diff --git a/2018/13xxx/CVE-2018-13819.json b/2018/13xxx/CVE-2018-13819.json index 6e78671d9e3..6db84ff3a98 100644 --- a/2018/13xxx/CVE-2018-13819.json +++ b/2018/13xxx/CVE-2018-13819.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vuln@ca.com", + "DATE_PUBLIC" : "2018-08-29T00:00:00", "ID" : "CVE-2018-13819", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Unified Infrastructure Management", + "version" : { + "version_data" : [ + { + "version_value" : "8.5.1, 8.5, 8.4.7" + } + ] + } + } + ] + }, + "vendor_name" : "CA Technologies" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Use of Hard-coded Cryptographic Key" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html" } ] } diff --git a/2018/13xxx/CVE-2018-13820.json b/2018/13xxx/CVE-2018-13820.json index e2f469e18b4..e49edf9e5ab 100644 --- a/2018/13xxx/CVE-2018-13820.json +++ b/2018/13xxx/CVE-2018-13820.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vuln@ca.com", + "DATE_PUBLIC" : "2018-08-29T00:00:00", "ID" : "CVE-2018-13820", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Unified Infrastructure Management", + "version" : { + "version_data" : [ + { + "version_value" : "8.5.1, 8.5, 8.4.7" + } + ] + } + } + ] + }, + "vendor_name" : "CA Technologies" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Use of Hard-coded Password" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html" } ] } diff --git a/2018/13xxx/CVE-2018-13821.json b/2018/13xxx/CVE-2018-13821.json index 2ed51dfa1dc..bb40d322f33 100644 --- a/2018/13xxx/CVE-2018-13821.json +++ b/2018/13xxx/CVE-2018-13821.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vuln@ca.com", + "DATE_PUBLIC" : "2018-08-29T00:00:00", "ID" : "CVE-2018-13821", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Unified Infrastructure Management", + "version" : { + "version_data" : [ + { + "version_value" : "8.5.1, 8.5, 8.4.7" + } + ] + } + } + ] + }, + "vendor_name" : "CA Technologies" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Missing Authentication" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html" } ] } diff --git a/2018/13xxx/CVE-2018-13822.json b/2018/13xxx/CVE-2018-13822.json index cf6d1b658ed..b1a83913172 100644 --- a/2018/13xxx/CVE-2018-13822.json +++ b/2018/13xxx/CVE-2018-13822.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vuln@ca.com", + "DATE_PUBLIC" : "2018-08-29T00:00:00", "ID" : "CVE-2018-13822", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "PPM", + "version" : { + "version_data" : [ + { + "version_value" : "15.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "CA Technologies" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html" } ] } diff --git a/2018/13xxx/CVE-2018-13823.json b/2018/13xxx/CVE-2018-13823.json index 1103a8c67e5..f2da6b6e286 100644 --- a/2018/13xxx/CVE-2018-13823.json +++ b/2018/13xxx/CVE-2018-13823.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vuln@ca.com", + "DATE_PUBLIC" : "2018-08-29T00:00:00", "ID" : "CVE-2018-13823", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "PPM", + "version" : { + "version_data" : [ + { + "version_value" : "15.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "CA Technologies" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "XML External Entity (XXE)" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html" } ] } diff --git a/2018/13xxx/CVE-2018-13824.json b/2018/13xxx/CVE-2018-13824.json index 75eb08ab1d6..be0dec85535 100644 --- a/2018/13xxx/CVE-2018-13824.json +++ b/2018/13xxx/CVE-2018-13824.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vuln@ca.com", + "DATE_PUBLIC" : "2018-08-29T00:00:00", "ID" : "CVE-2018-13824", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "PPM", + "version" : { + "version_data" : [ + { + "version_value" : "15.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "CA Technologies" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "SQL Injection" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html" } ] } diff --git a/2018/13xxx/CVE-2018-13825.json b/2018/13xxx/CVE-2018-13825.json index d58e6fb6973..98541b75018 100644 --- a/2018/13xxx/CVE-2018-13825.json +++ b/2018/13xxx/CVE-2018-13825.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vuln@ca.com", + "DATE_PUBLIC" : "2018-08-29T00:00:00", "ID" : "CVE-2018-13825", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "PPM", + "version" : { + "version_data" : [ + { + "version_value" : "15.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "CA Technologies" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html" } ] } diff --git a/2018/13xxx/CVE-2018-13826.json b/2018/13xxx/CVE-2018-13826.json index aeb29f9df36..61c4b4a702a 100644 --- a/2018/13xxx/CVE-2018-13826.json +++ b/2018/13xxx/CVE-2018-13826.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vuln@ca.com", + "DATE_PUBLIC" : "2018-08-29T00:00:00", "ID" : "CVE-2018-13826", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "PPM", + "version" : { + "version_data" : [ + { + "version_value" : "15.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "CA Technologies" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "XML External Entity (XXE)" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html" } ] } diff --git a/2018/15xxx/CVE-2018-15691.json b/2018/15xxx/CVE-2018-15691.json index 370e09ee58b..da16f0af295 100644 --- a/2018/15xxx/CVE-2018-15691.json +++ b/2018/15xxx/CVE-2018-15691.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vuln@ca.com", + "DATE_PUBLIC" : "2018-08-29T00:00:00", "ID" : "CVE-2018-15691", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Release Automation", + "version" : { + "version_data" : [ + { + "version_value" : "6.5 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "CA Technologies" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-03--security-notice-for-ca-release-automation.html" } ] }