From cc28c0a2928f00b340ed7f697f7986f18b552bdb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 30 Mar 2022 22:01:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/33xxx/CVE-2021-33208.json | 61 ++++++++++++++++++++++++++++++---- 2021/33xxx/CVE-2021-33581.json | 61 ++++++++++++++++++++++++++++++---- 2021/38xxx/CVE-2021-38362.json | 61 ++++++++++++++++++++++++++++++---- 2021/43xxx/CVE-2021-43142.json | 56 +++++++++++++++++++++++++++---- 2021/45xxx/CVE-2021-45900.json | 61 ++++++++++++++++++++++++++++++---- 2022/24xxx/CVE-2022-24790.json | 2 +- 6 files changed, 271 insertions(+), 31 deletions(-) diff --git a/2021/33xxx/CVE-2021-33208.json b/2021/33xxx/CVE-2021-33208.json index b79c540bf6c..7f30cbb90a4 100644 --- a/2021/33xxx/CVE-2021-33208.json +++ b/2021/33xxx/CVE-2021-33208.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33208", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33208", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The \"Register an Ehcache Configuration File\" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default", + "refsource": "MISC", + "name": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default" + }, + { + "refsource": "MISC", + "name": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33208", + "url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33208" } ] } diff --git a/2021/33xxx/CVE-2021-33581.json b/2021/33xxx/CVE-2021-33581.json index c7105396e20..e2ea89aef13 100644 --- a/2021/33xxx/CVE-2021-33581.json +++ b/2021/33xxx/CVE-2021-33581.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33581", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33581", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default", + "refsource": "MISC", + "name": "https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default" + }, + { + "refsource": "MISC", + "name": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33581", + "url": "https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33581" } ] } diff --git a/2021/38xxx/CVE-2021-38362.json b/2021/38xxx/CVE-2021-38362.json index e65041a9b53..df395dc5aa7 100644 --- a/2021/38xxx/CVE-2021-38362.json +++ b/2021/38xxx/CVE-2021-38362.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-38362", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-38362", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fireeye/Vulnerability-Disclosures", + "refsource": "MISC", + "name": "https://github.com/fireeye/Vulnerability-Disclosures" + }, + { + "refsource": "MISC", + "name": "https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497", + "url": "https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497" } ] } diff --git a/2021/43xxx/CVE-2021-43142.json b/2021/43xxx/CVE-2021-43142.json index b7507262130..b96c36b02c8 100644 --- a/2021/43xxx/CVE-2021-43142.json +++ b/2021/43xxx/CVE-2021-43142.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-43142", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-43142", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An XML External Entity (XXE) vulnerability exists in wuta jox 1.16 in the readObject method in JOXSAXBeanInput." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://novysodope.github.io/2021/10/29/64/", + "refsource": "MISC", + "name": "https://novysodope.github.io/2021/10/29/64/" } ] } diff --git a/2021/45xxx/CVE-2021-45900.json b/2021/45xxx/CVE-2021-45900.json index ba7e997c1a1..2de23452d12 100644 --- a/2021/45xxx/CVE-2021-45900.json +++ b/2021/45xxx/CVE-2021-45900.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-45900", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-45900", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOH_AUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let an attacker impersonate as victim and make state changing requests on their behalf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://vivoh.com/wp-content/uploads/2021/11/Vivoh-Webinar-Manager-for-Zoom-Installation-and-Administration-Guide.pdf", + "refsource": "MISC", + "name": "https://vivoh.com/wp-content/uploads/2021/11/Vivoh-Webinar-Manager-for-Zoom-Installation-and-Administration-Guide.pdf" + }, + { + "refsource": "MISC", + "name": "https://vivoh.com/blog/finra-remediation/", + "url": "https://vivoh.com/blog/finra-remediation/" } ] } diff --git a/2022/24xxx/CVE-2022-24790.json b/2022/24xxx/CVE-2022-24790.json index c9b4b7b2128..bb15b38ad01 100644 --- a/2022/24xxx/CVE-2022-24790.json +++ b/2022/24xxx/CVE-2022-24790.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.\n" + "value": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard." } ] },