From d4f045f4c70a1bcb2d994fe60b65c073ca94ee80 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 18 Mar 2020 01:01:22 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20510.json | 67 +++++++++++++++ 2020/10xxx/CVE-2020-10654.json | 18 +++++ 2020/10xxx/CVE-2020-10655.json | 18 +++++ 2020/10xxx/CVE-2020-10656.json | 18 +++++ 2020/10xxx/CVE-2020-10657.json | 18 +++++ 2020/10xxx/CVE-2020-10658.json | 18 +++++ 2020/8xxx/CVE-2020-8467.json | 128 +++++++++++++++-------------- 2020/8xxx/CVE-2020-8468.json | 144 +++++++++++++++++---------------- 2020/8xxx/CVE-2020-8470.json | 144 +++++++++++++++++---------------- 2020/8xxx/CVE-2020-8598.json | 144 +++++++++++++++++---------------- 2020/8xxx/CVE-2020-8599.json | 128 +++++++++++++++-------------- 2020/8xxx/CVE-2020-8600.json | 136 ++++++++++++++++--------------- 12 files changed, 588 insertions(+), 393 deletions(-) create mode 100644 2019/20xxx/CVE-2019-20510.json create mode 100644 2020/10xxx/CVE-2020-10654.json create mode 100644 2020/10xxx/CVE-2020-10655.json create mode 100644 2020/10xxx/CVE-2020-10656.json create mode 100644 2020/10xxx/CVE-2020-10657.json create mode 100644 2020/10xxx/CVE-2020-10658.json diff --git a/2019/20xxx/CVE-2019-20510.json b/2019/20xxx/CVE-2019-20510.json new file mode 100644 index 00000000000..b1c3b1fc1bc --- /dev/null +++ b/2019/20xxx/CVE-2019-20510.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rlm_eap/types/rlm_eap_pwd/eap_pwd.c in the EAP-pwd implementation in FreeRADIUS before 3.0.20 allows remote attackers to discover passwords because there is a side-channel information leak associated with the Hunting and Pecking abort for excessive iterations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/janetuk/freeradius/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa", + "refsource": "MISC", + "name": "https://github.com/janetuk/freeradius/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa" + }, + { + "url": "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.20", + "refsource": "MISC", + "name": "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.20" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10654.json b/2020/10xxx/CVE-2020-10654.json new file mode 100644 index 00000000000..28d3cc94d42 --- /dev/null +++ b/2020/10xxx/CVE-2020-10654.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10654", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10655.json b/2020/10xxx/CVE-2020-10655.json new file mode 100644 index 00000000000..fb434bceb23 --- /dev/null +++ b/2020/10xxx/CVE-2020-10655.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10655", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10656.json b/2020/10xxx/CVE-2020-10656.json new file mode 100644 index 00000000000..3fa06bbf646 --- /dev/null +++ b/2020/10xxx/CVE-2020-10656.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10656", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10657.json b/2020/10xxx/CVE-2020-10657.json new file mode 100644 index 00000000000..d152a7e4b55 --- /dev/null +++ b/2020/10xxx/CVE-2020-10657.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10657", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10658.json b/2020/10xxx/CVE-2020-10658.json new file mode 100644 index 00000000000..df9b76ad6d2 --- /dev/null +++ b/2020/10xxx/CVE-2020-10658.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10658", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8467.json b/2020/8xxx/CVE-2020-8467.json index 5aee938c60c..56bbac869da 100644 --- a/2020/8xxx/CVE-2020-8467.json +++ b/2020/8xxx/CVE-2020-8467.json @@ -1,63 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2020-8467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro OfficeScan, Trend Micro Apex One", - "version" : { - "version_data" : [ - { - "version_value" : "OfficeScan XG (12.0), Apex One 2019 (14.0)" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication. " - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "RCE" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://success.trendmicro.com/solution/000245571" - }, - { - "url" : "https://success.trendmicro.com/jp/solution/000244253" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2020-8467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro OfficeScan, Trend Micro Apex One", + "version": { + "version_data": [ + { + "version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0)" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "RCE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000245571", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000245571" + }, + { + "url": "https://success.trendmicro.com/jp/solution/000244253", + "refsource": "MISC", + "name": "https://success.trendmicro.com/jp/solution/000244253" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8468.json b/2020/8xxx/CVE-2020-8468.json index 9429fb0287b..d44bcf007f8 100644 --- a/2020/8xxx/CVE-2020-8468.json +++ b/2020/8xxx/CVE-2020-8468.json @@ -1,69 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2020-8468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)", - "version" : { - "version_data" : [ - { - "version_value" : "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Content Validation Escape" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://success.trendmicro.com/solution/000245571" - }, - { - "url" : "https://success.trendmicro.com/solution/000245572" - }, - { - "url" : "https://success.trendmicro.com/jp/solution/000244253" - }, - { - "url" : "https://success.trendmicro.com/jp/solution/000244836" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2020-8468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)", + "version": { + "version_data": [ + { + "version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Content Validation Escape" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000245571", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000245571" + }, + { + "url": "https://success.trendmicro.com/jp/solution/000244253", + "refsource": "MISC", + "name": "https://success.trendmicro.com/jp/solution/000244253" + }, + { + "url": "https://success.trendmicro.com/solution/000245572", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000245572" + }, + { + "url": "https://success.trendmicro.com/jp/solution/000244836", + "refsource": "MISC", + "name": "https://success.trendmicro.com/jp/solution/000244836" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8470.json b/2020/8xxx/CVE-2020-8470.json index bd027d87c15..7b894d43bfd 100644 --- a/2020/8xxx/CVE-2020-8470.json +++ b/2020/8xxx/CVE-2020-8470.json @@ -1,69 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2020-8470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)", - "version" : { - "version_data" : [ - { - "version_value" : "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://success.trendmicro.com/solution/000245571" - }, - { - "url" : "https://success.trendmicro.com/solution/000245572" - }, - { - "url" : "https://success.trendmicro.com/jp/solution/000244253" - }, - { - "url" : "https://success.trendmicro.com/jp/solution/000244836" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2020-8470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)", + "version": { + "version_data": [ + { + "version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000245571", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000245571" + }, + { + "url": "https://success.trendmicro.com/jp/solution/000244253", + "refsource": "MISC", + "name": "https://success.trendmicro.com/jp/solution/000244253" + }, + { + "url": "https://success.trendmicro.com/solution/000245572", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000245572" + }, + { + "url": "https://success.trendmicro.com/jp/solution/000244836", + "refsource": "MISC", + "name": "https://success.trendmicro.com/jp/solution/000244836" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8598.json b/2020/8xxx/CVE-2020-8598.json index 9b3b2e542c2..b7c68bb03da 100644 --- a/2020/8xxx/CVE-2020-8598.json +++ b/2020/8xxx/CVE-2020-8598.json @@ -1,69 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2020-8598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)", - "version" : { - "version_data" : [ - { - "version_value" : "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://success.trendmicro.com/solution/000245571" - }, - { - "url" : "https://success.trendmicro.com/solution/000245572" - }, - { - "url" : "https://success.trendmicro.com/jp/solution/000244253" - }, - { - "url" : "https://success.trendmicro.com/jp/solution/000244836" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2020-8598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)", + "version": { + "version_data": [ + { + "version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000245571", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000245571" + }, + { + "url": "https://success.trendmicro.com/jp/solution/000244253", + "refsource": "MISC", + "name": "https://success.trendmicro.com/jp/solution/000244253" + }, + { + "url": "https://success.trendmicro.com/solution/000245572", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000245572" + }, + { + "url": "https://success.trendmicro.com/jp/solution/000244836", + "refsource": "MISC", + "name": "https://success.trendmicro.com/jp/solution/000244836" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8599.json b/2020/8xxx/CVE-2020-8599.json index 2d8655e7a62..2b94a9d3b87 100644 --- a/2020/8xxx/CVE-2020-8599.json +++ b/2020/8xxx/CVE-2020-8599.json @@ -1,63 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2020-8599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro OfficeScan, Trend Micro Apex One", - "version" : { - "version_data" : [ - { - "version_value" : "OfficeScan XG (12.0), Apex One 2019 (14.0)" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Arbitrary File Upload Directory Traversal" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://success.trendmicro.com/solution/000245571" - }, - { - "url" : "https://success.trendmicro.com/jp/solution/000244253" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2020-8599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro OfficeScan, Trend Micro Apex One", + "version": { + "version_data": [ + { + "version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0)" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Upload Directory Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000245571", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000245571" + }, + { + "url": "https://success.trendmicro.com/jp/solution/000244253", + "refsource": "MISC", + "name": "https://success.trendmicro.com/jp/solution/000244253" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8600.json b/2020/8xxx/CVE-2020-8600.json index 83c023584e6..76cb54578bc 100644 --- a/2020/8xxx/CVE-2020-8600.json +++ b/2020/8xxx/CVE-2020-8600.json @@ -1,66 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2020-8600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Worry-Free Business Security (WFBS)", - "version" : { - "version_data" : [ - { - "version_value" : "WFBS 9.0, 9.5 and 10.0" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal Auth Bypass" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://success.trendmicro.com/solution/000245572" - }, - { - "url" : "https://success.trendmicro.com/jp/solution/000244836" - }, - { - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-20-307/" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2020-8600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Worry-Free Business Security (WFBS)", + "version": { + "version_data": [ + { + "version_value": "WFBS 9.0, 9.5 and 10.0" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal Auth Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-307/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-307/" + }, + { + "url": "https://success.trendmicro.com/solution/000245572", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000245572" + }, + { + "url": "https://success.trendmicro.com/jp/solution/000244836", + "refsource": "MISC", + "name": "https://success.trendmicro.com/jp/solution/000244836" + } + ] + } +} \ No newline at end of file