From cf02c961a7199f9a5c13b7fbed6d9e02a7ec7eca Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 7 Jun 2023 22:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/24xxx/CVE-2023-24329.json | 7 +- 2023/24xxx/CVE-2023-24476.json | 98 ++++++++++++++++++++++++++-- 2023/27xxx/CVE-2023-27881.json | 98 ++++++++++++++++++++++++++-- 2023/29xxx/CVE-2023-29152.json | 98 ++++++++++++++++++++++++++-- 2023/29xxx/CVE-2023-29168.json | 98 ++++++++++++++++++++++++++-- 2023/29xxx/CVE-2023-29502.json | 98 ++++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2904.json | 103 +++++++++++++++++++++++++++-- 2023/31xxx/CVE-2023-31200.json | 98 ++++++++++++++++++++++++++-- 2023/33xxx/CVE-2023-33849.json | 115 +++++++++++++++++++++++++++++++-- 2023/34xxx/CVE-2023-34966.json | 18 ++++++ 2023/34xxx/CVE-2023-34967.json | 18 ++++++ 2023/34xxx/CVE-2023-34968.json | 18 ++++++ 12 files changed, 834 insertions(+), 33 deletions(-) create mode 100644 2023/34xxx/CVE-2023-34966.json create mode 100644 2023/34xxx/CVE-2023-34967.json create mode 100644 2023/34xxx/CVE-2023-34968.json diff --git a/2023/24xxx/CVE-2023-24329.json b/2023/24xxx/CVE-2023-24329.json index 498ae72f65b..8ad1919a704 100644 --- a/2023/24xxx/CVE-2023-24329.json +++ b/2023/24xxx/CVE-2023-24329.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters." + "value": "An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters." } ] }, @@ -126,6 +126,11 @@ "refsource": "FEDORA", "name": "FEDORA-2023-56cefa23df", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/python/cpython/issues/102153", + "url": "https://github.com/python/cpython/issues/102153" } ] } diff --git a/2023/24xxx/CVE-2023-24476.json b/2023/24xxx/CVE-2023-24476.json index ef50bea1b9a..81a8fa5d45b 100644 --- a/2023/24xxx/CVE-2023-24476.json +++ b/2023/24xxx/CVE-2023-24476.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-24476", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nAn attacker with local access to the machine could record the traffic, \nwhich could allow them to resend requests without the server \nauthenticating that the user or session are valid.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization", + "cweId": "CWE-285" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PTC ", + "product": { + "product_data": [ + { + "product_name": "Vuforia Studio", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "9.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13", + "refsource": "MISC", + "name": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\nPTC recommends users upgrade to Vuforia Studio release 9.9 or higher.\n\n
" + } + ], + "value": "PTC recommends users upgrade to Vuforia Studio release 9.9 https://support.ptc.com/help/vuforia/studio/en/ or higher.\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Lockheed Martin\u2014Red Team reported these vulnerabilities to PTC." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 1.8, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/27xxx/CVE-2023-27881.json b/2023/27xxx/CVE-2023-27881.json index 32bc9a2dcd5..e64703f75b2 100644 --- a/2023/27xxx/CVE-2023-27881.json +++ b/2023/27xxx/CVE-2023-27881.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-27881", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\n\nA user could use the \u201cUpload Resource\u201d functionality to upload files to any location on the disk.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434: Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PTC ", + "product": { + "product_data": [ + { + "product_name": "Vuforia Studio", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "9.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13", + "refsource": "MISC", + "name": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\nPTC recommends users upgrade to Vuforia Studio release 9.9 or higher.\n\n
" + } + ], + "value": "PTC recommends users upgrade to Vuforia Studio release 9.9 https://support.ptc.com/help/vuforia/studio/en/ or higher.\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Lockheed Martin\u2014Red Team reported these vulnerabilities to PTC." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/29xxx/CVE-2023-29152.json b/2023/29xxx/CVE-2023-29152.json index b777b70429c..0e5dfd7e07e 100644 --- a/2023/29xxx/CVE-2023-29152.json +++ b/2023/29xxx/CVE-2023-29152.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-29152", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\nBy changing the filename parameter in the request, an attacker could \ndelete any file with the permissions of the Vuforia server account.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization", + "cweId": "CWE-285" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PTC ", + "product": { + "product_data": [ + { + "product_name": "Vuforia Studio", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "9.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13", + "refsource": "MISC", + "name": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\nPTC recommends users upgrade to Vuforia Studio release 9.9 or higher.\n\n
" + } + ], + "value": "PTC recommends users upgrade to Vuforia Studio release 9.9 https://support.ptc.com/help/vuforia/studio/en/ or higher.\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Lockheed Martin\u2014Red Team reported these vulnerabilities to PTC." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/29xxx/CVE-2023-29168.json b/2023/29xxx/CVE-2023-29168.json index af1532c0304..255e449b980 100644 --- a/2023/29xxx/CVE-2023-29168.json +++ b/2023/29xxx/CVE-2023-29168.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-29168", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522: Insufficiently Protected Credentials", + "cweId": "CWE-522" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PTC ", + "product": { + "product_data": [ + { + "product_name": "Vuforia Studio", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "9.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13", + "refsource": "MISC", + "name": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\nPTC recommends users upgrade to Vuforia Studio release 9.9 or higher.\n\n
" + } + ], + "value": "PTC recommends users upgrade to Vuforia Studio release 9.9 https://support.ptc.com/help/vuforia/studio/en/ or higher.\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Lockheed Martin\u2014Red Team reported these vulnerabilities to PTC." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/29xxx/CVE-2023-29502.json b/2023/29xxx/CVE-2023-29502.json index 8bbb5d5571e..0f2ad276e35 100644 --- a/2023/29xxx/CVE-2023-29502.json +++ b/2023/29xxx/CVE-2023-29502.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-29502", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\n\n\nBefore importing a project into Vuforia, a user could modify the \n\u201cresourceDirectory\u201d attribute in the appConfig.json file to be a \ndifferent path.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PTC ", + "product": { + "product_data": [ + { + "product_name": "Vuforia Studio", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "9.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13", + "refsource": "MISC", + "name": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\nPTC recommends users upgrade to Vuforia Studio release 9.9 or higher.\n\n
" + } + ], + "value": "PTC recommends users upgrade to Vuforia Studio release 9.9 https://support.ptc.com/help/vuforia/studio/en/ or higher.\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Lockheed Martin\u2014Red Team reported these vulnerabilities to PTC." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/2xxx/CVE-2023-2904.json b/2023/2xxx/CVE-2023-2904.json index 1def2a8f422..7fd132ee29d 100644 --- a/2023/2xxx/CVE-2023-2904.json +++ b/2023/2xxx/CVE-2023-2904.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2904", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The External Visitor Manager portal of HID\u2019s SAFE versions 5.8.0 through\n 5.11.3 are vulnerable to manipulation within web fields in the \napplication programmable interface (API). An attacker could log in using\n account credentials available through a request generated by an \ninternal user and then manipulate the visitor-id within the web API to \naccess the personal data of other users. There is no limit on the number\n of requests that can be made to the HID SAFE Web Server, so an attacker\n could also exploit this vulnerability to create a denial-of-service \ncondition.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-471: Modification of Assumed-Immutable Data", + "cweId": "CWE-471" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HID Global", + "product": { + "product_data": [ + { + "product_name": "SAFE", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "5.8.0", + "version_value": "5.11.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-02" + }, + { + "url": "https://www.hidglobal.com/security-center", + "refsource": "MISC", + "name": "https://www.hidglobal.com/security-center" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n

The External Visitor Management feature is licensed and deployed \nseparately from the HID SAFE core software. Users not using this feature\n are not affected. According to HID Global, the number of affected \nsystems is limited and all affected systems have been patched.

\n

Please see HID\u2019s security advisory for more information.\n\n

" + } + ], + "value": "The External Visitor Management feature is licensed and deployed \nseparately from the HID SAFE core software. Users not using this feature\n are not affected. According to HID Global, the number of affected \nsystems is limited and all affected systems have been patched.\n\n\nPlease see HID\u2019s security advisory https://www.hidglobal.com/security-center for more information.\n\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "CISA internal research reported this vulnerability to HID." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31200.json b/2023/31xxx/CVE-2023-31200.json index 9635e2303dd..eebf96a12e6 100644 --- a/2023/31xxx/CVE-2023-31200.json +++ b/2023/31xxx/CVE-2023-31200.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31200", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\n\n\n\nPTC Vuforia Studio does not require a token; this could allow an \nattacker with local access to perform a cross-site request forgery \nattack or a replay attack.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PTC ", + "product": { + "product_data": [ + { + "product_name": "Vuforia Studio", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "9.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13", + "refsource": "MISC", + "name": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\nPTC recommends users upgrade to Vuforia Studio release 9.9 or higher.\n\n
" + } + ], + "value": "PTC recommends users upgrade to Vuforia Studio release 9.9 https://support.ptc.com/help/vuforia/studio/en/ or higher.\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Lockheed Martin\u2014Red Team reported these vulnerabilities to PTC." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/33xxx/CVE-2023-33849.json b/2023/33xxx/CVE-2023-33849.json index 9ef5738b52b..23dee65150c 100644 --- a/2023/33xxx/CVE-2023-33849.json +++ b/2023/33xxx/CVE-2023-33849.json @@ -1,17 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-33849", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-311 Missing Encryption of Sensitive Data", + "cweId": "CWE-311" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "TXSeries for Multiplatforms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.1, 8.2, 9.1" + } + ] + } + }, + { + "product_name": "CICS TX Standard", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1" + } + ] + } + }, + { + "product_name": "CICS TX Advanced", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.1, 11.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257105", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257105" + }, + { + "url": "https://www.ibm.com/support/pages/node/7001687", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7001687" + }, + { + "url": "https://www.ibm.com/support/pages/node/7001697", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7001697" + }, + { + "url": "https://www.ibm.com/support/pages/node/7001695", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7001695" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/34xxx/CVE-2023-34966.json b/2023/34xxx/CVE-2023-34966.json new file mode 100644 index 00000000000..9b39d093eda --- /dev/null +++ b/2023/34xxx/CVE-2023-34966.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-34966", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/34xxx/CVE-2023-34967.json b/2023/34xxx/CVE-2023-34967.json new file mode 100644 index 00000000000..a7423223b3d --- /dev/null +++ b/2023/34xxx/CVE-2023-34967.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-34967", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/34xxx/CVE-2023-34968.json b/2023/34xxx/CVE-2023-34968.json new file mode 100644 index 00000000000..feac5eaa313 --- /dev/null +++ b/2023/34xxx/CVE-2023-34968.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-34968", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file