admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Added submissions from EMC from 2018-03-15 and 2018-03-16.

Browse Source
This commit is contained in:
CVE Team 2018-03-16 15:11:08 -04:00
parent 898158f3c9
commit e108b6d899
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
5 changed files with 242 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
2016/9xxx/CVE-2016-9880.json
View File

@ -1,8 +1,35 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2017-02-09T00:00:00",
"ID" : "CVE-2016-9880",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "GemFire broker for Cloud Foundry",
"version" : {
"version_data" : [
{
"version_value" : "1.6.x versions prior to 1.6.5"
},
{
"version_value" : "1.7.x versions prior to 1.7.1"
}
]
}
}
]
},
"vendor_name" : "Dell EMC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +38,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The GemFire broker for Cloud Foundry has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unauthenticated access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://pivotal.io/security/cve-2016-9880"
}
]
}

49
2017/14xxx/CVE-2017-14384.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2017-12-05T00:00:00",
"ID" : "CVE-2017-14384",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Dell Storage Manager",
"version" : {
"version_data" : [
{
"version_value" : "earlier than 16.3.20"
}
]
}
}
]
},
"vendor_name" : "Dell EMC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Resolved a directory traversal vulnerability (CVE-2017-14384). In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf"
}
]
}

52
2017/8xxx/CVE-2017-8013.json
View File

@ -1,8 +1,35 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2017-09-14T00:00:00",
"ID" : "CVE-2017-8013",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "EMC Data Protection Advisor",
"version" : {
"version_data" : [
{
"version_value" : "6.3.x"
},
{
"version_value" : "6.4.x"
}
]
}
}
]
},
"vendor_name" : "Dell EMC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +38,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "EMC Data Protection Advisor contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: \"Apollo System Test\", \"emc.dpa.agent.logon\" and \"emc.dpa.metrics.logon\". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Hardcoded Password Vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://seclists.org/fulldisclosure/2017/Sep/36"
}
]
}

55
2018/1xxx/CVE-2018-1199.json
View File

@ -1,8 +1,38 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2018-01-29T00:00:00",
"ID" : "CVE-2018-1199",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Spring by Pivotal",
"version" : {
"version_data" : [
{
"version_value" : "spring Security 4.1.0 - 4.1.4, 4.2.0 - 4.2.3, 5.0.0"
},
{
"version_value" : "Spring Framework 5.0.0 - 5.0.2, 4.3.0 - 4.3.13"
},
{
"version_value" : "Older unmaintained versions of Spring Security & Spring Framework were not analyzed and may be impacted"
}
]
}
}
]
},
"vendor_name" : "Dell EMC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +41,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification (see below). Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security bypass with static"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://pivotal.io/security/cve-2018-1199"
}
]
}

49
2018/1xxx/CVE-2018-1200.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2018-02-13T00:00:00",
"ID" : "CVE-2018-1200",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apps Manager for PCF",
"version" : {
"version_data" : [
{
"version_value" : "Pivotal Application Service: 1.11.x versions prior to 1.11.26, 1.12.x versions prior to 1.12.14, 2.0.x versions prior to 2.0.5, Please note: PAS versions prior to 1.11 are not affected."
}
]
}
}
]
},
"vendor_name" : "Dell EMC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Apps Manager for PCF allows unprivileged remote file read in its container via specially-crafted links."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "File Access Vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://pivotal.io/security/cve-2018-1200"
}
]
}