admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2160 from CVEProject/sapbranch

Browse Source 
merging publication request.
This commit is contained in:
CVE Team 2019-06-12 12:11:13 -04:00 committed by GitHub
commit dd9affc456
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 416 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2019/0xxx/CVE-2019-0304.json
View File

@ -185,4 +185,4 @@
}
]
}
}
}

2
2019/0xxx/CVE-2019-0305.json
View File

@ -85,4 +85,4 @@
}
]
}
}
}

2
2019/0xxx/CVE-2019-0306.json
View File

@ -65,4 +65,4 @@
}
]
}
}
}

2
2019/0xxx/CVE-2019-0307.json
View File

@ -65,4 +65,4 @@
}
]
}
}
}

2
2019/0xxx/CVE-2019-0308.json
View File

@ -81,4 +81,4 @@
}
]
}
}
}

107
2019/0xxx/CVE-2019-0311.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0311",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0311",
"ASSIGNER": "cna@sap.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP R/3 Enterprise Application",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "6.0"
},
{
"version_name": "<",
"version_value": "6.02"
},
{
"version_name": "<",
"version_value": "6.03"
},
{
"version_name": "<",
"version_value": "6.04"
},
{
"version_name": "<",
"version_value": "6.05"
},
{
"version_name": "<",
"version_value": "6.06"
},
{
"version_name": "<",
"version_value": "6.16"
},
{
"version_name": "<",
"version_value": "6.17"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Automotive Dealer Portal in SAP R/3 Enterprise Application (versions: 600, 602, 603, 604, 605, 606, 616, 617) does not sufficiently encode user-controlled inputs, this makes it possible for an attacker to send unwanted scripts to the browser of the victim using unwanted input and execute malicious code there, resulting in Cross-Site Scripting (XSS) vulnerability."
}
]
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Cross-Site Scripting"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://launchpad.support.sap.com/#/notes/2728153"
},
{
"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
}
]
}
}

125
2019/0xxx/CVE-2019-0312.json
View File

@ -1,18 +1,111 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0312",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0312",
"ASSIGNER": "cna@sap.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Process Integration(SAP_XIESR)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.10 to 7.11"
},
{
"version_name": "<",
"version_value": "7.20"
},
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}, {
"product_name": "SAP NetWeaver Process Integration(SAP_XITOOL)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.10 to 7.11"
},
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password protected. An attacker could access landscape information like host names, ports or other technical data in the absence of restrictive firewall and port settings."
}
]
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Information Disclosure"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://launchpad.support.sap.com/#/notes/2744086"
},
{
"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
}
]
}
}

98
2019/0xxx/CVE-2019-0314.json
View File

@ -1,18 +1,84 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0314",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0314",
"ASSIGNER": "cna@sap.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Work Manager",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "6.3"
},
{
"version_name": "<",
"version_value": "6.4"
},
{
"version_name": "<",
"version_value": "6.5"
}
]
}
},
{
"product_name": "SAP Inventory Manager",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "4.3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Work Manager, versions: 6.3, 6.4, 6.5 and SAP Inventory Manager, version 4.3, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
]
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Denial of Service"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://launchpad.support.sap.com/#/notes/2793805"
},
{
"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
}
]
}
}

145
2019/0xxx/CVE-2019-0315.json
View File

@ -1,18 +1,131 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0315",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0315",
"ASSIGNER": "cna@sap.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Process Integration(SAP_XIESR)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.10 to 7.11"
},
{
"version_name": "<",
"version_value": "7.20"
},
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
},
{
"product_name": "SAP NetWeaver Process Integration(SAP_XITOOL)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.10 to 7.11"
},
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
},
{
"product_name": "SAP NetWeaver Process Integration(SAP_XIPCK)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.10 to 7.11"
},
{
"version_name": "<",
"version_value": "7.20"
},
{
"version_name": "<",
"version_value": "7.30"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30) allows an attacker to access passwords used in FTP channels leading to information disclosure."
}
]
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Information Disclosure"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://launchpad.support.sap.com/#/notes/2755438"
},
{
"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
}
]
}
}