admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-08-12 14:01:34 +00:00
parent 6aa91558ab
commit bbf62213bd
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
23 changed files with 1076 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
2020/17xxx/CVE-2020-17496.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-17496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/",
"refsource": "MISC",
"name": "https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/"
},
{
"url": "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4445227-vbulletin-5-6-0-5-6-1-5-6-2-security-patch",
"refsource": "MISC",
"name": "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4445227-vbulletin-5-6-0-5-6-1-5-6-2-security-patch"
},
{
"url": "https://seclists.org/fulldisclosure/2020/Aug/5",
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2020/Aug/5"
}
]
}
}

3
2020/2xxx/CVE-2020-2229.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2229",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2230.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2230",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2231.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2231",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2232.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2232",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2233.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2233",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2234.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2234",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2235.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2235",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2236.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2236",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2237.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2237",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

67
2020/6xxx/CVE-2020-6273.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6273",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP S/4 HANA (Fiori UI for General Ledger Accounting)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "103"
},
{
"version_name": "<",
"version_value": "104"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/2885671",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2885671"
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345"
}
]
}

75
2020/6xxx/CVE-2020-6284.json
View File

@ -4,14 +4,83 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6284",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver (Knowledge Management)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content could result in complete compromise of system confidentiality, integrity and availability, leading to Stored Cross Site Scripting."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2928635",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2928635"
}
]
}

75
2020/6xxx/CVE-2020-6293.json
View File

@ -4,14 +4,83 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6293",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver (Knowledge Management)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted File Upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2938162",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2938162"
}
]
}

67
2020/6xxx/CVE-2020-6294.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6294",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Business Objects Business Intelligence Platform",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "4.2"
},
{
"version_name": "<",
"version_value": "4.3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity."
}
]
},
"impact": {
"cvss": {
"baseScore": "3.5",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authentication Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2927956",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2927956"
}
]
}

63
2020/6xxx/CVE-2020-6295.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6295",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Adaptive Server Enterprise",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "16.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to view, modify and/or make unavailable any data associated with the Cockpit, leading to Information Disclosure."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.0",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2941332",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2941332"
}
]
}

107
2020/6xxx/CVE-2020-6296.json
View File

@ -4,14 +4,115 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6296",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver (ABAP Server) and ABAP Platform",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "700"
},
{
"version_name": "<",
"version_value": "701"
},
{
"version_name": "<",
"version_value": "702"
},
{
"version_name": "<",
"version_value": "710"
},
{
"version_name": "<",
"version_value": "711"
},
{
"version_name": "<",
"version_value": "730"
},
{
"version_name": "<",
"version_value": "731"
},
{
"version_name": "<",
"version_value": "740"
},
{
"version_name": "<",
"version_value": "750"
},
{
"version_name": "<",
"version_value": "751"
},
{
"version_name": "<",
"version_value": "753"
},
{
"version_name": "<",
"version_value": "755"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2941667",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2941667"
}
]
}

63
2020/6xxx/CVE-2020-6297.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6297",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Data Intelligence",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential system configuration information, that should otherwise be restricted, leading to Information Disclosure."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2940823",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2940823"
}
]
}

71
2020/6xxx/CVE-2020-6298.json
View File

@ -4,14 +4,79 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6298",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Banking Services (Generic Market Data)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "400"
},
{
"version_name": "<",
"version_value": "450"
},
{
"version_name": "<",
"version_value": "500"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure values, due to Missing Authorization Check."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2939685",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2939685"
}
]
}

87
2020/6xxx/CVE-2020-6299.json
View File

@ -4,14 +4,95 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6299",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver (ABAP Server) and ABAP Platform",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "740"
},
{
"version_name": "<",
"version_value": "750"
},
{
"version_name": "<",
"version_value": "751"
},
{
"version_name": "<",
"version_value": "752"
},
{
"version_name": "<",
"version_value": "753"
},
{
"version_name": "<",
"version_value": "754"
},
{
"version_name": "<",
"version_value": "755"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2941510",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2941510"
}
]
}

67
2020/6xxx/CVE-2020-6300.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6300",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Business Objects Business Intelligence Platform (Central Management Console)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "4.2"
},
{
"version_name": "<",
"version_value": "4.3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode user-controlled inputs for RecycleBin, resulting in Stored Cross-Site Scripting (XSS) vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.8",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2925827",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2925827"
}
]
}

91
2020/6xxx/CVE-2020-6301.json
View File

@ -4,14 +4,99 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6301",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP ERP (HCM Travel Management)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "600"
},
{
"version_name": "<",
"version_value": "602"
},
{
"version_name": "<",
"version_value": "603"
},
{
"version_name": "<",
"version_value": "604"
},
{
"version_name": "<",
"version_value": "605"
},
{
"version_name": "<",
"version_value": "606"
},
{
"version_name": "<",
"version_value": "607"
},
{
"version_name": "<",
"version_value": "608"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.4",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization check"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2949196",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2949196"
}
]
}

113
2020/6xxx/CVE-2020-6309.json
View File

@ -4,14 +4,121 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6309",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS JAVA (ENGINEAPI)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.10"
}
]
}
},
{
"product_name": "SAP NetWeaver AS JAVA (WSRM)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.10"
},
{
"version_name": "<",
"version_value": "7.11"
},
{
"version_name": "<",
"version_value": "7.20"
},
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
},
{
"product_name": "SAP NetWeaver AS JAVA (J2EE-FRMW)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.10"
},
{
"version_name": "<",
"version_value": "7.11"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authentication check"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2941315",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2941315"
}
]
}

79
2020/6xxx/CVE-2020-6310.json
View File

@ -4,14 +4,87 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6310",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver (ABAP Server) and ABAP Platform",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "702"
},
{
"version_name": "<",
"version_value": "730"
},
{
"version_name": "<",
"version_value": "731"
},
{
"version_name": "<",
"version_value": "740"
},
{
"version_name": "<",
"version_value": "750"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2944988",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2944988"
}
]
}