diff --git a/2023/0xxx/CVE-2023-0012.json b/2023/0xxx/CVE-2023-0012.json index b5120923315..1f5c050880b 100644 --- a/2023/0xxx/CVE-2023-0012.json +++ b/2023/0xxx/CVE-2023-0012.json @@ -36,7 +36,7 @@ "product": { "product_data": [ { - "product_name": "SAP Host Agent (Windows)", + "product_name": "Host Agent (Windows)", "version": { "version_data": [ { diff --git a/2023/0xxx/CVE-2023-0014.json b/2023/0xxx/CVE-2023-0014.json index a9f6ae49fa4..4d3f80f14b8 100644 --- a/2023/0xxx/CVE-2023-0014.json +++ b/2023/0xxx/CVE-2023-0014.json @@ -1,17 +1,192 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0014", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-294 Authentication Bypass by Capture-replay", + "cweId": "CWE-294" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP", + "product": { + "product_data": [ + { + "product_name": "NetWeaver ABAP Server and ABAP Platform", + "version": { + "version_data": [ + { + "version_value": "SAP_BASIS 701", + "version_affected": "=" + }, + { + "version_value": "SAP_BASIS 702", + "version_affected": "=" + }, + { + "version_value": "SAP_BASIS 710", + "version_affected": "=" + }, + { + "version_value": "SAP_BASIS 711", + "version_affected": "=" + }, + { + "version_value": "SAP_BASIS 730", + "version_affected": "=" + }, + { + "version_value": "SAP_BASIS 731", + "version_affected": "=" + }, + { + "version_value": "SAP_BASIS 740", + "version_affected": "=" + }, + { + "version_value": "SAP_BASIS 750", + "version_affected": "=" + }, + { + "version_value": "SAP_BASIS 751", + "version_affected": "=" + }, + { + "version_value": "SAP_BASIS 752", + "version_affected": "=" + }, + { + "version_value": "SAP_BASIS 753", + "version_affected": "=" + }, + { + "version_value": "SAP_BASIS 754", + "version_affected": "=" + }, + { + "version_value": "SAP_BASIS 755", + "version_affected": "=" + }, + { + "version_value": "SAP_BASIS 756", + "version_affected": "=" + }, + { + "version_value": "SAP_BASIS 757", + "version_affected": "=" + }, + { + "version_value": "KERNEL 7.22", + "version_affected": "=" + }, + { + "version_value": "KERNEL 7.53", + "version_affected": "=" + }, + { + "version_value": "KERNEL 7.77", + "version_affected": "=" + }, + { + "version_value": "KERNEL 7.81", + "version_affected": "=" + }, + { + "version_value": "KERNEL 7.85", + "version_affected": "=" + }, + { + "version_value": "KERNEL 7.89", + "version_affected": "=" + }, + { + "version_value": "KRNL64UC 7.22", + "version_affected": "=" + }, + { + "version_value": "KRNL64UC 7.22EXT", + "version_affected": "=" + }, + { + "version_value": "KRNL64UC 7.53", + "version_affected": "=" + }, + { + "version_value": "KRNL64NUC 7.22", + "version_affected": "=" + }, + { + "version_value": "KRNL64NUC 7.22EXT", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3089413", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3089413" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/0xxx/CVE-2023-0015.json b/2023/0xxx/CVE-2023-0015.json index 915819136cf..f1dc6ecfb93 100644 --- a/2023/0xxx/CVE-2023-0015.json +++ b/2023/0xxx/CVE-2023-0015.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0015", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP", + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence Platform", + "version": { + "version_data": [ + { + "version_value": "420", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3251447", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3251447" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/0xxx/CVE-2023-0016.json b/2023/0xxx/CVE-2023-0016.json index e35e872be58..bed7157dc16 100644 --- a/2023/0xxx/CVE-2023-0016.json +++ b/2023/0xxx/CVE-2023-0016.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0016", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP", + "product": { + "product_data": [ + { + "product_name": "SAP BPC MS 10.0", + "version": { + "version_data": [ + { + "version_value": "800", + "version_affected": "=" + }, + { + "version_value": "810", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3275391", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3275391" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/0xxx/CVE-2023-0017.json b/2023/0xxx/CVE-2023-0017.json index e5fc9df4cac..9efccc3c2c5 100644 --- a/2023/0xxx/CVE-2023-0017.json +++ b/2023/0xxx/CVE-2023-0017.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0017", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access to user data, make modifications to user data, and make services within the system unavailable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper access control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP", + "product": { + "product_data": [ + { + "product_name": "NetWeaver AS for Java", + "version": { + "version_data": [ + { + "version_value": "7.50", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3268093", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3268093" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 9.4, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2023/0xxx/CVE-2023-0018.json b/2023/0xxx/CVE-2023-0018.json index 4b5126789b2..4f21afacd6f 100644 --- a/2023/0xxx/CVE-2023-0018.json +++ b/2023/0xxx/CVE-2023-0018.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0018", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. Once these reports are viewable, anyone who opens those reports would be susceptible to stored XSS attacks. As a result of the attack, information maintained in the victim's web browser can be read, modified, and sent to the attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP", + "product": { + "product_data": [ + { + "product_name": "BusinessObjects Business Intelligence Platform (Central management console)", + "version": { + "version_data": [ + { + "version_value": "420", + "version_affected": "=" + }, + { + "version_value": "430", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3266006", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3266006" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/0xxx/CVE-2023-0022.json b/2023/0xxx/CVE-2023-0022.json index 44bedb7283a..08dc5b356ee 100644 --- a/2023/0xxx/CVE-2023-0022.json +++ b/2023/0xxx/CVE-2023-0022.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0022", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on the confidentiality, integrity, and availability of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP", + "product": { + "product_data": [ + { + "product_name": "BusinessObjects Business Intelligence platform (Analysis edition for OLAP)", + "version": { + "version_data": [ + { + "version_value": "420", + "version_affected": "=" + }, + { + "version_value": "430", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3262810", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3262810" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/0xxx/CVE-2023-0023.json b/2023/0xxx/CVE-2023-0023.json index 4b96ca30469..cc24ced5e9d 100644 --- a/2023/0xxx/CVE-2023-0023.json +++ b/2023/0xxx/CVE-2023-0023.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0023", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL. They might get captured in log files, bookmarks, and so on disclosing sensitive data of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP", + "product": { + "product_data": [ + { + "product_name": "Bank Account Management (Manage Banks)", + "version": { + "version_data": [ + { + "version_value": "800", + "version_affected": "=" + }, + { + "version_value": "900", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3150704", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3150704" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/0xxx/CVE-2023-0143.json b/2023/0xxx/CVE-2023-0143.json new file mode 100644 index 00000000000..9b6f4232a7d --- /dev/null +++ b/2023/0xxx/CVE-2023-0143.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0143", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0144.json b/2023/0xxx/CVE-2023-0144.json new file mode 100644 index 00000000000..a9c61b64d82 --- /dev/null +++ b/2023/0xxx/CVE-2023-0144.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0144", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22320.json b/2023/22xxx/CVE-2023-22320.json index c2734942fdd..4942527a99d 100644 --- a/2023/22xxx/CVE-2023-22320.json +++ b/2023/22xxx/CVE-2023-22320.json @@ -1,66 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2023-22320", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "OpenAM consortium", - "product": { - "product_data": [ - { - "product_name": "OpenAM Web Policy Agent (OpenAM Consortium Edition)", - "version": { - "version_data": [ - { - "version_value": "4.1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-22: Path Traversal" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/openam-jp/web-agents/issues/3", - "refsource": "CONFIRM", - "name": "https://github.com/openam-jp/web-agents/issues/3" - }, - { - "url": "https://jvn.jp/en/vu/JVN91740661/", - "refsource": "JVN", - "name": "OpenAM Web Policy Agent (OpenAM Consortium Edition) vulnerable to path traversal" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22). Furthermore, a crafted URL may be evaluated incorrectly." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22320", + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenAM consortium", + "product": { + "product_data": [ + { + "product_name": "OpenAM Web Policy Agent (OpenAM Consortium Edition)", + "version": { + "version_data": [ + { + "version_value": "4.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openam-jp/web-agents/issues/3", + "refsource": "CONFIRM", + "name": "https://github.com/openam-jp/web-agents/issues/3" + }, + { + "url": "https://jvn.jp/en/vu/JVN91740661/", + "refsource": "JVN", + "name": "OpenAM Web Policy Agent (OpenAM Consortium Edition) vulnerable to path traversal" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22). Furthermore, a crafted URL may be evaluated incorrectly." + } + ] + } +} \ No newline at end of file