From d4627bf941b4cf518ce8717ea0f1e419e69fa2ee Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 23 May 2022 20:01:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/32xxx/CVE-2021-32958.json | 87 ++++++++++++++++++++++-- 2022/1xxx/CVE-2022-1467.json | 117 +++++++++++++++++++++++++++++++-- 2022/31xxx/CVE-2022-31478.json | 18 +++++ 2022/31xxx/CVE-2022-31479.json | 18 +++++ 2022/31xxx/CVE-2022-31480.json | 18 +++++ 2022/31xxx/CVE-2022-31481.json | 18 +++++ 2022/31xxx/CVE-2022-31482.json | 18 +++++ 2022/31xxx/CVE-2022-31483.json | 18 +++++ 2022/31xxx/CVE-2022-31484.json | 18 +++++ 2022/31xxx/CVE-2022-31485.json | 18 +++++ 2022/31xxx/CVE-2022-31486.json | 18 +++++ 2022/31xxx/CVE-2022-31487.json | 67 +++++++++++++++++++ 2022/31xxx/CVE-2022-31488.json | 62 +++++++++++++++++ 2022/31xxx/CVE-2022-31489.json | 62 +++++++++++++++++ 2022/31xxx/CVE-2022-31490.json | 18 +++++ 2022/31xxx/CVE-2022-31491.json | 18 +++++ 16 files changed, 580 insertions(+), 13 deletions(-) create mode 100644 2022/31xxx/CVE-2022-31478.json create mode 100644 2022/31xxx/CVE-2022-31479.json create mode 100644 2022/31xxx/CVE-2022-31480.json create mode 100644 2022/31xxx/CVE-2022-31481.json create mode 100644 2022/31xxx/CVE-2022-31482.json create mode 100644 2022/31xxx/CVE-2022-31483.json create mode 100644 2022/31xxx/CVE-2022-31484.json create mode 100644 2022/31xxx/CVE-2022-31485.json create mode 100644 2022/31xxx/CVE-2022-31486.json create mode 100644 2022/31xxx/CVE-2022-31487.json create mode 100644 2022/31xxx/CVE-2022-31488.json create mode 100644 2022/31xxx/CVE-2022-31489.json create mode 100644 2022/31xxx/CVE-2022-31490.json create mode 100644 2022/31xxx/CVE-2022-31491.json diff --git a/2021/32xxx/CVE-2021-32958.json b/2021/32xxx/CVE-2021-32958.json index e0af7275206..205bfe406c5 100644 --- a/2021/32xxx/CVE-2021-32958.json +++ b/2021/32xxx/CVE-2021-32958.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-32958", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Claroty Secure Remote Access Site - Authentication Bypass Using an Alternate Path or Channel" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Secure Remote Access (SRA) Site", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 3.0 through 3.2" + } + ] + } + } + ] + }, + "vendor_name": "Claroty" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Alphastrike Labs reported this vulnerability to Claroty." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI). With access to the web UI an attacker can access assets managed by the SRA installation and could compromise the installation." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-180-06", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-180-06" + } + ] + }, + "source": { + "advisory": "ICSA-21-180-06", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1467.json b/2022/1xxx/CVE-2022-1467.json index 5dc6b110e0d..5f9d44dbe53 100644 --- a/2022/1xxx/CVE-2022-1467.json +++ b/2022/1xxx/CVE-2022-1467.json @@ -1,18 +1,121 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2022-1467", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AVEVA InTouch Access Anywhere Exposure of Resource to Wrong Sphere" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AVEVA InTouch Access Anywhere", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + } + ] + }, + "vendor_name": "AVEVA" + }, + { + "product": { + "product_data": [ + { + "product_name": "AVEVA Plant SCADA Access Anywhere", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + } + ] + }, + "vendor_name": "AVEVA" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Giovanni Delvecchio from Aceaspa reported this vulnerability to AVEVA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows OS can be configured to overlay a \u201clanguage bar\u201d on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-668: Exposure of Resource to Wrong Sphere" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/", + "name": "https://www.aveva.com/en/support-and-success/cyber-security-updates/" + }, + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-130-05", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-130-05" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "AVEVA recommends the following mitigations: \n\nDisable the Windows language bar on the server machine hosting InTouch Access Anywhere and Plant SCADA Access Anywhere applications unless it is required.\nCreate unique user accounts with minimal privileges dedicated only to remote access of InTouch Access Anywhere and Plant SCADA Access Anywhere applications.\nUtilize OS group policy objects (GPOs) to further restrict what those unique user accounts are allowed to do.\nRestrict access based on Microsoft\u2019s recommended block list.\nFor more information on this vulnerability, including security updates, please see security bulletin AVEVA-2022-001" + } + ] } \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31478.json b/2022/31xxx/CVE-2022-31478.json new file mode 100644 index 00000000000..5bb5743414e --- /dev/null +++ b/2022/31xxx/CVE-2022-31478.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-31478", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31479.json b/2022/31xxx/CVE-2022-31479.json new file mode 100644 index 00000000000..66abedbf068 --- /dev/null +++ b/2022/31xxx/CVE-2022-31479.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-31479", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31480.json b/2022/31xxx/CVE-2022-31480.json new file mode 100644 index 00000000000..dc54e528b11 --- /dev/null +++ b/2022/31xxx/CVE-2022-31480.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-31480", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31481.json b/2022/31xxx/CVE-2022-31481.json new file mode 100644 index 00000000000..086d9362edf --- /dev/null +++ b/2022/31xxx/CVE-2022-31481.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-31481", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31482.json b/2022/31xxx/CVE-2022-31482.json new file mode 100644 index 00000000000..34abb23f146 --- /dev/null +++ b/2022/31xxx/CVE-2022-31482.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-31482", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31483.json b/2022/31xxx/CVE-2022-31483.json new file mode 100644 index 00000000000..7fd8da7f514 --- /dev/null +++ b/2022/31xxx/CVE-2022-31483.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-31483", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31484.json b/2022/31xxx/CVE-2022-31484.json new file mode 100644 index 00000000000..d05f854dc9d --- /dev/null +++ b/2022/31xxx/CVE-2022-31484.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-31484", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31485.json b/2022/31xxx/CVE-2022-31485.json new file mode 100644 index 00000000000..ce7848cd82c --- /dev/null +++ b/2022/31xxx/CVE-2022-31485.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-31485", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31486.json b/2022/31xxx/CVE-2022-31486.json new file mode 100644 index 00000000000..ff730c9e48e --- /dev/null +++ b/2022/31xxx/CVE-2022-31486.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-31486", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31487.json b/2022/31xxx/CVE-2022-31487.json new file mode 100644 index 00000000000..72923fae2ae --- /dev/null +++ b/2022/31xxx/CVE-2022-31487.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-31487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bigb0x/CVEs/blob/main/Blockchain-AltExchanger-121-sqli.md", + "refsource": "MISC", + "name": "https://github.com/bigb0x/CVEs/blob/main/Blockchain-AltExchanger-121-sqli.md" + }, + { + "url": "https://github.com/bigb0x/CVEs/blob/main/Inout-Blockchain-FiatExchanger-221-sqli.md", + "refsource": "MISC", + "name": "https://github.com/bigb0x/CVEs/blob/main/Inout-Blockchain-FiatExchanger-221-sqli.md" + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31488.json b/2022/31xxx/CVE-2022-31488.json new file mode 100644 index 00000000000..ad816d56e7c --- /dev/null +++ b/2022/31xxx/CVE-2022-31488.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-31488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bigb0x/CVEs/blob/main/Blockchain-AltExchanger-121-sqli.md", + "refsource": "MISC", + "name": "https://github.com/bigb0x/CVEs/blob/main/Blockchain-AltExchanger-121-sqli.md" + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31489.json b/2022/31xxx/CVE-2022-31489.json new file mode 100644 index 00000000000..b09cdbf985a --- /dev/null +++ b/2022/31xxx/CVE-2022-31489.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-31489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bigb0x/CVEs/blob/main/Blockchain-AltExchanger-121-sqli.md", + "refsource": "MISC", + "name": "https://github.com/bigb0x/CVEs/blob/main/Blockchain-AltExchanger-121-sqli.md" + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31490.json b/2022/31xxx/CVE-2022-31490.json new file mode 100644 index 00000000000..8d90573ec23 --- /dev/null +++ b/2022/31xxx/CVE-2022-31490.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-31490", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31491.json b/2022/31xxx/CVE-2022-31491.json new file mode 100644 index 00000000000..d51ec1b8163 --- /dev/null +++ b/2022/31xxx/CVE-2022-31491.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-31491", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file