From f300ef75cde2d04a06a8c00d7dae6909c48eb684 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 2 Apr 2021 15:00:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/21xxx/CVE-2021-21400.json | 2 +- 2021/28xxx/CVE-2021-28113.json | 70 +++++++++++++++++++++++++++++++--- 2021/28xxx/CVE-2021-28123.json | 56 ++++++++++++++++++++++++--- 2021/28xxx/CVE-2021-28124.json | 56 ++++++++++++++++++++++++--- 4 files changed, 165 insertions(+), 19 deletions(-) diff --git a/2021/21xxx/CVE-2021-21400.json b/2021/21xxx/CVE-2021-21400.json index 93185621064..a45b0d920cd 100644 --- a/2021/21xxx/CVE-2021-21400.json +++ b/2021/21xxx/CVE-2021-21400.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0.\n" + "value": "wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0." } ] }, diff --git a/2021/28xxx/CVE-2021-28113.json b/2021/28xxx/CVE-2021-28113.json index a01aa0d14d8..98f9130aed4 100644 --- a/2021/28xxx/CVE-2021-28113.json +++ b/2021/28xxx/CVE-2021-28113.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28113", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28113", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.okta.com/security-advisories/cve-2021-28113", + "url": "https://www.okta.com/security-advisories/cve-2021-28113" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:H/PR:H/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2021/28xxx/CVE-2021-28123.json b/2021/28xxx/CVE-2021-28123.json index 05a953cb4ec..899db692eab 100644 --- a/2021/28xxx/CVE-2021-28123.json +++ b/2021/28xxx/CVE-2021-28123.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28123", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28123", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/cohesity/SecAdvisory/blob/master/CVE-2021-28123.md", + "url": "https://github.com/cohesity/SecAdvisory/blob/master/CVE-2021-28123.md" } ] } diff --git a/2021/28xxx/CVE-2021-28124.json b/2021/28xxx/CVE-2021-28124.json index 391f0d27204..469ea3870f7 100644 --- a/2021/28xxx/CVE-2021-28124.json +++ b/2021/28xxx/CVE-2021-28124.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28124", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28124", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle (MITM) support channel UI session to Cohesity DataPlatform cluster." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/cohesity/SecAdvisory/blob/master/CVE-2021-28124.md", + "url": "https://github.com/cohesity/SecAdvisory/blob/master/CVE-2021-28124.md" } ] }