mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-30 18:04:30 +00:00
81 lines
2.7 KiB
JSON
81 lines
2.7 KiB
JSON
{
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"data_version": "4.0",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2017-20023",
|
|
"TITLE": "Solare Solar-Log Network Config privileges management",
|
|
"REQUESTER": "cna@vuldb.com",
|
|
"ASSIGNER": "cna@vuldb.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"generator": "vuldb.com",
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Solare",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Solar-Log",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "2.8.4-56"
|
|
},
|
|
{
|
|
"version_value": "3.5.2-85"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-269 Improper Privilege Management"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
|
|
}
|
|
]
|
|
},
|
|
"credit": "T. Weber",
|
|
"impact": {
|
|
"cvss": {
|
|
"version": "3.1",
|
|
"baseScore": "6.3",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "http://seclists.org/fulldisclosure/2017/Mar/58",
|
|
"refsource": "MISC",
|
|
"name": "http://seclists.org/fulldisclosure/2017/Mar/58"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?id.98933",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?id.98933"
|
|
}
|
|
]
|
|
}
|
|
} |