From c29abf6eec4c47bff8e56b335032dd3fa676bba7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 17 Oct 2023 00:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2011/10xxx/CVE-2011-10004.json | 123 +++++++++++++++++++++++++++++++-- 2012/10xxx/CVE-2012-10016.json | 95 +++++++++++++++++++++++-- 2023/38xxx/CVE-2023-38719.json | 83 ++++++++++++++++++++-- 2023/40xxx/CVE-2023-40372.json | 83 ++++++++++++++++++++-- 2023/40xxx/CVE-2023-40373.json | 83 ++++++++++++++++++++-- 2023/41xxx/CVE-2023-41419.json | 2 +- 2023/45xxx/CVE-2023-45152.json | 81 ++++++++++++++++++++-- 2023/45xxx/CVE-2023-45659.json | 81 ++++++++++++++++++++-- 2023/4xxx/CVE-2023-4215.json | 98 ++++++++++++++++++++++++-- 9 files changed, 696 insertions(+), 33 deletions(-) diff --git a/2011/10xxx/CVE-2011-10004.json b/2011/10xxx/CVE-2011-10004.json index 7af29476ff6..44f69681dda 100644 --- a/2011/10xxx/CVE-2011-10004.json +++ b/2011/10xxx/CVE-2011-10004.json @@ -1,17 +1,132 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2011-10004", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The identifier of the patch is e3ff616dc08d3aadff9253f1085e13f677d0c676. It is recommended to upgrade the affected component. The identifier VDB-242189 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in reciply Plugin bis 1.1.7 f\u00fcr WordPress ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei uploadImage.php. Mit der Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.1.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als e3ff616dc08d3aadff9253f1085e13f677d0c676 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "reciply Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.1.0" + }, + { + "version_affected": "=", + "version_value": "1.1.1" + }, + { + "version_affected": "=", + "version_value": "1.1.2" + }, + { + "version_affected": "=", + "version_value": "1.1.3" + }, + { + "version_affected": "=", + "version_value": "1.1.4" + }, + { + "version_affected": "=", + "version_value": "1.1.5" + }, + { + "version_affected": "=", + "version_value": "1.1.6" + }, + { + "version_affected": "=", + "version_value": "1.1.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.242189", + "refsource": "MISC", + "name": "https://vuldb.com/?id.242189" + }, + { + "url": "https://vuldb.com/?ctiid.242189", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.242189" + }, + { + "url": "https://github.com/wp-plugins/reciply/commit/e3ff616dc08d3aadff9253f1085e13f677d0c676", + "refsource": "MISC", + "name": "https://github.com/wp-plugins/reciply/commit/e3ff616dc08d3aadff9253f1085e13f677d0c676" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2012/10xxx/CVE-2012-10016.json b/2012/10xxx/CVE-2012-10016.json index cf4d0b45cc1..6c373e6b601 100644 --- a/2012/10xxx/CVE-2012-10016.json +++ b/2012/10xxx/CVE-2012-10016.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2012-10016", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The manipulation of the argument file leads to information disclosure. It is possible to launch the attack remotely. Upgrading to version 1.1 is able to address this issue. The patch is identified as e648a8706818297cf02a665ae0bae1c069dea5f1. It is recommended to upgrade the affected component. VDB-242190 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in Halulu simple-download-button-shortcode Plugin 1.0 f\u00fcr WordPress entdeckt. Es betrifft eine unbekannte Funktion der Datei simple-download-button_dl.php der Komponente Download Handler. Durch die Manipulation des Arguments file mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als e648a8706818297cf02a665ae0bae1c069dea5f1 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Disclosure", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Halulu", + "product": { + "product_data": [ + { + "product_name": "simple-download-button-shortcode Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.242190", + "refsource": "MISC", + "name": "https://vuldb.com/?id.242190" + }, + { + "url": "https://vuldb.com/?ctiid.242190", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.242190" + }, + { + "url": "https://github.com/wp-plugins/simple-download-button-shortcode/commit/e648a8706818297cf02a665ae0bae1c069dea5f1", + "refsource": "MISC", + "name": "https://github.com/wp-plugins/simple-download-button-shortcode/commit/e648a8706818297cf02a665ae0bae1c069dea5f1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N" } ] } diff --git a/2023/38xxx/CVE-2023-38719.json b/2023/38xxx/CVE-2023-38719.json index f0a3ee09feb..299f3a3314a 100644 --- a/2023/38xxx/CVE-2023-38719.json +++ b/2023/38xxx/CVE-2023-38719.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38719", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Db2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7047558", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7047558" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261607", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261607" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/40xxx/CVE-2023-40372.json b/2023/40xxx/CVE-2023-40372.json index e143b31f253..4aba9a64391 100644 --- a/2023/40xxx/CVE-2023-40372.json +++ b/2023/40xxx/CVE-2023-40372.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40372", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Db2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7047561", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7047561" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263499", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263499" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/40xxx/CVE-2023-40373.json b/2023/40xxx/CVE-2023-40373.json index cb21140c697..6b51613849f 100644 --- a/2023/40xxx/CVE-2023-40373.json +++ b/2023/40xxx/CVE-2023-40373.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40373", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Db2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.5, 11.1, 11.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7047563", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7047563" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263574", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263574" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41419.json b/2023/41xxx/CVE-2023-41419.json index 517c1c792a0..86baec0c675 100644 --- a/2023/41xxx/CVE-2023-41419.json +++ b/2023/41xxx/CVE-2023-41419.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue in Gevent Gevent before version 23.9.1 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component." + "value": "An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component." } ] }, diff --git a/2023/45xxx/CVE-2023-45152.json b/2023/45xxx/CVE-2023-45152.json index 540a72731bd..e0540e903f2 100644 --- a/2023/45xxx/CVE-2023-45152.json +++ b/2023/45xxx/CVE-2023-45152.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45152", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Engelsystem is a shift planning system for chaos events. A Blind SSRF in the \"Import schedule\" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that no HTTP(s) services listen on localhost and/or systems only reachable from the host running the engelsystem software. If such services are necessary, they should utilize additional authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918: Server-Side Request Forgery (SSRF)", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "engelsystem", + "product": { + "product_data": [ + { + "product_name": "engelsystem", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< ee7d30b33" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/engelsystem/engelsystem/security/advisories/GHSA-jj9g-75wf-6ppf", + "refsource": "MISC", + "name": "https://github.com/engelsystem/engelsystem/security/advisories/GHSA-jj9g-75wf-6ppf" + }, + { + "url": "https://github.com/engelsystem/engelsystem/commit/ee7d30b33935ea001705f438fec8ffd05734f295", + "refsource": "MISC", + "name": "https://github.com/engelsystem/engelsystem/commit/ee7d30b33935ea001705f438fec8ffd05734f295" + } + ] + }, + "source": { + "advisory": "GHSA-jj9g-75wf-6ppf", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45659.json b/2023/45xxx/CVE-2023-45659.json index 916cd32edde..d00ee2ca655 100644 --- a/2023/45xxx/CVE-2023-45659.json +++ b/2023/45xxx/CVE-2023-45659.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45659", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixed in the commit `dbb089315ff3d`. Users are advised to update their installations. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613: Insufficient Session Expiration", + "cweId": "CWE-613" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "engelsystem", + "product": { + "product_data": [ + { + "product_name": "engelsystem", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< dbb089315ff3d" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/engelsystem/engelsystem/security/advisories/GHSA-f6mm-3v2h-jm6x", + "refsource": "MISC", + "name": "https://github.com/engelsystem/engelsystem/security/advisories/GHSA-f6mm-3v2h-jm6x" + }, + { + "url": "https://github.com/engelsystem/engelsystem/commit/dbb089315ff3d8aabc11445e78fb50765208b27d", + "refsource": "MISC", + "name": "https://github.com/engelsystem/engelsystem/commit/dbb089315ff3d8aabc11445e78fb50765208b27d" + } + ] + }, + "source": { + "advisory": "GHSA-f6mm-3v2h-jm6x", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.6, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4215.json b/2023/4xxx/CVE-2023-4215.json index c5b92650e2f..6530adababb 100644 --- a/2023/4xxx/CVE-2023-4215.json +++ b/2023/4xxx/CVE-2023-4215.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4215", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Advantech", + "product": { + "product_data": [ + { + "product_name": "WebAccess", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-15", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-15" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "ICSA-23-285-15", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nAdvantech recommends users update WebAccess to Version 9.1.4\n\n
" + } + ], + "value": "\nAdvantech recommends users update WebAccess to Version 9.1.4 https://www.advantech.com/en/support/details/installation \n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Elcazators" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] }