Auto-merge PR#3139

2025-08-04 08:44:25 +00:00 · 2020-01-27 17:35:18 -05:00 · 2020-01-27 17:35:18 -05:00 · e24704fbb0
commit e24704fbb0
parent d70a21ea9e b70c33849b
2 changed files with 4 additions and 10 deletions
--- a/2020/3xxx/CVE-2020-3134.json
+++ b/2020/3xxx/CVE-2020-3134.json
@ -18,7 +18,7 @@
                                    "version_data": [
                                        {
                                            "affected": "<",
-                                            "version_value": "n/a"
+                                            "version_value": "13.0"
                                        }
                                    ]
                                }
@ -37,16 +37,10 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "[CVE-2020-3134_su] A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition."
+                "value": "A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. This vulnerability affects Cisco AsyncOS Software for Cisco ESA releases earlier than 13.0."
            }
        ]
    },
-    "exploit": [
-        {
-            "lang": "eng",
-            "value": "[CVE-2020-3134_ex] "
-        }
-    ],
    "impact": {
        "cvss": {
            "baseScore": "6.5",
@ -84,4 +78,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2020/3xxx/CVE-2020-3136.json
+++ b/2020/3xxx/CVE-2020-3136.json
@ -37,7 +37,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. This vulnerability affected Cisco Jabber Guest releases 11.1(2) and earlier."
+                "value": "A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. This vulnerability affects Cisco Jabber Guest releases 11.1(2) and earlier."
            }
        ]
    },