From e76ca2874ee17ea22c1e45ea9734dbf96b930fcd Mon Sep 17 00:00:00 2001
From: DellEMCProductSecurity <security_alert@emc.com>
Date: Thu, 17 Jan 2019 16:24:36 -0500
Subject: [PATCH] Added CVE-2018-15784,CVE-2019-3772,3773,3774

---
 2018/15xxx/CVE-2018-15784.json | 89 +++++++++++++++++++++++++++++-----
 2019/3xxx/CVE-2019-3772.json   | 19 +-------
 2019/3xxx/CVE-2019-3773.json   | 19 +-------
 2019/3xxx/CVE-2019-3774.json   | 19 +-------
 4 files changed, 80 insertions(+), 66 deletions(-)

diff --git a/2018/15xxx/CVE-2018-15784.json b/2018/15xxx/CVE-2018-15784.json
index b732e624cdf..42eef5b954f 100644
--- a/2018/15xxx/CVE-2018-15784.json
+++ b/2018/15xxx/CVE-2018-15784.json
@@ -1,18 +1,83 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-15784",
-      "STATE" : "RESERVED"
+   "CVE_data_meta": {
+      "ASSIGNER": "secure@dell.com",
+      "DATE_PUBLIC": "2019-01-14T14:37:00.000Z",
+      "ID": "CVE-2018-15784",
+      "STATE": "PUBLIC",
+      "TITLE": "DSA-2019-001: Dell Networking OS10 Improper Certificate Validation Vulnerability"
    },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "Dell Networking OS10",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": "<",
+                                 "version_value": "10.4.3.0"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Dell"
+            }
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
          {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "lang": "eng",
+            "value": "Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server’s certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack."
          }
       ]
+   },
+   "impact": {
+      "cvss": {
+         "attackComplexity": "HIGH",
+         "attackVector": "NETWORK",
+         "availabilityImpact": "NONE",
+         "baseScore": 7.4,
+         "baseSeverity": "HIGH",
+         "confidentialityImpact": "HIGH",
+         "integrityImpact": "HIGH",
+         "privilegesRequired": "NONE",
+         "scope": "UNCHANGED",
+         "userInteraction": "NONE",
+         "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
+         "version": "3.0"
+      }
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "Improper Certificate Validation"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "refsource": "CONFIRM",
+            "url": "https://www.dell.com/support/article/us/en/04/sln315899/dsa-2019-001-dell-networking-os10-improper-certificate-validation-vulnerability?lang=en"
+         }
+      ]
+   },
+   "source": {
+      "discovery": "EXTERNAL"
    }
-}
+}
\ No newline at end of file
diff --git a/2019/3xxx/CVE-2019-3772.json b/2019/3xxx/CVE-2019-3772.json
index 7ef02f269dc..df798bef05a 100644
--- a/2019/3xxx/CVE-2019-3772.json
+++ b/2019/3xxx/CVE-2019-3772.json
@@ -1,18 +1 @@
-{
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2019-3772",
-      "STATE" : "RESERVED"
-   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
-         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
-         }
-      ]
-   }
-}
+{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2019-01-15T20:30:16.000Z","ID":"CVE-2019-3772","STATE":"PUBLIC","TITLE":"Spring Integration XML External Entity Injection (XXE) "},"source":{"discovery":"UNKNOWN"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Spring Integration","version":{"version_data":[{"affected":"<","version_name":"5.0","version_value":"v5.0.10.RELEASE"},{"affected":"<","version_name":"5.1","version_value":"v5.1.1.RELEASE"},{"affected":"<","version_name":"4.3","version_value":"v4.3.18.RELEASE"}]}}]},"vendor_name":"Spring"}]}},"description":{"description_data":[{"lang":"eng","value":"Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-611: XML External Entities (XXE)"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","url":"https://pivotal.io/security/cve-2019-3772"}]},"impact":null}
\ No newline at end of file
diff --git a/2019/3xxx/CVE-2019-3773.json b/2019/3xxx/CVE-2019-3773.json
index fc0dcebd5c1..e54cf354d97 100644
--- a/2019/3xxx/CVE-2019-3773.json
+++ b/2019/3xxx/CVE-2019-3773.json
@@ -1,18 +1 @@
-{
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2019-3773",
-      "STATE" : "RESERVED"
-   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
-         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
-         }
-      ]
-   }
-}
+{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2019-01-15T20:30:17.000Z","ID":"CVE-2019-3773","STATE":"PUBLIC","TITLE":"Spring Web Services XML External Entity Injection (XXE) "},"source":{"discovery":"UNKNOWN"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Spring Web Services","version":{"version_data":[{"affected":"<","version_name":"3.0","version_value":"v3.0.4.RELEASE"},{"affected":"<","version_name":"2.4","version_value":"v2.4.3.RELEASE"}]}}]},"vendor_name":"Spring"}]}},"description":{"description_data":[{"lang":"eng","value":"Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-611: XML External Entities (XXE)"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","url":"https://pivotal.io/security/cve-2019-3773"}]},"impact":null}
\ No newline at end of file
diff --git a/2019/3xxx/CVE-2019-3774.json b/2019/3xxx/CVE-2019-3774.json
index 2dba6a924de..1b1ca9861e5 100644
--- a/2019/3xxx/CVE-2019-3774.json
+++ b/2019/3xxx/CVE-2019-3774.json
@@ -1,18 +1 @@
-{
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2019-3774",
-      "STATE" : "RESERVED"
-   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
-         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
-         }
-      ]
-   }
-}
+{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2019-01-15T20:30:17.000Z","ID":"CVE-2019-3774","STATE":"PUBLIC","TITLE":"Spring Batch XML External Entity Injection (XXE) "},"source":{"discovery":"UNKNOWN"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Spring Batch","version":{"version_data":[{"affected":"<","version_name":"4.0","version_value":"4.0.1.RELEASE"},{"affected":"<","version_name":"4.1","version_value":"4.1.0.RELEASE"},{"affected":"<","version_name":"3.0","version_value":"3.0.9.RELEASE"}]}}]},"vendor_name":"Spring"}]}},"description":{"description_data":[{"lang":"eng","value":"Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-611: XML External Entities (XXE)"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","url":"https://pivotal.io/security/cve-2019-3774"}]},"impact":null}
\ No newline at end of file