admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixing EMC submission due to invalid characters.

Browse Source
This commit is contained in:
CVE Team 2018-11-02 17:16:13 -04:00
parent af69bd57ce
commit d784dad763
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
2 changed files with 150 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
2018/11xxx/CVE-2018-11062.json
View File

@ -1,18 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11062",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-10-29T16:00:00.000Z",
"ID": "CVE-2018-11062",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "2.X",
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Oct/53"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

118
2018/15xxx/CVE-2018-15762.json
View File

@ -1,39 +1,99 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"DATE_PUBLIC" : "2018-10-29T07:00:00.000Z",
"ID" : "CVE-2018-15762",
"STATE" : "RESERVED",
"TITLE" : "Pivotal Operations Manager gives all users heightened privileges"
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-10-29T07:00:00.000Z",
"ID": "CVE-2018-15762",
"STATE": "PUBLIC",
"TITLE": "Pivotal Operations Manager gives all users heightened privileges"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Operations Manager",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "2.0.x",
"version_value": "2.0.24"
},
{
"affected": "<",
"version_name": "2.1.x",
"version_value": "2.1.15"
},
{
"affected": "<",
"version_name": "2.2.x",
"version_value": "2.2.7"
},
{
"affected": "<",
"version_name": "2.3.x",
"version_value": "2.3.1"
}
]
}
}
]
},
"vendor_name": "Pivotal Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "ADJACENT_NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 9,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version" : "3.0"
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"source" : {
"discovery" : "UNKNOWN"
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-15762"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}