admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '20180522-1037' of https://github.com/cyberpsrt/cvelist

Browse Source
This commit is contained in:
CVE Team 2018-05-22 14:08:15 -04:00
commit fea20fd64f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
2 changed files with 203 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
2018/6xxx/CVE-2018-6492.json
View File

@ -1,18 +1,113 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6492",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-05-09T19:01:00.000Z",
"ID": "CVE-2018-6492",
"STATE": "PUBLIC",
"TITLE": "MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Operations Management Ultimate",
"version": {
"version_data": [
{
"version_value": "2017.07, 2017.11, 2018.02"
}
]
}
},
{
"product_name": "Network Automation",
"version": {
"version_data": [
{
"version_value": "10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "Persistent Cross-Site Scripting, and non-persistent HTML Injection in Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection. \n\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Remote Cross-Site Scripting (XSS)"
}
],
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Cross-Site Scripting (XSS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "non-persistent HTML Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

108
2018/6xxx/CVE-2018-6493.json
View File

@ -1,18 +1,104 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6493",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-05-09T19:01:00.000Z",
"ID": "CVE-2018-6493",
"STATE": "PUBLIC",
"TITLE": "MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Operations Management Ultimate",
"version": {
"version_data": [
{
"version_value": "2017.07, 2017.11, 2018.02"
}
]
}
},
{
"product_name": "Network Automation",
"version": {
"version_data": [
{
"version_value": "10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "SQL Injection in Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection. \n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "SQL Injection"
}
],
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}