From b5d42ddb8919ebca2aff57caedb92dca525b396b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 19 May 2022 15:01:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/26xxx/CVE-2021-26630.json | 119 ++++++++++++++++++++++++-- 2021/26xxx/CVE-2021-26631.json | 81 ++++++++++++++++-- 2021/37xxx/CVE-2021-37413.json | 61 ++++++++++++-- 2021/45xxx/CVE-2021-45730.json | 148 ++++++++++++++++----------------- 2022/1xxx/CVE-2022-1801.json | 18 ++++ 2022/22xxx/CVE-2022-22976.json | 50 ++++++++++- 2022/22xxx/CVE-2022-22978.json | 50 ++++++++++- 2022/25xxx/CVE-2022-25617.json | 6 ++ 8 files changed, 435 insertions(+), 98 deletions(-) create mode 100644 2022/1xxx/CVE-2022-1801.json diff --git a/2021/26xxx/CVE-2021-26630.json b/2021/26xxx/CVE-2021-26630.json index 04bccb26a1a..054879e5c52 100644 --- a/2021/26xxx/CVE-2021-26630.json +++ b/2021/26xxx/CVE-2021-26630.json @@ -1,18 +1,125 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2021-26630", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "HANDY Groupware file download and execute vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HANDY Groupware", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<=", + "version_value": "1.7.4.6" + } + ] + } + } + ] + }, + "vendor_name": "Handysoft Co.,Ltd" + }, + { + "product": { + "product_data": [ + { + "product_name": "HANDY Groupware", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<=", + "version_value": "2.0.3.6" + } + ] + } + } + ] + }, + "vendor_name": "Handysoft Co.,Ltd" + }, + { + "product": { + "product_data": [ + { + "product_name": "HANDY Groupware", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<=", + "version_value": "4.0.1.7" + } + ] + } + } + ] + }, + "vendor_name": "Handysoft Co.,Ltd" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in HANDY Groupware\u2019s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66723", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66723" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26631.json b/2021/26xxx/CVE-2021-26631.json index 13fb6b22915..0e6cdfb4fc3 100644 --- a/2021/26xxx/CVE-2021-26631.json +++ b/2021/26xxx/CVE-2021-26631.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2021-26631", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Mangboard parameter modulation vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mangboard commerce package", + "version": { + "version_data": [ + { + "platform": "Linux, Windows and etc..", + "version_affected": "<=", + "version_value": "1.3.8" + } + ] + } + } + ] + }, + "vendor_name": "Hometory Co.,Ltd" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request. A remote attacker can exploit this vulnerability to manipulate the total order amount into a negative number and then pay for the order." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66724", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66724" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37413.json b/2021/37xxx/CVE-2021-37413.json index c5cc03cc9b3..951062a30b7 100644 --- a/2021/37xxx/CVE-2021-37413.json +++ b/2021/37xxx/CVE-2021-37413.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37413", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37413", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.grandcom.sk", + "refsource": "MISC", + "name": "https://www.grandcom.sk" + }, + { + "refsource": "MISC", + "name": "https://github.com/martinkubecka/CVE-References/blob/main/CVE-2021-37413.md", + "url": "https://github.com/martinkubecka/CVE-References/blob/main/CVE-2021-37413.md" } ] } diff --git a/2021/45xxx/CVE-2021-45730.json b/2021/45xxx/CVE-2021-45730.json index 4ca98dce608..5cc469f65ce 100644 --- a/2021/45xxx/CVE-2021-45730.json +++ b/2021/45xxx/CVE-2021-45730.json @@ -1,81 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-45730", - "ASSIGNER": "security@jfrog.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "JFrog", - "product": { - "product_data": [ - { - "product_name": "Artifactory", - "version": { - "version_data": [ - { - "version_name": "7.x", - "version_affected": "<", - "version_value": "7.31.10", - "platform": "" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-45730", + "ASSIGNER": "security@jfrog.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JFrog", + "product": { + "product_data": [ + { + "product_name": "Artifactory", + "version": { + "version_data": [ + { + "version_name": "7.x", + "version_affected": "<", + "version_value": "7.31.10", + "platform": "" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284 Improper Access Control" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators. " - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45730%3A+Artifactory+Broken+Access+Control+on+Repository+Layouts+Configuration", - "name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45730%3A+Artifactory+Broken+Access+Control+on+Repository+Layouts+Configuration" - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "HIGH", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "HIGH", - "availabilityImpact": "LOW", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L", - "baseScore": 6, - "baseSeverity": "MEDIUM" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45730%3A+Artifactory+Broken+Access+Control+on+Repository+Layouts+Configuration", + "name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45730%3A+Artifactory+Broken+Access+Control+on+Repository+Layouts+Configuration" + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L", + "baseScore": 6, + "baseSeverity": "MEDIUM" + } } - } -} +} \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1801.json b/2022/1xxx/CVE-2022-1801.json new file mode 100644 index 00000000000..b3f0ab0bac7 --- /dev/null +++ b/2022/1xxx/CVE-2022-1801.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1801", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22976.json b/2022/22xxx/CVE-2022-22976.json index 10b3587f0de..c74390508c5 100644 --- a/2022/22xxx/CVE-2022-22976.json +++ b/2022/22xxx/CVE-2022-22976.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22976", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Spring Security", + "version": { + "version_data": [ + { + "version_value": "Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://tanzu.vmware.com/security/cve-2022-22976", + "url": "https://tanzu.vmware.com/security/cve-2022-22976" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE." } ] } diff --git a/2022/22xxx/CVE-2022-22978.json b/2022/22xxx/CVE-2022-22978.json index be29a3633ab..4ffad52d336 100644 --- a/2022/22xxx/CVE-2022-22978.json +++ b/2022/22xxx/CVE-2022-22978.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22978", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Spring Security", + "version": { + "version_data": [ + { + "version_value": "Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4 and earlier unsupported versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://tanzu.vmware.com/security/cve-2022-22978", + "url": "https://tanzu.vmware.com/security/cve-2022-22978" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass." } ] } diff --git a/2022/25xxx/CVE-2022-25617.json b/2022/25xxx/CVE-2022-25617.json index dbd9c70c26f..1665e7ccd05 100644 --- a/2022/25xxx/CVE-2022-25617.json +++ b/2022/25xxx/CVE-2022-25617.json @@ -93,6 +93,12 @@ } ] }, + "solution": [ + { + "lang": "eng", + "value": "Update to 2.14.4 or higher version." + } + ], "source": { "discovery": "EXTERNAL" }