:42 -04:00
commit b33982eaca
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
8 changed files with 684 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
2019/0xxx/CVE-2019-0268.json
View File

@ -1,17 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0268",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description" : {
"description_data" : [
"CVE_data_meta": {
"ID": "CVE-2019-0268",
"ASSIGNER": "cna@sap.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP BusinessObjects Business Intelligence Platform (CMC Module)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "4.1"
},
{
"version_name": "<",
"version_value": "4.2"
},
{
"version_name": "<",
"version_value": "4.3"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Missing XML Validation"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://launchpad.support.sap.com/#/notes/2689259"
},
{
"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source."
}
]
}

69
2019/0xxx/CVE-2019-0269.json
View File

@ -1,17 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0269",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description" : {
"description_data" : [
"CVE_data_meta": {
"ID": "CVE-2019-0269",
"ASSIGNER": "cna@sap.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP BusinessObjects Business Intelligence Platform (BI Workspace)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "4.1"
},
{
"version_name": "<",
"version_value": "4.2"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Cross-Site Scripting"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://launchpad.support.sap.com/#/notes/2693962"
},
{
"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
}
]
}

209
2019/0xxx/CVE-2019-0270.json
View File

@ -1,17 +1,206 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0270",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description" : {
"description_data" : [
"CVE_data_meta": {
"ID": "CVE-2019-0270",
"ASSIGNER": "cna@sap.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "ABAP Platform & Server (KRNL32NUC)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
}
]
}
},
{
"product_name": "ABAP Platform & Server (KRNL32UC)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
}
]
}
},
{
"product_name": "ABAP Platform & Server (KRNL64NUC)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
},
{
"version_name": "<",
"version_value": "7.49"
},
{
"version_name": "<",
"version_value": "7.74"
}
]
}
},
{
"product_name": "ABAP Platform & Server (KRNL64UC)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
},
{
"version_name": "<",
"version_value": "7.49"
},
{
"version_name": "<",
"version_value": "7.73"
},
{
"version_name": "<",
"version_value": "7.74"
},
{
"version_name": "<",
"version_value": "8.04"
}
]
}
},
{
"product_name": "ABAP Platform & Server (KERNEL)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.21"
},
{
"version_name": "<",
"version_value": "7.45"
},
{
"version_name": "<",
"version_value": "7.49"
},
{
"version_name": "<",
"version_value": "7.53"
},
{
"version_name": "<",
"version_value": "7.73"
},
{
"version_name": "<",
"version_value": "7.74"
},
{
"version_name": "<",
"version_value": "7.75"
},
{
"version_name": "<",
"version_value": "8.04"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Missing Authorization Check"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://launchpad.support.sap.com/#/notes/2727689"
},
{
"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04"
}
]
}

76
2019/0xxx/CVE-2019-0271.json
View File

@ -1,17 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0271",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description" : {
"description_data" : [
"CVE_data_meta": {
"ID": "CVE-2019-0271",
"ASSIGNER": "cna@sap.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "ABAP Server",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "from 7.00 to 7.31"
}
]
}
},
{
"product_name": "ABAP Server & Platform",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "from 7.40 to 7.52"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"XML External Entity (XXE)"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://launchpad.support.sap.com/#/notes/2736825"
},
{
"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform."
}
]
}

69
2019/0xxx/CVE-2019-0274.json
View File

@ -1,17 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0274",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description" : {
"description_data" : [
"CVE_data_meta": {
"ID": "CVE-2019-0274",
"ASSIGNER": "cna@sap.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Mobile Platform SDK",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "3.1 SP03 PL02"
},
{
"version_name": "<",
"version_value": "3.1 SP04"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Denial of Service"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://launchpad.support.sap.com/#/notes/2753497"
},
{
"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"SAP Mobile Platform SDK allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service (i.e. denial of service). Fixed in versions 3.1 SP03 PL02, SDK 3.1 SP04, or later"
}
]
}

81
2019/0xxx/CVE-2019-0275.json
View File

@ -1,17 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0275",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description" : {
"description_data" : [
"CVE_data_meta": {
"ID": "CVE-2019-0275",
"ASSIGNER": "cna@sap.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Java Application Server (J2EE-APPS)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.10 to 7.11"
},
{
"version_name": "<",
"version_value": "7.20"
}, {
"version_name": "<",
"version_value": "7.30"
}, {
"version_name": "<",
"version_value": "7.31"
}, {
"version_name": "<",
"version_value": "7.40"
}, {
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Cross-Site Scripting"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://launchpad.support.sap.com/#/notes/2689925"
},
{
"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability."
}
]
}

74
2019/0xxx/CVE-2019-0276.json
View File

@ -1,17 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0276",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description" : {
"description_data" : [
"CVE_data_meta": {
"ID": "CVE-2019-0276",
"ASSIGNER": "cna@sap.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "Banking services from SAP 9.0 (FSAPPL)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "5"
} ]
}
},
{
"product_name": "SAP S/4HANA Financial Products Subledger (S4FPSL) ",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "1"
} ]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Missing Authorization Check"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://launchpad.support.sap.com/#/notes/2754235"
},
{
"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Financial Products Subledger (S4FPSL, version 1) performs an inadequate authorization check for an authenticated user, potentially resulting in escalation of privileges."
}
]
}

65
2019/0xxx/CVE-2019-0277.json
View File

@ -1,17 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0277",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description" : {
"description_data" : [
"CVE_data_meta": {
"ID": "CVE-2019-0277",
"ASSIGNER": "cna@sap.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP HANA Extended Application Services",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "1"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"XML External Entity"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://launchpad.support.sap.com/#/notes/2764283"
},
{
"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability)."
}
]
}