From fdf1a3125639cab55eec11087f30b4b39e08b68c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 13 Aug 2024 19:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/7xxx/CVE-2024-7569.json | 99 ++++++++++++++++++++++++++++-- 2024/7xxx/CVE-2024-7570.json | 90 +++++++++++++++++++++++++-- 2024/7xxx/CVE-2024-7593.json | 101 ++++++++++++++++++++++++++++-- 2024/7xxx/CVE-2024-7733.json | 115 +++++++++++++++++++++++++++++++++-- 2024/7xxx/CVE-2024-7761.json | 18 ++++++ 2024/7xxx/CVE-2024-7762.json | 18 ++++++ 2024/7xxx/CVE-2024-7763.json | 18 ++++++ 2024/7xxx/CVE-2024-7764.json | 18 ++++++ 2024/7xxx/CVE-2024-7765.json | 18 ++++++ 2024/7xxx/CVE-2024-7766.json | 18 ++++++ 2024/7xxx/CVE-2024-7767.json | 18 ++++++ 2024/7xxx/CVE-2024-7768.json | 18 ++++++ 2024/7xxx/CVE-2024-7769.json | 18 ++++++ 13 files changed, 551 insertions(+), 16 deletions(-) create mode 100644 2024/7xxx/CVE-2024-7761.json create mode 100644 2024/7xxx/CVE-2024-7762.json create mode 100644 2024/7xxx/CVE-2024-7763.json create mode 100644 2024/7xxx/CVE-2024-7764.json create mode 100644 2024/7xxx/CVE-2024-7765.json create mode 100644 2024/7xxx/CVE-2024-7766.json create mode 100644 2024/7xxx/CVE-2024-7767.json create mode 100644 2024/7xxx/CVE-2024-7768.json create mode 100644 2024/7xxx/CVE-2024-7769.json diff --git a/2024/7xxx/CVE-2024-7569.json b/2024/7xxx/CVE-2024-7569.json index f4c2c7cb785..894acd8feb6 100644 --- a/2024/7xxx/CVE-2024-7569.json +++ b/2024/7xxx/CVE-2024-7569.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7569", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "responsible.disclosure@ivanti.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-922 Insecure Storage of Sensitive Information", + "cweId": "CWE-922" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-215: Insertion of Sensitive Information Into Debugging Code", + "cweId": "CWE-215" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "ITSM", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "2023.4" + }, + { + "status": "unaffected", + "version": "2023.4.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570", + "refsource": "MISC", + "name": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/7xxx/CVE-2024-7570.json b/2024/7xxx/CVE-2024-7570.json index 5b00b96cffd..0284c8df59f 100644 --- a/2024/7xxx/CVE-2024-7570.json +++ b/2024/7xxx/CVE-2024-7570.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7570", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "responsible.disclosure@ivanti.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295 Improper Certificate Validation", + "cweId": "CWE-295" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "ITSM", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "2023.4" + }, + { + "status": "unaffected", + "version": "2023.4.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570", + "refsource": "MISC", + "name": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/7xxx/CVE-2024-7593.json b/2024/7xxx/CVE-2024-7593.json index 6deb19f40ab..e62829b6bdf 100644 --- a/2024/7xxx/CVE-2024-7593.json +++ b/2024/7xxx/CVE-2024-7593.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7593", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "responsible.disclosure@ivanti.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication", + "cweId": "CWE-287" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-303 Incorrect Implementation of Authentication Algorithm", + "cweId": "CWE-303" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "vTM", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "22.7R2", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "22.2R1", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593", + "refsource": "MISC", + "name": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/7xxx/CVE-2024-7733.json b/2024/7xxx/CVE-2024-7733.json index ac8acb2237a..65171e8f363 100644 --- a/2024/7xxx/CVE-2024-7733.json +++ b/2024/7xxx/CVE-2024-7733.json @@ -1,17 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7733", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, was found in FastCMS up to 0.1.5. Affected is an unknown function of the component New Article Category Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in FastCMS bis 0.1.5 gefunden. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente New Article Category Page. Durch Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FastCMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0.1.0" + }, + { + "version_affected": "=", + "version_value": "0.1.1" + }, + { + "version_affected": "=", + "version_value": "0.1.2" + }, + { + "version_affected": "=", + "version_value": "0.1.3" + }, + { + "version_affected": "=", + "version_value": "0.1.4" + }, + { + "version_affected": "=", + "version_value": "0.1.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.274350", + "refsource": "MISC", + "name": "https://vuldb.com/?id.274350" + }, + { + "url": "https://vuldb.com/?ctiid.274350", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.274350" + }, + { + "url": "https://gitee.com/xjd2020/fastcms/issues/IAI8T6", + "refsource": "MISC", + "name": "https://gitee.com/xjd2020/fastcms/issues/IAI8T6" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB Gitee Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2024/7xxx/CVE-2024-7761.json b/2024/7xxx/CVE-2024-7761.json new file mode 100644 index 00000000000..d89f87b519d --- /dev/null +++ b/2024/7xxx/CVE-2024-7761.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7761", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7762.json b/2024/7xxx/CVE-2024-7762.json new file mode 100644 index 00000000000..dd23c2374f1 --- /dev/null +++ b/2024/7xxx/CVE-2024-7762.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7762", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7763.json b/2024/7xxx/CVE-2024-7763.json new file mode 100644 index 00000000000..82e7ea5ba26 --- /dev/null +++ b/2024/7xxx/CVE-2024-7763.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7763", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7764.json b/2024/7xxx/CVE-2024-7764.json new file mode 100644 index 00000000000..c23f97ca2c9 --- /dev/null +++ b/2024/7xxx/CVE-2024-7764.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7764", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7765.json b/2024/7xxx/CVE-2024-7765.json new file mode 100644 index 00000000000..504a1ec654a --- /dev/null +++ b/2024/7xxx/CVE-2024-7765.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7765", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7766.json b/2024/7xxx/CVE-2024-7766.json new file mode 100644 index 00000000000..d38ba50ed03 --- /dev/null +++ b/2024/7xxx/CVE-2024-7766.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7766", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7767.json b/2024/7xxx/CVE-2024-7767.json new file mode 100644 index 00000000000..c4df6e433dc --- /dev/null +++ b/2024/7xxx/CVE-2024-7767.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7767", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7768.json b/2024/7xxx/CVE-2024-7768.json new file mode 100644 index 00000000000..caeb1cf1f81 --- /dev/null +++ b/2024/7xxx/CVE-2024-7768.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7768", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7769.json b/2024/7xxx/CVE-2024-7769.json new file mode 100644 index 00000000000..d82e4db6506 --- /dev/null +++ b/2024/7xxx/CVE-2024-7769.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7769", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file