From e9afcd4aa194285333c539573eb06d43af9a31be Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 27 Dec 2024 20:00:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/54xxx/CVE-2024-54450.json | 61 ++++++++++++++++++++++++++++--- 2024/54xxx/CVE-2024-54451.json | 67 +++++++++++++++++++++++++++++++--- 2024/54xxx/CVE-2024-54452.json | 67 +++++++++++++++++++++++++++++++--- 2024/54xxx/CVE-2024-54453.json | 67 +++++++++++++++++++++++++++++++--- 2024/54xxx/CVE-2024-54454.json | 67 +++++++++++++++++++++++++++++++--- 5 files changed, 299 insertions(+), 30 deletions(-) diff --git a/2024/54xxx/CVE-2024-54450.json b/2024/54xxx/CVE-2024-54450.json index 257b003dded..3d5b03cfbe0 100644 --- a/2024/54xxx/CVE-2024-54450.json +++ b/2024/54xxx/CVE-2024-54450.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-54450", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-54450", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is received during authentication, the Kurmi application will record the (possibly forged) IP address mentioned in that header rather than the real IP address that the user logged in from. This fake IP address can later be displayed in the My Account popup that shows the IP address that was used to log in." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kurmi-software.com", + "refsource": "MISC", + "name": "https://kurmi-software.com" + }, + { + "refsource": "CONFIRM", + "name": "https://kurmi-software.com/cve/cve-2024-54450/", + "url": "https://kurmi-software.com/cve/cve-2024-54450/" } ] } diff --git a/2024/54xxx/CVE-2024-54451.json b/2024/54xxx/CVE-2024-54451.json index 747afaa3c47..29fccfd0288 100644 --- a/2024/54xxx/CVE-2024-54451.json +++ b/2024/54xxx/CVE-2024-54451.json @@ -1,18 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-54451", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-54451", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers (authenticated as system administrators) to inject arbitrary web script or HTML via the COMPONENT_fields(htmlTitle) field, which is rendered in other pages of the application for all users (if the graphical customization has been activated by a super-administrator)." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kurmi-software.com", + "refsource": "MISC", + "name": "https://kurmi-software.com" + }, + { + "refsource": "CONFIRM", + "name": "https://kurmi-software.com/cve/cve-2024-54451/", + "url": "https://kurmi-software.com/cve/cve-2024-54451/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2024/54xxx/CVE-2024-54452.json b/2024/54xxx/CVE-2024-54452.json index 4a4721fb0b2..6408e34d0d7 100644 --- a/2024/54xxx/CVE-2024-54452.json +++ b/2024/54xxx/CVE-2024-54452.json @@ -1,18 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-54452", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-54452", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35 and 7.10.x through 7.10.0.18. A Directory Traversal and Local File Inclusion vulnerability in the logsSys.do page allows remote attackers (authenticated as administrators) to trigger the display of unintended files. Any file accessible to the Kurmi user account could be displayed, e.g., configuration files with information such as the database password." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kurmi-software.com", + "refsource": "MISC", + "name": "https://kurmi-software.com" + }, + { + "refsource": "CONFIRM", + "name": "https://kurmi-software.com/cve/cve-2024-54452/", + "url": "https://kurmi-software.com/cve/cve-2024-54452/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2024/54xxx/CVE-2024-54453.json b/2024/54xxx/CVE-2024-54453.json index e11c1494376..e3685433103 100644 --- a/2024/54xxx/CVE-2024-54453.json +++ b/2024/54xxx/CVE-2024-54453.json @@ -1,18 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-54453", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-54453", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. A path traversal vulnerability in the DocServlet servlet allows remote attackers to retrieve any file from the Kurmi web application installation folder, e.g., files such as the obfuscated and/or compiled Kurmi source code." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kurmi-software.com", + "refsource": "MISC", + "name": "https://kurmi-software.com" + }, + { + "refsource": "CONFIRM", + "name": "https://kurmi-software.com/cve/cve-2024-54453/", + "url": "https://kurmi-software.com/cve/cve-2024-54453/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2024/54xxx/CVE-2024-54454.json b/2024/54xxx/CVE-2024-54454.json index f002eb0577e..0fc051c3830 100644 --- a/2024/54xxx/CVE-2024-54454.json +++ b/2024/54xxx/CVE-2024-54454.json @@ -1,18 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-54454", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-54454", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. An Observable Response Discrepancy vulnerability in the sendPasswordReinitLink action of the unlogged.do page allows remote attackers to test whether a username is valid or not. This allows confirmation of valid usernames." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kurmi-software.com", + "refsource": "MISC", + "name": "https://kurmi-software.com" + }, + { + "refsource": "CONFIRM", + "name": "https://kurmi-software.com/cve-2024-54454/", + "url": "https://kurmi-software.com/cve-2024-54454/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1", + "version": "3.1" + } } } \ No newline at end of file