mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-30 18:04:30 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
fdb2ad2996
commit
c05738788a
@ -4,92 +4,14 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2019-25078",
|
||||
"TITLE": "pacparser pacparser.c pacparser_find_proxy buffer overflow",
|
||||
"REQUESTER": "cna@vuldb.com",
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"generator": "vuldb.com",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "pacparser",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "1.0"
|
||||
},
|
||||
{
|
||||
"version_value": "1.1"
|
||||
},
|
||||
{
|
||||
"version_value": "1.2"
|
||||
},
|
||||
{
|
||||
"version_value": "1.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-119 Memory Corruption -> CWE-120 Buffer Overflow"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"version": "3.1",
|
||||
"baseScore": "5.3",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/manugarg/pacparser/issues/99",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/manugarg/pacparser/issues/99"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/manugarg/pacparser/releases/tag/v1.4.0",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/manugarg/pacparser/releases/tag/v1.4.0"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.215443",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.215443"
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -116,6 +116,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20221012 [SECURITY] [DLA 3149-1] ruby-nokogiri security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://support.apple.com/kb/HT213532",
|
||||
"url": "https://support.apple.com/kb/HT213532"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -93,6 +93,11 @@
|
||||
"refsource": "GENTOO",
|
||||
"name": "GLSA-202208-29",
|
||||
"url": "https://security.gentoo.org/glsa/202208-29"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://support.apple.com/kb/HT213532",
|
||||
"url": "https://support.apple.com/kb/HT213532"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -66,6 +66,31 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20221209-0003/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20221209-0003/"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://support.apple.com/kb/HT213534",
|
||||
"url": "https://support.apple.com/kb/HT213534"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://support.apple.com/kb/HT213533",
|
||||
"url": "https://support.apple.com/kb/HT213533"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://support.apple.com/kb/HT213531",
|
||||
"url": "https://support.apple.com/kb/HT213531"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://support.apple.com/kb/HT213536",
|
||||
"url": "https://support.apple.com/kb/HT213536"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://support.apple.com/kb/HT213535",
|
||||
"url": "https://support.apple.com/kb/HT213535"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -71,6 +71,31 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20221209-0003/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20221209-0003/"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://support.apple.com/kb/HT213534",
|
||||
"url": "https://support.apple.com/kb/HT213534"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://support.apple.com/kb/HT213533",
|
||||
"url": "https://support.apple.com/kb/HT213533"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://support.apple.com/kb/HT213531",
|
||||
"url": "https://support.apple.com/kb/HT213531"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://support.apple.com/kb/HT213536",
|
||||
"url": "https://support.apple.com/kb/HT213536"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://support.apple.com/kb/HT213535",
|
||||
"url": "https://support.apple.com/kb/HT213535"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,167 +1,172 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@tibco.com",
|
||||
"DATE_PUBLIC": "2022-12-13T17:00:00Z",
|
||||
"ID": "CVE-2022-41561",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "TIBCO JasperReports Server RCE Vulnerability"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server - Community Edition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server - Developer Edition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "TIBCO Software Inc."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute Remote Code Execution to obtain a reverse shell on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Community Edition: versions 8.1.0 and below, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.1,
|
||||
"baseSeverity": "CRITICAL",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "HIGH",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Successful execution of this vulnerability can result in an attacker gaining full user access to the affected system."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.tibco.com/services/support/advisories",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.tibco.com/services/support/advisories"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server version 8.1.0: update to version 8.1.1 or later\nTIBCO JasperReports Server - Community Edition versions 8.1.0 and below: update to version 8.1.1 or later\nTIBCO JasperReports Server - Developer Edition versions 8.1.0 and below: update to version 8.1.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server for AWS Marketplace version 8.1.0: update to version 8.1.1 or later\nTIBCO JasperReports Server for Microsoft Azure versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server for Microsoft Azure version 8.1.0: update to version 8.1.1 or later"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": ""
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@tibco.com",
|
||||
"DATE_PUBLIC": "2022-12-13T17:00:00Z",
|
||||
"ID": "CVE-2022-41561",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "TIBCO JasperReports Server RCE Vulnerability"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server - Community Edition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server - Developer Edition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "TIBCO Software Inc."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute Remote Code Execution to obtain a reverse shell on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Community Edition: versions 8.1.0 and below, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.1,
|
||||
"baseSeverity": "CRITICAL",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "HIGH",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Successful execution of this vulnerability can result in an attacker gaining full user access to the affected system."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.tibco.com/services/support/advisories",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.tibco.com/services/support/advisories"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://www.tibco.com/support/advisories/2022/12/tibco-security-advisory-december-13-2022-tibco-jasperreports-server-cve-2022-41561",
|
||||
"url": "https://www.tibco.com/support/advisories/2022/12/tibco-security-advisory-december-13-2022-tibco-jasperreports-server-cve-2022-41561"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server version 8.1.0: update to version 8.1.1 or later\nTIBCO JasperReports Server - Community Edition versions 8.1.0 and below: update to version 8.1.1 or later\nTIBCO JasperReports Server - Developer Edition versions 8.1.0 and below: update to version 8.1.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server for AWS Marketplace version 8.1.0: update to version 8.1.1 or later\nTIBCO JasperReports Server for Microsoft Azure versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server for Microsoft Azure version 8.1.0: update to version 8.1.1 or later"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": ""
|
||||
}
|
||||
}
|
||||
@ -1,167 +1,172 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@tibco.com",
|
||||
"DATE_PUBLIC": "2022-12-13T17:00:00Z",
|
||||
"ID": "CVE-2022-41562",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "TIBCO JasperReports Server XSS Issue on Roles"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server - Community Edition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server - Developer Edition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "TIBCO Software Inc."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute an XSS attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Community Edition: versions 8.1.0 and below, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.4,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "HIGH",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Successful execution of this vulnerability can result in unauthorized read, update, insert or delete access to JasperReports Server and hang or frequently repeatable crash (complete DOS) of the affected system. This vulnerability can allow the attacker to exploit associated resources other than the affected system."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.tibco.com/services/support/advisories",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.tibco.com/services/support/advisories"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server version 8.1.0: update to version 8.1.1 or later\nTIBCO JasperReports Server - Community Edition versions 8.1.0 and below: update to version 8.1.1 or later\nTIBCO JasperReports Server - Developer Edition versions 8.1.0 and below: update to version 8.1.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server for AWS Marketplace version 8.1.0: update to version 8.1.1 or later\nTIBCO JasperReports Server for Microsoft Azure versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server for Microsoft Azure version 8.1.0: update to version 8.1.1 or later"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": ""
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@tibco.com",
|
||||
"DATE_PUBLIC": "2022-12-13T17:00:00Z",
|
||||
"ID": "CVE-2022-41562",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "TIBCO JasperReports Server XSS Issue on Roles"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server - Community Edition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server - Developer Edition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "TIBCO Software Inc."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute an XSS attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Community Edition: versions 8.1.0 and below, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.4,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "HIGH",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Successful execution of this vulnerability can result in unauthorized read, update, insert or delete access to JasperReports Server and hang or frequently repeatable crash (complete DOS) of the affected system. This vulnerability can allow the attacker to exploit associated resources other than the affected system."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.tibco.com/services/support/advisories",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.tibco.com/services/support/advisories"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://www.tibco.com/support/advisories/2022/12/tibco-security-advisory-december-13-2022-tibco-jasperreports-server-cve-2022-41562",
|
||||
"url": "https://www.tibco.com/support/advisories/2022/12/tibco-security-advisory-december-13-2022-tibco-jasperreports-server-cve-2022-41562"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server version 8.1.0: update to version 8.1.1 or later\nTIBCO JasperReports Server - Community Edition versions 8.1.0 and below: update to version 8.1.1 or later\nTIBCO JasperReports Server - Developer Edition versions 8.1.0 and below: update to version 8.1.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server for AWS Marketplace version 8.1.0: update to version 8.1.1 or later\nTIBCO JasperReports Server for Microsoft Azure versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server for Microsoft Azure version 8.1.0: update to version 8.1.1 or later"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": ""
|
||||
}
|
||||
}
|
||||
@ -1,156 +1,161 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@tibco.com",
|
||||
"DATE_PUBLIC": "2022-12-13T17:00:00Z",
|
||||
"ID": "CVE-2022-41563",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "TIBCO JasperReports Server Stored XSS Vulnerability"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server - Developer Edition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "TIBCO Software Inc."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9,
|
||||
"baseSeverity": "CRITICAL",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Successful execution of these vulnerabilities will result in an attacker being able to execute commands with the privileges of the affected user. This vulnerability can allow the attacker to exploit associated resources other than the affected system."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.tibco.com/services/support/advisories",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.tibco.com/services/support/advisories"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server version 8.1.0: update to version 8.1.1 or later\nTIBCO JasperReports Server - Developer Edition versions 8.1.0 and below: update to version 8.1.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server for AWS Marketplace version 8.1.0: update to version 8.1.1 or later\nTIBCO JasperReports Server for Microsoft Azure versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server for Microsoft Azure version 8.1.0: update to version 8.1.1 or later"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": ""
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@tibco.com",
|
||||
"DATE_PUBLIC": "2022-12-13T17:00:00Z",
|
||||
"ID": "CVE-2022-41563",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "TIBCO JasperReports Server Stored XSS Vulnerability"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server - Developer Edition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "8.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "TIBCO Software Inc."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9,
|
||||
"baseSeverity": "CRITICAL",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Successful execution of these vulnerabilities will result in an attacker being able to execute commands with the privileges of the affected user. This vulnerability can allow the attacker to exploit associated resources other than the affected system."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.tibco.com/services/support/advisories",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.tibco.com/services/support/advisories"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://www.tibco.com/support/advisories/2022/12/tibco-security-advisory-december-13-2022-tibco-jasperreports-server-cve-2022-41563",
|
||||
"url": "https://www.tibco.com/support/advisories/2022/12/tibco-security-advisory-december-13-2022-tibco-jasperreports-server-cve-2022-41563"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server version 8.1.0: update to version 8.1.1 or later\nTIBCO JasperReports Server - Developer Edition versions 8.1.0 and below: update to version 8.1.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server for AWS Marketplace version 8.1.0: update to version 8.1.1 or later\nTIBCO JasperReports Server for Microsoft Azure versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server for Microsoft Azure version 8.1.0: update to version 8.1.1 or later"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": ""
|
||||
}
|
||||
}
|
||||
@ -34,7 +34,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "drachtio-server 0.8.18 has a heap-based buffer over-read via a long Request-URI in an INVITE request."
|
||||
"value": "drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -56,6 +56,11 @@
|
||||
"url": "https://github.com/drachtio/drachtio-server/commit/a63d01854987d9fd846cdc9265af38ee9eb72490",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/drachtio/drachtio-server/commit/a63d01854987d9fd846cdc9265af38ee9eb72490"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/drachtio/drachtio-server/compare/v0.8.18...v0.8.19",
|
||||
"url": "https://github.com/drachtio/drachtio-server/compare/v0.8.18...v0.8.19"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,73 +4,14 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-4454",
|
||||
"TITLE": "m0ver bible-online Search search.java query sql injection",
|
||||
"REQUESTER": "cna@vuldb.com",
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"generator": "vuldb.com",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "m0ver",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "bible-online",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability, which was classified as critical, has been found in m0ver bible-online. Affected by this issue is the function query of the file src/main/java/custom/application/search.java of the component Search Handler. The manipulation leads to sql injection. The name of the patch is 6ef0aabfb2d4ccd53fcaa9707781303af357410e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215444."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"version": "3.1",
|
||||
"baseScore": "5.5",
|
||||
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/m0ver/bible-online/commit/6ef0aabfb2d4ccd53fcaa9707781303af357410e",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/m0ver/bible-online/commit/6ef0aabfb2d4ccd53fcaa9707781303af357410e"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.215444",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.215444"
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,73 +4,14 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-4455",
|
||||
"TITLE": "sproctor php-calendar index.php cross site scripting",
|
||||
"REQUESTER": "cna@vuldb.com",
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"generator": "vuldb.com",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "sproctor",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "php-calendar",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability, which was classified as problematic, was found in sproctor php-calendar. This affects an unknown part of the file index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. It is recommended to apply a patch to fix this issue. The identifier VDB-215445 was assigned to this vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"version": "3.1",
|
||||
"baseScore": "3.5",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/sproctor/php-calendar/commit/a2941109b42201c19733127ced763e270a357809",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/sproctor/php-calendar/commit/a2941109b42201c19733127ced763e270a357809"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.215445",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.215445"
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,73 +4,14 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-4456",
|
||||
"TITLE": "falling-fruit cross site scripting",
|
||||
"REQUESTER": "cna@vuldb.com",
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"generator": "vuldb.com",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "falling-fruit",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been found in falling-fruit and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 15adb8e1ea1f1c3e3d152fc266071f621ef0c621. It is recommended to apply a patch to fix this issue. VDB-215446 is the identifier assigned to this vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"version": "3.1",
|
||||
"baseScore": "3.5",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/falling-fruit/falling-fruit/commit/15adb8e1ea1f1c3e3d152fc266071f621ef0c621",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/falling-fruit/falling-fruit/commit/15adb8e1ea1f1c3e3d152fc266071f621ef0c621"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.215446",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.215446"
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user