From db143085cdedb586f75f591d9f837cc52102c2b7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 29 Nov 2024 08:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/11xxx/CVE-2024-11481.json | 84 ++++++++++++++++++++++++++++++-- 2024/11xxx/CVE-2024-11482.json | 84 ++++++++++++++++++++++++++++++-- 2024/11xxx/CVE-2024-11984.json | 18 +++++++ 2024/11xxx/CVE-2024-11985.json | 18 +++++++ 2024/11xxx/CVE-2024-11986.json | 18 +++++++ 2024/11xxx/CVE-2024-11987.json | 18 +++++++ 2024/11xxx/CVE-2024-11988.json | 18 +++++++ 2024/9xxx/CVE-2024-9044.json | 88 ++++++++++++++++++++++++++++++++-- 8 files changed, 333 insertions(+), 13 deletions(-) create mode 100644 2024/11xxx/CVE-2024-11984.json create mode 100644 2024/11xxx/CVE-2024-11985.json create mode 100644 2024/11xxx/CVE-2024-11986.json create mode 100644 2024/11xxx/CVE-2024-11987.json create mode 100644 2024/11xxx/CVE-2024-11988.json diff --git a/2024/11xxx/CVE-2024-11481.json b/2024/11xxx/CVE-2024-11481.json index 00386eeb508..8b1dbca00fa 100644 --- a/2024/11xxx/CVE-2024-11481.json +++ b/2024/11xxx/CVE-2024-11481.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11481", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "trellixpsirt@trellix.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Trellix", + "product": { + "product_data": [ + { + "product_name": "Trellix Enterprise Security Manager (ESM)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.6.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://thrive.trellix.com/s/article/000014058", + "refsource": "MISC", + "name": "https://thrive.trellix.com/s/article/000014058" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafal Gill" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/11xxx/CVE-2024-11482.json b/2024/11xxx/CVE-2024-11482.json index b471b591973..6b1d0ebb1f1 100644 --- a/2024/11xxx/CVE-2024-11482.json +++ b/2024/11xxx/CVE-2024-11482.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11482", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "trellixpsirt@trellix.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Trellix", + "product": { + "product_data": [ + { + "product_name": "Trellix Enterprise Security Manager (ESM)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.6.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://thrive.trellix.com/s/article/000014058#h2_0", + "refsource": "MISC", + "name": "https://thrive.trellix.com/s/article/000014058#h2_0" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafal Gill" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/11xxx/CVE-2024-11984.json b/2024/11xxx/CVE-2024-11984.json new file mode 100644 index 00000000000..2519c51ce6a --- /dev/null +++ b/2024/11xxx/CVE-2024-11984.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11984", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11985.json b/2024/11xxx/CVE-2024-11985.json new file mode 100644 index 00000000000..308a1c6c395 --- /dev/null +++ b/2024/11xxx/CVE-2024-11985.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11985", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11986.json b/2024/11xxx/CVE-2024-11986.json new file mode 100644 index 00000000000..dfca96f72f6 --- /dev/null +++ b/2024/11xxx/CVE-2024-11986.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11986", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11987.json b/2024/11xxx/CVE-2024-11987.json new file mode 100644 index 00000000000..8a83898827c --- /dev/null +++ b/2024/11xxx/CVE-2024-11987.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11987", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11988.json b/2024/11xxx/CVE-2024-11988.json new file mode 100644 index 00000000000..467e1aa823b --- /dev/null +++ b/2024/11xxx/CVE-2024-11988.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11988", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9044.json b/2024/9xxx/CVE-2024-9044.json index da3ccdf2a8f..f55fc387940 100644 --- a/2024/9xxx/CVE-2024-9044.json +++ b/2024/9xxx/CVE-2024-9044.json @@ -1,18 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9044", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerability@ncsc.ch", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 Improper Restriction of XML External Entity Reference", + "cweId": "CWE-611" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-827 Improper Control of Document Type Definition", + "cweId": "CWE-827" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "msg Suisse AG", + "product": { + "product_data": [ + { + "product_name": "EasyTax", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2023", + "version_value": "1.2" + }, + { + "version_affected": "<=", + "version_name": "2022", + "version_value": "1.3" + }, + { + "version_affected": "<=", + "version_name": "<= 2021", + "version_value": "*" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ag.ch/de/verwaltung/dfr/steuern/natuerliche-personen/steuererklaerung-easytax", + "refsource": "MISC", + "name": "https://www.ag.ch/de/verwaltung/dfr/steuern/natuerliche-personen/steuererklaerung-easytax" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Manuel Kiesel (cyllective AG)" + } + ] } \ No newline at end of file