From c78fdf613b94146c99ebaba0b236b2bb90608a9b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 3 Aug 2023 17:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/35xxx/CVE-2021-35226.json | 125 ++++++++++++++++-------------- 2021/35xxx/CVE-2021-35252.json | 12 +-- 2022/36xxx/CVE-2022-36961.json | 130 ++++++++++++++++--------------- 2022/36xxx/CVE-2022-36963.json | 136 +++++++++++++++++---------------- 2022/36xxx/CVE-2022-36965.json | 134 ++++++++++++++++---------------- 2022/36xxx/CVE-2022-36966.json | 133 ++++++++++++++++---------------- 2023/25xxx/CVE-2023-25524.json | 78 ++++++++++++++++++- 2023/25xxx/CVE-2023-25835.json | 2 +- 2023/36xxx/CVE-2023-36213.json | 61 +++++++++++++-- 2023/39xxx/CVE-2023-39510.json | 18 +++++ 2023/39xxx/CVE-2023-39511.json | 18 +++++ 2023/39xxx/CVE-2023-39512.json | 18 +++++ 2023/39xxx/CVE-2023-39513.json | 18 +++++ 2023/39xxx/CVE-2023-39514.json | 18 +++++ 2023/39xxx/CVE-2023-39515.json | 18 +++++ 2023/39xxx/CVE-2023-39516.json | 18 +++++ 2023/39xxx/CVE-2023-39517.json | 18 +++++ 2023/39xxx/CVE-2023-39518.json | 18 +++++ 2023/39xxx/CVE-2023-39519.json | 18 +++++ 2023/39xxx/CVE-2023-39520.json | 18 +++++ 2023/39xxx/CVE-2023-39521.json | 18 +++++ 2023/39xxx/CVE-2023-39522.json | 18 +++++ 2023/39xxx/CVE-2023-39523.json | 18 +++++ 2023/39xxx/CVE-2023-39524.json | 18 +++++ 2023/39xxx/CVE-2023-39525.json | 18 +++++ 2023/39xxx/CVE-2023-39526.json | 18 +++++ 2023/39xxx/CVE-2023-39527.json | 18 +++++ 2023/39xxx/CVE-2023-39528.json | 18 +++++ 2023/39xxx/CVE-2023-39529.json | 18 +++++ 2023/39xxx/CVE-2023-39530.json | 18 +++++ 2023/39xxx/CVE-2023-39531.json | 18 +++++ 2023/39xxx/CVE-2023-39532.json | 18 +++++ 2023/39xxx/CVE-2023-39533.json | 18 +++++ 2023/39xxx/CVE-2023-39534.json | 18 +++++ 2023/4xxx/CVE-2023-4145.json | 92 ++++++++++++++++++++++ 35 files changed, 1018 insertions(+), 335 deletions(-) create mode 100644 2023/39xxx/CVE-2023-39510.json create mode 100644 2023/39xxx/CVE-2023-39511.json create mode 100644 2023/39xxx/CVE-2023-39512.json create mode 100644 2023/39xxx/CVE-2023-39513.json create mode 100644 2023/39xxx/CVE-2023-39514.json create mode 100644 2023/39xxx/CVE-2023-39515.json create mode 100644 2023/39xxx/CVE-2023-39516.json create mode 100644 2023/39xxx/CVE-2023-39517.json create mode 100644 2023/39xxx/CVE-2023-39518.json create mode 100644 2023/39xxx/CVE-2023-39519.json create mode 100644 2023/39xxx/CVE-2023-39520.json create mode 100644 2023/39xxx/CVE-2023-39521.json create mode 100644 2023/39xxx/CVE-2023-39522.json create mode 100644 2023/39xxx/CVE-2023-39523.json create mode 100644 2023/39xxx/CVE-2023-39524.json create mode 100644 2023/39xxx/CVE-2023-39525.json create mode 100644 2023/39xxx/CVE-2023-39526.json create mode 100644 2023/39xxx/CVE-2023-39527.json create mode 100644 2023/39xxx/CVE-2023-39528.json create mode 100644 2023/39xxx/CVE-2023-39529.json create mode 100644 2023/39xxx/CVE-2023-39530.json create mode 100644 2023/39xxx/CVE-2023-39531.json create mode 100644 2023/39xxx/CVE-2023-39532.json create mode 100644 2023/39xxx/CVE-2023-39533.json create mode 100644 2023/39xxx/CVE-2023-39534.json create mode 100644 2023/4xxx/CVE-2023-4145.json diff --git a/2021/35xxx/CVE-2021-35226.json b/2021/35xxx/CVE-2021-35226.json index dbaf7187cd0..97f565bbfd2 100644 --- a/2021/35xxx/CVE-2021-35226.json +++ b/2021/35xxx/CVE-2021-35226.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "psirt@solarwinds.com", "ID": "CVE-2021-35226", - "STATE": "PUBLIC", - "TITLE": "Hashed Credential Exposure Vulnerability" + "ASSIGNER": "psirt@solarwinds.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "SolarWinds", "product": { "product_data": [ { @@ -24,76 +48,61 @@ } } ] - }, - "vendor_name": "SolarWinds" + } } ] } }, - "credit": [ - { - "lang": "eng", - "value": "SolarWinds would like to thank Preston Deason, Chad Larsen and Zachary Riezenman for reporting on the issue in a responsible manner." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references": { + "reference_data": [ { - "lang": "eng", - "value": "An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role." + "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226", + "refsource": "MISC", + "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 2.7, - "baseSeverity": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226", - "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226" - } - ] + "source": { + "discovery": "UNKNOWN" }, "solution": [ { - "lang": "eng", - "value": "SolarWinds recommends\u202fcustomers upgrade to the latest version once it becomes generally available. " + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

SolarWinds recommends\u202fcustomers upgrade to the latest version once it becomes generally available.

" + } + ], + "value": "SolarWinds recommends\u202fcustomers upgrade to the latest version once it becomes generally available. \n\n" } ], - "source": { - "discovery": "UNKNOWN" + "credits": [ + { + "lang": "en", + "value": "SolarWinds would like to thank Preston Deason, Chad Larsen and Zachary Riezenman for reporting on the issue in a responsible manner." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2021/35xxx/CVE-2021-35252.json b/2021/35xxx/CVE-2021-35252.json index 861a4082d1f..e39f128fb71 100644 --- a/2021/35xxx/CVE-2021-35252.json +++ b/2021/35xxx/CVE-2021-35252.json @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_value": "15.3.0", - "version_affected": "=" + "version_affected": "=", + "version_value": "15.3.0" } ] } @@ -100,16 +100,16 @@ "cvss": [ { "attackComplexity": "LOW", - "attackVector": "ADJACENT_NETWORK", + "attackVector": "NETWORK", "availabilityImpact": "NONE", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", + "baseScore": 7.5, + "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } ] diff --git a/2022/36xxx/CVE-2022-36961.json b/2022/36xxx/CVE-2022-36961.json index 944907dacc8..412b3e2a000 100644 --- a/2022/36xxx/CVE-2022-36961.json +++ b/2022/36xxx/CVE-2022-36961.json @@ -1,15 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "psirt@solarwinds.com", - "DATE_PUBLIC": "2022-09-28T14:35:00.000Z", "ID": "CVE-2022-36961", - "STATE": "PUBLIC", - "TITLE": "Orion Platform SQL Injection Privilege Escalation Vulnerability" + "ASSIGNER": "psirt@solarwinds.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "SolarWinds", "product": { "product_data": [ { @@ -25,78 +48,63 @@ } } ] - }, - "vendor_name": "SolarWinds" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references": { + "reference_data": [ { - "lang": "eng", - "value": "A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution." + "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961", + "refsource": "MISC", + "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961" + }, + { + "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm", + "refsource": "MISC", + "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961", - "refsource": "CONFIRM", - "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961" - }, - { - "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm", - "refsource": "CONFIRM", - "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "All SolarWinds Platform customers are advised to upgrade to the latest generally available service update. (SolarWinds Platform)" - } - ], "source": { "defect": [ "CVE-2022-36961" ], "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

All SolarWinds Platform customers are advised to upgrade to the latest generally available service update. (SolarWinds Platform)

" + } + ], + "value": "All SolarWinds Platform customers are advised to upgrade to the latest generally available service update. (SolarWinds Platform)\n\n" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/36xxx/CVE-2022-36963.json b/2022/36xxx/CVE-2022-36963.json index f0dfb363e39..6ce46270866 100644 --- a/2022/36xxx/CVE-2022-36963.json +++ b/2022/36xxx/CVE-2022-36963.json @@ -1,15 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "psirt@solarwinds.com", - "DATE_PUBLIC": "2023-04-17T23:00:00.000Z", "ID": "CVE-2022-36963", - "STATE": "PUBLIC", - "TITLE": "SolarWinds Platform Deserialization of Untrusted Data Vulnerability" + "ASSIGNER": "psirt@solarwinds.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "SolarWinds Platform Command Injection Vulnerability", "product": { "product_data": [ { @@ -25,81 +48,66 @@ } } ] - }, - "vendor_name": "SolarWinds Platform Command Injection Vulnerability" + } } ] } }, - "credit": [ - { - "lang": "eng", - "value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references": { + "reference_data": [ { - "lang": "eng", - "value": "The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands." + "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36963", + "refsource": "MISC", + "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36963" + }, + { + "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm", + "refsource": "MISC", + "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm" } ] }, "generator": { "engine": "vulnogram 0.1.0-rc1" }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36963", - "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36963" - }, - { - "refsource": "MISC", - "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm", - "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm" - } - ] + "source": { + "discovery": "EXTERNAL" }, "solution": [ { - "lang": "eng", - "value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.2" + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.2

" + } + ], + "value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.2\n\n" } ], - "source": { - "discovery": "EXTERNAL" + "credits": [ + { + "lang": "en", + "value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/36xxx/CVE-2022-36965.json b/2022/36xxx/CVE-2022-36965.json index 2cab264bc13..7bfad7150f8 100644 --- a/2022/36xxx/CVE-2022-36965.json +++ b/2022/36xxx/CVE-2022-36965.json @@ -1,74 +1,20 @@ { - "CVE_data_meta": { - "AKA": "SolarWinds", - "ASSIGNER": "psirt@solarwinds.com", - "DATE_PUBLIC": "2022-09-28T10:25:00.000Z", - "ID": "CVE-2022-36965", - "STATE": "PUBLIC", - "TITLE": "Stored and DOM XSS in QoE Applications: Orion Platform" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Orion Platform ", - "version": { - "version_data": [ - { - "platform": "Windows", - "version_affected": "<", - "version_name": "2020.2.6 and previous versions", - "version_value": "2022.3.0" - } - ] - } - } - ] - }, - "vendor_name": "SolarWinds" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Shashank Chaurasia" - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-36965", + "ASSIGNER": "psirt@solarwinds.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0)." + "value": "Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).\n\n" } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { @@ -81,24 +27,76 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SolarWinds", + "product": { + "product_data": [ + { + "product_name": "Orion Platform ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2020.2.6 and previous versions", + "version_value": "2022.3.0" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36965", - "refsource": "CONFIRM", - "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36965" + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36965", + "refsource": "MISC", + "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36965" }, { - "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes,issues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform", - "refsource": "CONFIRM", - "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes,issues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform" + "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes%2Cissues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform", + "refsource": "MISC", + "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes%2Cissues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "defect": [ "CVE-2022-36965" ], "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Shashank Chaurasia" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/36xxx/CVE-2022-36966.json b/2022/36xxx/CVE-2022-36966.json index 30f04d23897..b6414a33ddb 100644 --- a/2022/36xxx/CVE-2022-36966.json +++ b/2022/36xxx/CVE-2022-36966.json @@ -1,73 +1,20 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@solarwinds.com", - "DATE_PUBLIC": "2022-10-19T08:45:00.000Z", - "ID": "CVE-2022-36966", - "STATE": "PUBLIC", - "TITLE": "Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "SolarWinds Platform", - "version": { - "version_data": [ - { - "platform": "Windows", - "version_affected": "<", - "version_name": "2022.3 and previous", - "version_value": "2022.3" - } - ] - } - } - ] - }, - "vendor_name": "SolarWinds" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Asim Liaquat" - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-36966", + "ASSIGNER": "psirt@solarwinds.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous." + "value": "Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.\n\n" } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "LOW", - "baseScore": 5.9, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { @@ -80,21 +27,73 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SolarWinds", + "product": { + "product_data": [ + { + "product_name": "SolarWinds Platform", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2022.3 and previous", + "version_value": "2022.3" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm", - "refsource": "CONFIRM", - "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm" + "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm", + "refsource": "MISC", + "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm" }, { - "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966", - "refsource": "CONFIRM", - "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966" + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966", + "refsource": "MISC", + "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36966" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Asim Liaquat" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2023/25xxx/CVE-2023-25524.json b/2023/25xxx/CVE-2023-25524.json index 3a616876c6e..f34ec3d7054 100644 --- a/2023/25xxx/CVE-2023-25524.json +++ b/2023/25xxx/CVE-2023-25524.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25524", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@nvidia.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nNVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user\u2019s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-598 Use of GET Request Method With Sensitive Query Strings", + "cweId": "CWE-598" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NVIDIA", + "product": { + "product_data": [ + { + "product_name": "Omniverse Workstation Launcher", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "\t1.8.7 and prior versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5472", + "refsource": "MISC", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5472" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/25xxx/CVE-2023-25835.json b/2023/25xxx/CVE-2023-25835.json index 10b34e247ea..6865d69c8a2 100644 --- a/2023/25xxx/CVE-2023-25835.json +++ b/2023/25xxx/CVE-2023-25835.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "\nThere is a Cross-site Scripting vulnerability\u00a0in Esri Portal Sites in versions 10.8.1 \u2013 11.1 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. \u00a0The privileges required to execute this attack are high.\n\n\n\n" + "value": "\nThere is a stored Cross-site Scripting vulnerability\u00a0in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 \u2013 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. \u00a0The privileges required to execute this attack are high.\u00a0 The attack could disclose a privileged token which may result the attacker gaining full control of the Portal.\n\n" } ] }, diff --git a/2023/36xxx/CVE-2023-36213.json b/2023/36xxx/CVE-2023-36213.json index d325220055a..65fa87fd8be 100644 --- a/2023/36xxx/CVE-2023-36213.json +++ b/2023/36xxx/CVE-2023-36213.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-36213", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-36213", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/51504", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/51504" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/172698/MotoCMS-3.4.3-SQL-Injection.html", + "url": "https://packetstormsecurity.com/files/172698/MotoCMS-3.4.3-SQL-Injection.html" } ] } diff --git a/2023/39xxx/CVE-2023-39510.json b/2023/39xxx/CVE-2023-39510.json new file mode 100644 index 00000000000..0c05009e6f9 --- /dev/null +++ b/2023/39xxx/CVE-2023-39510.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39510", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39511.json b/2023/39xxx/CVE-2023-39511.json new file mode 100644 index 00000000000..3945120d422 --- /dev/null +++ b/2023/39xxx/CVE-2023-39511.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39511", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39512.json b/2023/39xxx/CVE-2023-39512.json new file mode 100644 index 00000000000..54eb617265a --- /dev/null +++ b/2023/39xxx/CVE-2023-39512.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39512", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39513.json b/2023/39xxx/CVE-2023-39513.json new file mode 100644 index 00000000000..3f1d126b30e --- /dev/null +++ b/2023/39xxx/CVE-2023-39513.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39513", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39514.json b/2023/39xxx/CVE-2023-39514.json new file mode 100644 index 00000000000..1f5308c63e4 --- /dev/null +++ b/2023/39xxx/CVE-2023-39514.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39514", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39515.json b/2023/39xxx/CVE-2023-39515.json new file mode 100644 index 00000000000..9cc44233c29 --- /dev/null +++ b/2023/39xxx/CVE-2023-39515.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39515", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39516.json b/2023/39xxx/CVE-2023-39516.json new file mode 100644 index 00000000000..eec0037080f --- /dev/null +++ b/2023/39xxx/CVE-2023-39516.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39516", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39517.json b/2023/39xxx/CVE-2023-39517.json new file mode 100644 index 00000000000..0454c78735d --- /dev/null +++ b/2023/39xxx/CVE-2023-39517.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39517", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39518.json b/2023/39xxx/CVE-2023-39518.json new file mode 100644 index 00000000000..2f329f594fc --- /dev/null +++ b/2023/39xxx/CVE-2023-39518.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39518", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39519.json b/2023/39xxx/CVE-2023-39519.json new file mode 100644 index 00000000000..68f28debf2d --- /dev/null +++ b/2023/39xxx/CVE-2023-39519.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39519", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39520.json b/2023/39xxx/CVE-2023-39520.json new file mode 100644 index 00000000000..ba99e9e70c5 --- /dev/null +++ b/2023/39xxx/CVE-2023-39520.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39520", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39521.json b/2023/39xxx/CVE-2023-39521.json new file mode 100644 index 00000000000..a807a383fde --- /dev/null +++ b/2023/39xxx/CVE-2023-39521.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39521", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39522.json b/2023/39xxx/CVE-2023-39522.json new file mode 100644 index 00000000000..7a965d9798c --- /dev/null +++ b/2023/39xxx/CVE-2023-39522.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39522", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39523.json b/2023/39xxx/CVE-2023-39523.json new file mode 100644 index 00000000000..f59b53eb099 --- /dev/null +++ b/2023/39xxx/CVE-2023-39523.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39523", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39524.json b/2023/39xxx/CVE-2023-39524.json new file mode 100644 index 00000000000..104afed06ba --- /dev/null +++ b/2023/39xxx/CVE-2023-39524.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39524", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39525.json b/2023/39xxx/CVE-2023-39525.json new file mode 100644 index 00000000000..a6d35d28a79 --- /dev/null +++ b/2023/39xxx/CVE-2023-39525.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39525", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39526.json b/2023/39xxx/CVE-2023-39526.json new file mode 100644 index 00000000000..115bc1d4aab --- /dev/null +++ b/2023/39xxx/CVE-2023-39526.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39526", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39527.json b/2023/39xxx/CVE-2023-39527.json new file mode 100644 index 00000000000..9704f2a110a --- /dev/null +++ b/2023/39xxx/CVE-2023-39527.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39527", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39528.json b/2023/39xxx/CVE-2023-39528.json new file mode 100644 index 00000000000..6ba37ac78af --- /dev/null +++ b/2023/39xxx/CVE-2023-39528.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39528", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39529.json b/2023/39xxx/CVE-2023-39529.json new file mode 100644 index 00000000000..60e36ebb065 --- /dev/null +++ b/2023/39xxx/CVE-2023-39529.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39529", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39530.json b/2023/39xxx/CVE-2023-39530.json new file mode 100644 index 00000000000..b246fed67a1 --- /dev/null +++ b/2023/39xxx/CVE-2023-39530.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39530", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39531.json b/2023/39xxx/CVE-2023-39531.json new file mode 100644 index 00000000000..d96fdaaa70d --- /dev/null +++ b/2023/39xxx/CVE-2023-39531.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39531", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39532.json b/2023/39xxx/CVE-2023-39532.json new file mode 100644 index 00000000000..cd5156f83a3 --- /dev/null +++ b/2023/39xxx/CVE-2023-39532.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39532", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39533.json b/2023/39xxx/CVE-2023-39533.json new file mode 100644 index 00000000000..ac71b5114ea --- /dev/null +++ b/2023/39xxx/CVE-2023-39533.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39533", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39534.json b/2023/39xxx/CVE-2023-39534.json new file mode 100644 index 00000000000..7317b301b48 --- /dev/null +++ b/2023/39xxx/CVE-2023-39534.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39534", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4145.json b/2023/4xxx/CVE-2023-4145.json new file mode 100644 index 00000000000..cac89339b28 --- /dev/null +++ b/2023/4xxx/CVE-2023-4145.json @@ -0,0 +1,92 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-4145", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pimcore", + "product": { + "product_data": [ + { + "product_name": "pimcore/customer-data-framework", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "3.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/ce852777-2994-40b4-bb4e-c4d10023eeb0", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/ce852777-2994-40b4-bb4e-c4d10023eeb0" + }, + { + "url": "https://github.com/pimcore/customer-data-framework/commit/72f45dd537a706954e7a71c99fbe318640e846a2", + "refsource": "MISC", + "name": "https://github.com/pimcore/customer-data-framework/commit/72f45dd537a706954e7a71c99fbe318640e846a2" + } + ] + }, + "source": { + "advisory": "ce852777-2994-40b4-bb4e-c4d10023eeb0", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file