admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-08-03 22:00:36 +00:00
parent 0001b9d95f
commit bb4911d1b7
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
15 changed files with 48081 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

208
2023/20xxx/CVE-2023-20181.json
View File

@ -1,17 +1,217 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20181",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business IP Phones",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.6.0"
},
{
"version_affected": "=",
"version_value": "7.6.2"
},
{
"version_affected": "=",
"version_value": "7.6.2SR3"
},
{
"version_affected": "=",
"version_value": "7.6.2SR6"
},
{
"version_affected": "=",
"version_value": "7.6.2SR2"
},
{
"version_affected": "=",
"version_value": "7.6.2SR4"
},
{
"version_affected": "=",
"version_value": "7.6.2SR1"
},
{
"version_affected": "=",
"version_value": "7.6.2SR5"
},
{
"version_affected": "=",
"version_value": "7.6.2SR7"
},
{
"version_affected": "=",
"version_value": "7.6.1"
},
{
"version_affected": "=",
"version_value": "7.3.7"
},
{
"version_affected": "=",
"version_value": "7.5.5"
},
{
"version_affected": "=",
"version_value": "7.5.6(XU)"
},
{
"version_affected": "=",
"version_value": "7.5.2"
},
{
"version_affected": "=",
"version_value": "7.5.2a"
},
{
"version_affected": "=",
"version_value": "7.5.7"
},
{
"version_affected": "=",
"version_value": "7.5.3"
},
{
"version_affected": "=",
"version_value": "7.5.6"
},
{
"version_affected": "=",
"version_value": "7.5.2b"
},
{
"version_affected": "=",
"version_value": "7.5.6c"
},
{
"version_affected": "=",
"version_value": "7.5.6a"
},
{
"version_affected": "=",
"version_value": "7.5.7s"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "7.5.5a"
},
{
"version_affected": "=",
"version_value": "7.5.5b"
},
{
"version_affected": "=",
"version_value": "7.5.4"
},
{
"version_affected": "=",
"version_value": "7.4.7"
},
{
"version_affected": "=",
"version_value": "7.4.4"
},
{
"version_affected": "=",
"version_value": "7.4.8"
},
{
"version_affected": "=",
"version_value": "7.4.3"
},
{
"version_affected": "=",
"version_value": "7.4.9"
},
{
"version_affected": "=",
"version_value": "7.4.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
}
]
},
"source": {
"advisory": "cisco-sa-spa-web-multi-7kvPmu2F",
"discovery": "EXTERNAL",
"defects": [
"CSCwf04956"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

9736
2023/20xxx/CVE-2023-20204.json
View File

File diff suppressed because it is too large Load Diff

169
2023/20xxx/CVE-2023-20214.json
View File

@ -1,17 +1,178 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20214",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.\r\n\r This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance. This vulnerability only affects the REST API and does not affect the web-based management interface or the CLI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco SD-WAN vManage",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20.6.3"
},
{
"version_affected": "=",
"version_value": "20.6.3.1"
},
{
"version_affected": "=",
"version_value": "20.6.4"
},
{
"version_affected": "=",
"version_value": "20.6.5"
},
{
"version_affected": "=",
"version_value": "20.6.5.1"
},
{
"version_affected": "=",
"version_value": "20.6.3.2"
},
{
"version_affected": "=",
"version_value": "20.6.4.1"
},
{
"version_affected": "=",
"version_value": "20.6.5.2"
},
{
"version_affected": "=",
"version_value": "20.6.5.4"
},
{
"version_affected": "=",
"version_value": "20.6.3.3"
},
{
"version_affected": "=",
"version_value": "20.7.1"
},
{
"version_affected": "=",
"version_value": "20.7.1.1"
},
{
"version_affected": "=",
"version_value": "20.7.2"
},
{
"version_affected": "=",
"version_value": "20.8.1"
},
{
"version_affected": "=",
"version_value": "20.9.1"
},
{
"version_affected": "=",
"version_value": "20.9.2"
},
{
"version_affected": "=",
"version_value": "20.9.2.1"
},
{
"version_affected": "=",
"version_value": "20.9.3"
},
{
"version_affected": "=",
"version_value": "20.9.3.1"
},
{
"version_affected": "=",
"version_value": "20.10.1.1"
},
{
"version_affected": "=",
"version_value": "20.11.1"
},
{
"version_affected": "=",
"version_value": "20.11.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-unauthapi-sphCLYPA",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-unauthapi-sphCLYPA"
}
]
},
"source": {
"advisory": "cisco-sa-vmanage-unauthapi-sphCLYPA",
"discovery": "EXTERNAL",
"defects": [
"CSCwf76218",
"CSCwf82344"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

170
2023/20xxx/CVE-2023-20215.json
View File

@ -1,17 +1,179 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20215",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked.\r\n\r This vulnerability is due to improper detection of malicious traffic when the traffic is encoded with a specific content format. An attacker could exploit this vulnerability by using an affected device to connect to a malicious server and receiving crafted HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Web Security Appliance (WSA)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.7.0-406"
},
{
"version_affected": "=",
"version_value": "11.7.0-418"
},
{
"version_affected": "=",
"version_value": "11.7.1-049"
},
{
"version_affected": "=",
"version_value": "11.7.1-006"
},
{
"version_affected": "=",
"version_value": "11.7.1-020"
},
{
"version_affected": "=",
"version_value": "11.7.2-011"
},
{
"version_affected": "=",
"version_value": "11.8.0-414"
},
{
"version_affected": "=",
"version_value": "11.8.1-023"
},
{
"version_affected": "=",
"version_value": "11.8.3-018"
},
{
"version_affected": "=",
"version_value": "11.8.3-021"
},
{
"version_affected": "=",
"version_value": "12.0.1-268"
},
{
"version_affected": "=",
"version_value": "12.0.3-007"
},
{
"version_affected": "=",
"version_value": "12.5.2-007"
},
{
"version_affected": "=",
"version_value": "12.5.1-011"
},
{
"version_affected": "=",
"version_value": "12.5.4-005"
},
{
"version_affected": "=",
"version_value": "12.5.5-004"
},
{
"version_affected": "=",
"version_value": "14.5.0-498"
},
{
"version_affected": "=",
"version_value": "14.5.1-008"
},
{
"version_affected": "=",
"version_value": "14.5.1-016"
},
{
"version_affected": "=",
"version_value": "14.0.3-014"
},
{
"version_affected": "=",
"version_value": "14.0.2-012"
},
{
"version_affected": "=",
"version_value": "14.0.4-005"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-bypass-vXvqwzsj",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-bypass-vXvqwzsj"
}
]
},
"source": {
"advisory": "cisco-sa-wsa-bypass-vXvqwzsj",
"discovery": "EXTERNAL",
"defects": [
"CSCwf60901",
"CSCwf55917",
"CSCwf94501"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

37028
2023/20xxx/CVE-2023-20216.json
View File

File diff suppressed because it is too large Load Diff

208
2023/20xxx/CVE-2023-20218.json
View File

@ -1,17 +1,217 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20218",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser.\r\n\r This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks.\r\n\r Cisco will not release software updates that address this vulnerability. \r\n\r {{value}} [\"%7b%7bvalue%7d%7d\"])}]]"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business IP Phones",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.6.0"
},
{
"version_affected": "=",
"version_value": "7.6.2"
},
{
"version_affected": "=",
"version_value": "7.6.2SR3"
},
{
"version_affected": "=",
"version_value": "7.6.2SR6"
},
{
"version_affected": "=",
"version_value": "7.6.2SR2"
},
{
"version_affected": "=",
"version_value": "7.6.2SR4"
},
{
"version_affected": "=",
"version_value": "7.6.2SR1"
},
{
"version_affected": "=",
"version_value": "7.6.2SR5"
},
{
"version_affected": "=",
"version_value": "7.6.2SR7"
},
{
"version_affected": "=",
"version_value": "7.6.1"
},
{
"version_affected": "=",
"version_value": "7.3.7"
},
{
"version_affected": "=",
"version_value": "7.5.5"
},
{
"version_affected": "=",
"version_value": "7.5.6(XU)"
},
{
"version_affected": "=",
"version_value": "7.5.2"
},
{
"version_affected": "=",
"version_value": "7.5.2a"
},
{
"version_affected": "=",
"version_value": "7.5.7"
},
{
"version_affected": "=",
"version_value": "7.5.3"
},
{
"version_affected": "=",
"version_value": "7.5.6"
},
{
"version_affected": "=",
"version_value": "7.5.2b"
},
{
"version_affected": "=",
"version_value": "7.5.6c"
},
{
"version_affected": "=",
"version_value": "7.5.6a"
},
{
"version_affected": "=",
"version_value": "7.5.7s"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "7.5.5a"
},
{
"version_affected": "=",
"version_value": "7.5.5b"
},
{
"version_affected": "=",
"version_value": "7.5.4"
},
{
"version_affected": "=",
"version_value": "7.4.7"
},
{
"version_affected": "=",
"version_value": "7.4.4"
},
{
"version_affected": "=",
"version_value": "7.4.8"
},
{
"version_affected": "=",
"version_value": "7.4.3"
},
{
"version_affected": "=",
"version_value": "7.4.9"
},
{
"version_affected": "=",
"version_value": "7.4.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
}
]
},
"source": {
"advisory": "cisco-sa-spa-web-multi-7kvPmu2F",
"discovery": "EXTERNAL",
"defects": [
"CSCwf82071"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

71
2023/30xxx/CVE-2023-30950.json
View File

@ -1,17 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30950",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-coordination@palantir.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.",
"cweId": "CWE-290"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palantir",
"product": {
"product_data": [
{
"product_name": "com.palantir.campaigns:campaigns",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "0.623.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://palantir.safebase.us/?tcuUid=d839709d-c50f-4a37-8faa-b0c35054418a",
"refsource": "MISC",
"name": "https://palantir.safebase.us/?tcuUid=d839709d-c50f-4a37-8faa-b0c35054418a"
}
]
},
"source": {
"discovery": "INTERNAL",
"defect": [
"PLTRSEC-2023-21"
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseSeverity": "MEDIUM",
"baseScore": 6.5
}
]
}

71
2023/30xxx/CVE-2023-30951.json
View File

@ -1,17 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30951",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-coordination@palantir.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palantir",
"product": {
"product_data": [
{
"product_name": "com.palantir.magritte:magritte-rest-source-bundle",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "7.210.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://palantir.safebase.us/?tcuUid=fe021f28-9e25-42c4-acd8-772cd8006ced",
"refsource": "MISC",
"name": "https://palantir.safebase.us/?tcuUid=fe021f28-9e25-42c4-acd8-772cd8006ced"
}
]
},
"source": {
"discovery": "INTERNAL",
"defect": [
"PLTRSEC-2023-20"
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"baseSeverity": "MEDIUM",
"baseScore": 6.3
}
]
}

79
2023/30xxx/CVE-2023-30952.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30952",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-coordination@palantir.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The product receives input or data, but it does\n not validate or incorrectly validates that the input has the\n properties that are required to process the data safely and\n correctly.",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palantir",
"product": {
"product_data": [
{
"product_name": "com.palantir.foundry:foundry-frontend",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"versionType": "semver",
"version": "6.228.0",
"lessThan": "*",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://palantir.safebase.us/?tcuUid=42bdb7fa-9a6d-4462-b89d-cabc62f281f4",
"refsource": "MISC",
"name": "https://palantir.safebase.us/?tcuUid=42bdb7fa-9a6d-4462-b89d-cabc62f281f4"
}
]
},
"source": {
"discovery": "EXTERNAL",
"defect": [
"PLTRSEC-2023-19"
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"baseSeverity": "MEDIUM",
"baseScore": 5
}
]
}

71
2023/30xxx/CVE-2023-30958.json
View File

@ -1,17 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30958",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-coordination@palantir.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed.\n\nThis defect was resolved with the release of Foundry Frontend 6.225.0.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The product does not neutralize or incorrectly neutralizes \"javascript:\" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.",
"cweId": "CWE-83"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palantir",
"product": {
"product_data": [
{
"product_name": "com.palantir.foundry:foundry-frontend",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "6.225.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b",
"refsource": "MISC",
"name": "https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b"
}
]
},
"source": {
"discovery": "EXTERNAL",
"defect": [
"PLTRSEC-2023-27"
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"baseSeverity": "MEDIUM",
"baseScore": 4.7
}
]
}

77
2023/37xxx/CVE-2023-37497.json
View File

@ -1,17 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37497",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HCL Software",
"product": {
"product_data": [
{
"product_name": "HCL Unica Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 11.1.0.6, <12.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547",
"refsource": "MISC",
"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

77
2023/37xxx/CVE-2023-37498.json
View File

@ -1,17 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37498",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. \u00a0It is possible that an attacker could potentially escalate their privileges.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HCL Software",
"product": {
"product_data": [
{
"product_name": "HCL Unica Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<12.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106545",
"refsource": "MISC",
"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106545"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

77
2023/37xxx/CVE-2023-37499.json
View File

@ -1,17 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37499",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. \u00a0An attacker could hijack a user's session and perform other attacks.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HCL Software",
"product": {
"product_data": [
{
"product_name": "HCL Unica Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<12.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106555",
"refsource": "MISC",
"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106555"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

77
2023/37xxx/CVE-2023-37500.json
View File

@ -1,17 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37500",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. \u00a0An attacker could hijack a user's session and perform other attacks.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HCL Software",
"product": {
"product_data": [
{
"product_name": "HCL Unica Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<12.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106554",
"refsource": "MISC",
"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106554"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2023/38xxx/CVE-2023-38562.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38562",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}