From f6eb1cacc99c3fd3a1f1286df7d6adad7d9f066d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 25 Apr 2025 03:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/46xxx/CVE-2025-46544.json | 71 +++++++++++++++++++++++++++++++--- 2025/46xxx/CVE-2025-46545.json | 71 +++++++++++++++++++++++++++++++--- 2025/46xxx/CVE-2025-46546.json | 71 +++++++++++++++++++++++++++++++--- 2025/46xxx/CVE-2025-46547.json | 71 +++++++++++++++++++++++++++++++--- 2025/46xxx/CVE-2025-46594.json | 18 +++++++++ 5 files changed, 278 insertions(+), 24 deletions(-) create mode 100644 2025/46xxx/CVE-2025-46594.json diff --git a/2025/46xxx/CVE-2025-46544.json b/2025/46xxx/CVE-2025-46544.json index e2ba78d256c..af178b62653 100644 --- a/2025/46xxx/CVE-2025-46544.json +++ b/2025/46xxx/CVE-2025-46544.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-46544", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-46544", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sherparpa.com", + "refsource": "MISC", + "name": "https://sherparpa.com" + }, + { + "url": "https://twitter.com/ArtyomBrylev", + "refsource": "MISC", + "name": "https://twitter.com/ArtyomBrylev" + }, + { + "url": "https://deiteriy.com", + "refsource": "MISC", + "name": "https://deiteriy.com" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/ArtemBrylev/a258f920a6556470951c9a483fcf194a", + "url": "https://gist.github.com/ArtemBrylev/a258f920a6556470951c9a483fcf194a" } ] } diff --git a/2025/46xxx/CVE-2025-46545.json b/2025/46xxx/CVE-2025-46545.json index 5aaf3a8a6e0..b527426256b 100644 --- a/2025/46xxx/CVE-2025-46545.json +++ b/2025/46xxx/CVE-2025-46545.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-46545", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-46545", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sherparpa.com", + "refsource": "MISC", + "name": "https://sherparpa.com" + }, + { + "url": "https://twitter.com/ArtyomBrylev", + "refsource": "MISC", + "name": "https://twitter.com/ArtyomBrylev" + }, + { + "url": "https://deiteriy.com", + "refsource": "MISC", + "name": "https://deiteriy.com" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/ArtemBrylev/5a0c76285d5fa9daf4ec753034185de7", + "url": "https://gist.github.com/ArtemBrylev/5a0c76285d5fa9daf4ec753034185de7" } ] } diff --git a/2025/46xxx/CVE-2025-46546.json b/2025/46xxx/CVE-2025-46546.json index 52d5f930000..bd924bf9f79 100644 --- a/2025/46xxx/CVE-2025-46546.json +++ b/2025/46xxx/CVE-2025-46546.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-46546", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-46546", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll, /api/gui/processVersion/export/csv/, /api/gui/processVersion/export/xlsx/, /api/gui/processVersion/list/, /api/gui/robot/list/, /api/gui/task/export/csv/, /api/gui/task/export/xlsx/, and /api/gui/task/list/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sherparpa.com", + "refsource": "MISC", + "name": "https://sherparpa.com" + }, + { + "url": "https://twitter.com/ArtyomBrylev", + "refsource": "MISC", + "name": "https://twitter.com/ArtyomBrylev" + }, + { + "url": "https://deiteriy.com", + "refsource": "MISC", + "name": "https://deiteriy.com" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/ArtemBrylev/59b4c0825a988f39a58b79e4e8d2f378", + "url": "https://gist.github.com/ArtemBrylev/59b4c0825a988f39a58b79e4e8d2f378" } ] } diff --git a/2025/46xxx/CVE-2025-46547.json b/2025/46xxx/CVE-2025-46547.json index ad8d7937c6b..8fca9d40ccd 100644 --- a/2025/46xxx/CVE-2025-46547.json +++ b/2025/46xxx/CVE-2025-46547.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-46547", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-46547", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sherparpa.com", + "refsource": "MISC", + "name": "https://sherparpa.com" + }, + { + "url": "https://twitter.com/ArtyomBrylev", + "refsource": "MISC", + "name": "https://twitter.com/ArtyomBrylev" + }, + { + "url": "https://deiteriy.com", + "refsource": "MISC", + "name": "https://deiteriy.com" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/ArtemBrylev/9af206c46d7505db03ad6fcd9fc46f7f", + "url": "https://gist.github.com/ArtemBrylev/9af206c46d7505db03ad6fcd9fc46f7f" } ] } diff --git a/2025/46xxx/CVE-2025-46594.json b/2025/46xxx/CVE-2025-46594.json new file mode 100644 index 00000000000..f6c5994b2aa --- /dev/null +++ b/2025/46xxx/CVE-2025-46594.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-46594", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file