From fffba4732205d6d32c1dc4abc32e95a8a3aa320a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 28 Dec 2018 09:29:43 -0500 Subject: [PATCH] - Added submissions from F5 from 2018-12-27. --- 2018/15xxx/CVE-2018-15333.json | 48 +++++++++++++++++++++++++++++++--- 2018/15xxx/CVE-2018-15334.json | 48 +++++++++++++++++++++++++++++++--- 2018/15xxx/CVE-2018-15335.json | 48 +++++++++++++++++++++++++++++++--- 3 files changed, 135 insertions(+), 9 deletions(-) diff --git a/2018/15xxx/CVE-2018-15333.json b/2018/15xxx/CVE-2018-15333.json index b4a9c253051..48a83ba139d 100644 --- a/2018/15xxx/CVE-2018-15333.json +++ b/2018/15xxx/CVE-2018-15333.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "f5sirt@f5.com", "ID" : "CVE-2018-15333", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", + "version" : { + "version_data" : [ + { + "version_value" : "All versions 11.2.1+" + } + ] + } + } + ] + }, + "vendor_name" : "F5 Networks, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Leakage" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.f5.com/csp/article/K53620021" } ] } diff --git a/2018/15xxx/CVE-2018-15334.json b/2018/15xxx/CVE-2018-15334.json index b67abd25523..5d52f6863ea 100644 --- a/2018/15xxx/CVE-2018-15334.json +++ b/2018/15xxx/CVE-2018-15334.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "f5sirt@f5.com", "ID" : "CVE-2018-15334", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "BIG-IP (APM)", + "version" : { + "version_data" : [ + { + "version_value" : "All versions 11.2.1+" + } + ] + } + } + ] + }, + "vendor_name" : "F5 Networks, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CSRF" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.f5.com/csp/article/K74114570" } ] } diff --git a/2018/15xxx/CVE-2018-15335.json b/2018/15xxx/CVE-2018-15335.json index 0f141514e8e..4e8d0c17e3e 100644 --- a/2018/15xxx/CVE-2018-15335.json +++ b/2018/15xxx/CVE-2018-15335.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "f5sirt@f5.com", "ID" : "CVE-2018-15335", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "BIG-IP (APM)", + "version" : { + "version_data" : [ + { + "version_value" : "13.0.0-13.1.x" + } + ] + } + } + ] + }, + "vendor_name" : "F5 Networks, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended message in the failure response" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "DoS" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.f5.com/csp/article/K27617652" } ] }