diff --git a/2017/12xxx/CVE-2017-12741.json b/2017/12xxx/CVE-2017-12741.json index 5151121aaae..df28bdc5241 100644 --- a/2017/12xxx/CVE-2017-12741.json +++ b/2017/12xxx/CVE-2017-12741.json @@ -210,7 +210,24 @@ "references" : { "reference_data" : [ { + "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf", + "refsource" : "CONFIRM", "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf" + }, + { + "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf", + "refsource" : "CONFIRM", + "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf" + }, + { + "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf", + "refsource" : "CONFIRM", + "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf" + }, + { + "name" : "101964", + "refsource" : "BID", + "url" : "http://www.securityfocus.com/bid/101964" } ] } diff --git a/2017/3xxx/CVE-2017-3907.json b/2017/3xxx/CVE-2017-3907.json index ed30dc7f3e9..ce7902c1c39 100644 --- a/2017/3xxx/CVE-2017-3907.json +++ b/2017/3xxx/CVE-2017-3907.json @@ -1,86 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@mcafee.com", - "ID": "CVE-2017-3907", - "STATE": "PUBLIC", - "TITLE": "McAfee Threat Intelligence Exchange (TIE) Server - Code Injection vulnerability" + "CVE_data_meta" : { + "ASSIGNER" : "psirt@mcafee.com", + "ID" : "CVE-2017-3907", + "STATE" : "PUBLIC", + "TITLE" : "McAfee Threat Intelligence Exchange (TIE) Server - Code Injection vulnerability" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "Threat Intelligence Exchange (TIE) Server", - "version": { - "version_data": [ + "product_name" : "Threat Intelligence Exchange (TIE) Server", + "version" : { + "version_data" : [ { - "affected": "<", - "platform": "x86", - "version_name": "2.1.0", - "version_value": "2.1.0 Hotfix 1" + "affected" : "<", + "platform" : "x86", + "version_name" : "2.1.0", + "version_value" : "2.1.0 Hotfix 1" } ] } } ] }, - "vendor_name": "McAfee" + "vendor_name" : "McAfee" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector.\n" + "lang" : "eng", + "value" : "Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector." } ] }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 5.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L", - "version": "3.0" + "impact" : { + "cvss" : { + "attackComplexity" : "HIGH", + "attackVector" : "NETWORK", + "availabilityImpact" : "LOW", + "baseScore" : 5.4, + "baseSeverity" : "MEDIUM", + "confidentialityImpact" : "LOW", + "integrityImpact" : "NONE", + "privilegesRequired" : "NONE", + "scope" : "CHANGED", + "userInteraction" : "NONE", + "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L", + "version" : "3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Code Injection vulnerability" + "lang" : "eng", + "value" : "Code Injection vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10207", - "refsource": "CONFIRM", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10207" + "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10207", + "refsource" : "CONFIRM", + "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10207" } ] }, - "source": { - "advisory": "SB10207", - "discovery": "INTERNAL" + "source" : { + "advisory" : "SB10207", + "discovery" : "INTERNAL" } } diff --git a/2017/3xxx/CVE-2017-3936.json b/2017/3xxx/CVE-2017-3936.json index 43055248aff..e6a6b0c6efd 100644 --- a/2017/3xxx/CVE-2017-3936.json +++ b/2017/3xxx/CVE-2017-3936.json @@ -1,98 +1,98 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@mcafee.com", - "ID": "CVE-2017-3936", - "STATE": "PUBLIC", - "TITLE": "McAfee ePolicy Orchestrator (ePO) - OS Command Injection vulnerability" + "CVE_data_meta" : { + "ASSIGNER" : "psirt@mcafee.com", + "ID" : "CVE-2017-3936", + "STATE" : "PUBLIC", + "TITLE" : "McAfee ePolicy Orchestrator (ePO) - OS Command Injection vulnerability" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "ePolicy Orchestrator (ePO)", - "version": { - "version_data": [ + "product_name" : "ePolicy Orchestrator (ePO)", + "version" : { + "version_data" : [ { - "affected": "<", - "platform": "x86", - "version_name": "5.1", - "version_value": "5.3.3" + "affected" : "<", + "platform" : "x86", + "version_name" : "5.1", + "version_value" : "5.3.3" }, { - "affected": "<", - "platform": "x86", - "version_name": "5.3", - "version_value": "5.3.3" + "affected" : "<", + "platform" : "x86", + "version_name" : "5.3", + "version_value" : "5.3.3" }, { - "affected": "<", - "platform": "x86", - "version_name": "5.9", - "version_value": "5.9.1" + "affected" : "<", + "platform" : "x86", + "version_name" : "5.9", + "version_value" : "5.9.1" } ] } } ] }, - "vendor_name": "McAfee" + "vendor_name" : "McAfee" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited priviledges via not sanitizing the user input data before exporting it into a CSV format output.\n" + "lang" : "eng", + "value" : "OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "NONE", - "baseScore": 6.2, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" + "impact" : { + "cvss" : { + "attackComplexity" : "LOW", + "attackVector" : "LOCAL", + "availabilityImpact" : "NONE", + "baseScore" : 6.2, + "baseSeverity" : "MEDIUM", + "confidentialityImpact" : "HIGH", + "integrityImpact" : "NONE", + "privilegesRequired" : "NONE", + "scope" : "UNCHANGED", + "userInteraction" : "NONE", + "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version" : "3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "OS Command Injection vulnerability" + "lang" : "eng", + "value" : "OS Command Injection vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10227", - "refsource": "CONFIRM", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10227" + "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10227", + "refsource" : "CONFIRM", + "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10227" } ] }, - "source": { - "advisory": "SB10227", - "discovery": "INTERNAL" + "source" : { + "advisory" : "SB10227", + "discovery" : "INTERNAL" } }