diff --git a/2018/17xxx/CVE-2018-17542.json b/2018/17xxx/CVE-2018-17542.json index 31d8d937197..b772a5978db 100644 --- a/2018/17xxx/CVE-2018-17542.json +++ b/2018/17xxx/CVE-2018-17542.json @@ -1,109 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-17542", - "ASSIGNER": "cve@cert.org.tw", - "DATE_PUBLIC": "2018-11-23T16:00:00.000Z", - "TITLE": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds", - "AKA": "", - "STATE": "PUBLIC" - }, - "source": { - "defect": [], - "advisory": "", - "discovery": "UNKNOWN" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "OAKlouds ", - "product": { - "product_data": [ - { - "product_name": "MailSherlock", - "version": { - "version_data": [ - { - "version_name": "", - "affected": "<", - "version_value": "1.5.235", - "platform": "" - } - ] - } - } - ] - } - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ + "CVE_data_meta" : { + "AKA" : "", + "ASSIGNER" : "cve@cert.org.tw", + "DATE_PUBLIC" : "2018-11-23T16:00:00.000Z", + "ID" : "CVE-2018-17542", + "STATE" : "PUBLIC", + "TITLE" : "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "SQL Injection" + "product" : { + "product_data" : [ + { + "product_name" : "MailSherlock", + "version" : { + "version_data" : [ + { + "affected" : "<", + "platform" : "", + "version_name" : "", + "version_value" : "1.5.235" + } + ] + } + } + ] + }, + "vendor_name" : "OAKlouds " } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=28", - "name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=28" - }, - { - "refsource": "CONFIRM", - "url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73", - "name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73" - } - ] - }, - "configuration": [], - "impact": { - "cvss": { - "version": "3.0", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + ] } - }, - "exploit": [], - "work_around": [], - "solution": [ + }, + "configuration" : [], + "credit" : [ { - "lang": "eng", - "value": "Update the software to the latest version." + "lang" : "eng", + "value" : "Researcher from a Technology enterprise" } - ], - "credit": [ + ], + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request." + } + ] + }, + "exploit" : [], + "impact" : { + "cvss" : { + "attackComplexity" : "LOW", + "attackVector" : "NETWORK", + "availabilityImpact" : "NONE", + "baseScore" : 4.3, + "baseSeverity" : "MEDIUM", + "confidentialityImpact" : "LOW", + "integrityImpact" : "NONE", + "privilegesRequired" : "NONE", + "scope" : "UNCHANGED", + "userInteraction" : "REQUIRED", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "SQL Injection" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73", + "refsource" : "CONFIRM", + "url" : "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73" + }, + { + "name" : "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=28", + "refsource" : "CONFIRM", + "url" : "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=28" + } + ] + }, + "solution" : [ { - "lang": "eng", - "value": "Researcher from a Technology enterprise" + "lang" : "eng", + "value" : "Update the software to the latest version." } - ] - } \ No newline at end of file + ], + "source" : { + "advisory" : "", + "defect" : [], + "discovery" : "UNKNOWN" + }, + "work_around" : [] +} diff --git a/2018/19xxx/CVE-2018-19645.json b/2018/19xxx/CVE-2018-19645.json index 0e382daeb33..735d20c842d 100644 --- a/2018/19xxx/CVE-2018-19645.json +++ b/2018/19xxx/CVE-2018-19645.json @@ -1,81 +1,81 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@microfocus.com", - "DATE_PUBLIC": "2019-01-23T01:00:00.000Z", - "ID": "CVE-2018-19645", - "STATE": "PUBLIC", - "TITLE": "Solutions Business Manager (SBM) Authentication Bypass Issue in Version prior to 11.5" + "CVE_data_meta" : { + "ASSIGNER" : "security@microfocus.com", + "DATE_PUBLIC" : "2019-01-23T01:00:00.000Z", + "ID" : "CVE-2018-19645", + "STATE" : "PUBLIC", + "TITLE" : "Solutions Business Manager (SBM) Authentication Bypass Issue in Version prior to 11.5" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "NetIQ Access Manager (NAM)", - "version": { - "version_data": [ + "product_name" : "NetIQ Access Manager (NAM)", + "version" : { + "version_data" : [ { - "affected": "<", - "version_name": "Solutions Business Manager (SBM)", - "version_value": "11.5" + "affected" : "<", + "version_name" : "Solutions Business Manager (SBM)", + "version_value" : "11.5" } ] } } ] }, - "vendor_name": "NetIQ eDirectory" + "vendor_name" : "NetIQ eDirectory" } ] } }, - "credit": [ + "credit" : [ { - "lang": "eng", - "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE. \n\n" + "lang" : "eng", + "value" : "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE. \n\n" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5." + "lang" : "eng", + "value" : "An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Authentication Bypass" + "lang" : "eng", + "value" : "Authentication Bypass" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "name": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm", - "refsource": "CONFIRM", - "url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm" + "name" : "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm", + "refsource" : "CONFIRM", + "url" : "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm" } ] }, - "solution": [ + "solution" : [ { - "lang": "eng", - "value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5" + "lang" : "eng", + "value" : "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5" } ], - "source": { - "discovery": "EXTERNAL" + "source" : { + "discovery" : "EXTERNAL" } } diff --git a/2018/5xxx/CVE-2018-5499.json b/2018/5xxx/CVE-2018-5499.json index 50e5ceff7eb..819642d8ff4 100644 --- a/2018/5xxx/CVE-2018-5499.json +++ b/2018/5xxx/CVE-2018-5499.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://security.netapp.com/advisory/ntap-20190125-0003/", + "refsource" : "CONFIRM", "url" : "https://security.netapp.com/advisory/ntap-20190125-0003/" } ] diff --git a/2019/1xxx/CVE-2019-1688.json b/2019/1xxx/CVE-2019-1688.json index eda2aa358ca..225e7efcb4e 100644 --- a/2019/1xxx/CVE-2019-1688.json +++ b/2019/1xxx/CVE-2019-1688.json @@ -1,86 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2019-02-12T16:00:00-0800", - "ID": "CVE-2019-1688", - "STATE": "PUBLIC", - "TITLE": "Cisco Network Assurance Engine CLI Access with Default Password Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco Network Assurance Engine ", - "version": { - "version_data": [ - { - "version_value": "3.0(1)" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2019-02-12T16:00:00-0800", + "ID" : "CVE-2019-1688", + "STATE" : "PUBLIC", + "TITLE" : "Cisco Network Assurance Engine CLI Access with Default Password Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco Network Assurance Engine ", + "version" : { + "version_data" : [ + { + "version_value" : "3.0(1)" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1)." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "7.7", + "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-798" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1)." - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "7.7", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-798" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20190212 Cisco Network Assurance Engine CLI Access with Default Password Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos" - } - ] - }, - "source": { - "advisory": "cisco-sa-20190212-nae-dos", - "defect": [ - [ - "CSCvo18229" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20190212 Cisco Network Assurance Engine CLI Access with Default Password Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20190212-nae-dos", + "defect" : [ + [ + "CSCvo18229" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2019/7xxx/CVE-2019-7550.json b/2019/7xxx/CVE-2019-7550.json index d56cbd33faa..12549739b7a 100644 --- a/2019/7xxx/CVE-2019-7550.json +++ b/2019/7xxx/CVE-2019-7550.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-7550", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the \"create user\" function. If a register/check/username?username= request corresponds to a username that exists, then an \"is already in use\" error is produced. NOTE: this product is discontinued." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.criticalstart.com/2019/02/information-disclosure-in-jforum-2-1-x-syntax/", + "refsource" : "MISC", + "url" : "https://www.criticalstart.com/2019/02/information-disclosure-in-jforum-2-1-x-syntax/" } ] }