diff --git a/2024/41xxx/CVE-2024-41781.json b/2024/41xxx/CVE-2024-41781.json index 6df1f9ee8d3..5842576907d 100644 --- a/2024/41xxx/CVE-2024-41781.json +++ b/2024/41xxx/CVE-2024-41781.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41781", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60,\u00a0FW1050.00 through\u00a0FW1050.20, and FW1060.00 through FW1060.10\u00a0functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-497 Exposure of System Data to an Unauthorized Control Sphere", + "cweId": "CWE-497" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "PowerVM Hypervisor", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "FW950.00", + "version_value": "FW950.90" + }, + { + "version_affected": "<=", + "version_name": "FW1030.00", + "version_value": "FW1030.60" + }, + { + "version_affected": "<=", + "version_name": "FW1050.00", + "version_value": "FW1050.20" + }, + { + "version_affected": "<=", + "version_name": "FW1060.00", + "version_value": "FW1060.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7172698", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7172698" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/51xxx/CVE-2024-51556.json b/2024/51xxx/CVE-2024-51556.json index 9c92338799b..debe5bcfb37 100644 --- a/2024/51xxx/CVE-2024-51556.json +++ b/2024/51xxx/CVE-2024-51556.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "This vulnerability exists in the Wave 2.0 due to weak encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter \u201cuser_id\u201d through API request URLs leading to unauthorized access to sensitive information belonging to other users." + "value": "This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized access to sensitive information belonging to other users." } ] }, diff --git a/2024/51xxx/CVE-2024-51559.json b/2024/51xxx/CVE-2024-51559.json index a1c3b8ceec5..7df36ef84bc 100644 --- a/2024/51xxx/CVE-2024-51559.json +++ b/2024/51xxx/CVE-2024-51559.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "This vulnerability exists in the Wave 2.0\u00a0due\u00a0to missing authorization check on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter \u201cuser_id\u201d through API request URLs which could lead to unauthorized creation, modification and deletion of alerts belonging to other user accounts." + "value": "This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts." } ] }, diff --git a/2024/51xxx/CVE-2024-51766.json b/2024/51xxx/CVE-2024-51766.json index 64688e8fdd1..44f2b138a33 100644 --- a/2024/51xxx/CVE-2024-51766.json +++ b/2024/51xxx/CVE-2024-51766.json @@ -1,17 +1,117 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51766", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential security vulnerability has been identified in the HPE NonStop DISK UTIL (T9208) product. This vulnerability could be exploited to cause a denial of service (DoS) to NonStop server. It exists in all prior DISK UTIL product versions of L-series and J-series." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-755 Improper Handling of Exceptional Conditions", + "cweId": "CWE-755" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "HPE NonStop DISK UTIL", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "L Series T9208L01^ACL", + "status": "affected", + "version": "T9208L01", + "versionType": "T9208L01" + }, + { + "lessThan": "J Series T9208H01^ACK", + "status": "affected", + "version": "T9208H01", + "versionType": "T9208H01" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbns04759en_us&docLocale=en_US", + "refsource": "MISC", + "name": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbns04759en_us&docLocale=en_US" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "HPESBNS04759", + "discovery": "INTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Please see security bulletin https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbns04759en_us&docLocale=en_US" + } + ], + "value": "Please see security bulletin\u00a0 https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbns04759en_us&docLocale=en_US" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" } ] }