diff --git a/2022/28xxx/CVE-2022-28613.json b/2022/28xxx/CVE-2022-28613.json index 4c078b28712..338dcf3afa4 100644 --- a/2022/28xxx/CVE-2022-28613.json +++ b/2022/28xxx/CVE-2022-28613.json @@ -1,15 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cybersecurity@hitachienergy.com", - "DATE_PUBLIC": "2022-04-19T10:00:00.000Z", "ID": "CVE-2022-28613", - "STATE": "PUBLIC", - "TITLE": "Specially Crafted Modbus TCP Packet Vulnerability in RTU500 series" + "ASSIGNER": "cybersecurity@hitachienergy.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The vulnerability is caused by the validation error in the length information carried in MBAP header in the HCI Modbus TCP function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1284 Improper Validation of Specified Quantity in Input", + "cweId": "CWE-1284" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Hitachi Energy", "product": { "product_data": [ { @@ -18,102 +41,81 @@ "version_data": [ { "version_affected": "=", - "version_name": "12.0.*", "version_value": "12.0.*" }, { "version_affected": "=", - "version_name": "12.2.*", "version_value": "12.2.*" }, { "version_affected": "=", - "version_name": "12.4.*", "version_value": "12.4.*" }, { "version_affected": "=", - "version_name": "12.6.*", "version_value": "12.6.*" }, { "version_affected": "=", - "version_name": "12.7.*", "version_value": "12.7.*" }, { "version_affected": "=", - "version_name": "13.2.*", "version_value": "13.2.*" } ] } } ] - }, - "vendor_name": "Hitachi Energy" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references": { + "reference_data": [ { - "lang": "eng", - "value": "A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message. This issue affects: Hitachi Energy RTU500 series CMU Firmware 12.0.*; 12.2.*; 12.4.*; 12.6.*; 12.7.*; 13.2.*." + "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000103&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "name": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000103&LanguageCode=en&DocumentPartId=&Action=Launch" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20 Improper Input Validation" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000103&LanguageCode=en&DocumentPartId=&Action=Launch", - "refsource": "CONFIRM", - "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000103&LanguageCode=en&DocumentPartId=&Action=Launch" - } - ] + "source": { + "discovery": "INTERNAL" }, "solution": [ { - "lang": "eng", + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Remediation available, see the advisory for details.

" + } + ], "value": "Remediation available, see the advisory for details." } ], - "source": { - "discovery": "INTERNAL" + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2024/23xxx/CVE-2024-23454.json b/2024/23xxx/CVE-2024-23454.json index 721f20de9ed..499b4b192a7 100644 --- a/2024/23xxx/CVE-2024-23454.json +++ b/2024/23xxx/CVE-2024-23454.json @@ -1,18 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23454", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache Hadoop\u2019s RunJar.run()\u00a0does not set permissions for temporary directory\u00a0by default. If sensitive data will be present in this file, all the other local users may be able to view the content.\nThis is because, on unix-like systems, the system temporary directory is\nshared between all local users. As such, files written in this directory,\nwithout setting the correct posix permissions explicitly, may be viewable\nby all other local users." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Hadoop", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://issues.apache.org/jira/browse/HADOOP-19031", + "refsource": "MISC", + "name": "https://issues.apache.org/jira/browse/HADOOP-19031" + }, + { + "url": "https://lists.apache.org/thread/xlo7q8kn4tsjvx059r789oz19hzgfkfs", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/xlo7q8kn4tsjvx059r789oz19hzgfkfs" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "HADOOP-19031" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Cosentino" + } + ] } \ No newline at end of file diff --git a/2024/40xxx/CVE-2024-40761.json b/2024/40xxx/CVE-2024-40761.json index 9e94559dd45..43f43d1eecb 100644 --- a/2024/40xxx/CVE-2024-40761.json +++ b/2024/40xxx/CVE-2024-40761.json @@ -1,18 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-40761", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inadequate Encryption Strength vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.3.5.\n\nUsing the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead.\nUsers are recommended to upgrade to version 1.4.0, which fixes the issue." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-326 Inadequate Encryption Strength", + "cweId": "CWE-326" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Answer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.3.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/mmrhsfy16qwrw0pkv0p9kj40vy3sg08x", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/mmrhsfy16qwrw0pkv0p9kj40vy3sg08x" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "\u5f20\u5cb3\u7199" + } + ] } \ No newline at end of file