"-Synchronized-Data."

2025-07-30 18:04:30 +00:00 · 2025-05-31 18:00:40 +00:00 · 2025-05-31 18:00:40 +00:00 · dd98df2b2c
commit dd98df2b2c
parent 4f0873874e
2 changed files with 200 additions and 8 deletions
--- a/2025/5xxx/CVE-2025-5386.json
+++ b/2025/5xxx/CVE-2025-5386.json
@ -1,17 +1,113 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2025-5386",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability was found in JeeWMS up to 20250504. It has been rated as critical. This issue affects the function transEditor of the file /cgformTransController.do?transEditor. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable."
+            },
+            {
+                "lang": "deu",
+                "value": "Eine Schwachstelle wurde in JeeWMS bis 20250504 ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion transEditor der Datei /cgformTransController.do?transEditor. Mittels Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "SQL Injection",
+                        "cweId": "CWE-89"
+                    }
+                ]
+            },
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Injection",
+                        "cweId": "CWE-74"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "JeeWMS",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "20250504"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.310679",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.310679"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.310679",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.310679"
+            },
+            {
+                "url": "https://gitee.com/erzhongxmu/JEEWMS/issues/IC5FNV",
+                "refsource": "MISC",
+                "name": "https://gitee.com/erzhongxmu/JEEWMS/issues/IC5FNV"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "VulDB Gitee Analyzer"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 6.3,
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 6.3,
+                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 6.5,
+                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
            }
        ]
    }
--- a/2025/5xxx/CVE-2025-5387.json
+++ b/2025/5xxx/CVE-2025-5387.json
@ -1,17 +1,113 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2025-5387",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability classified as critical has been found in JeeWMS up to 20250504. Affected is the function dogenerate of the file /generateController.do?dogenerate of the component File Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available."
+            },
+            {
+                "lang": "deu",
+                "value": "Es wurde eine kritische Schwachstelle in JeeWMS bis 20250504 entdeckt. Es betrifft die Funktion dogenerate der Datei /generateController.do?dogenerate der Komponente File Handler. Durch das Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Improper Access Controls",
+                        "cweId": "CWE-284"
+                    }
+                ]
+            },
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Incorrect Privilege Assignment",
+                        "cweId": "CWE-266"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "JeeWMS",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "20250504"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.310680",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.310680"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.310680",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.310680"
+            },
+            {
+                "url": "https://gitee.com/erzhongxmu/JEEWMS/issues/IC5FNV",
+                "refsource": "MISC",
+                "name": "https://gitee.com/erzhongxmu/JEEWMS/issues/IC5FNV"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "VulDB Gitee Analyzer"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 6.3,
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 6.3,
+                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 6.5,
+                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
            }
        ]
    }