admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 17:51:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-114xx/CVE-2024-11485.json

197 lines
6.6 KiB
JSON
Raw Normal View History

Auto-Update: 2024-11-20T17:00:19.994555+00:00
2024-11-20 17:03:21 +00:00
{
"id": "CVE-2024-11485",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-20T16:15:19.990",
Auto-Update: 2024-11-23T17:01:05.402126+00:00
2024-11-23 17:04:17 +00:00
"lastModified": "2024-11-23T01:12:38.790",
"vulnStatus": "Analyzed",
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
"cveTags": [],
Auto-Update: 2024-11-20T17:00:19.994555+00:00
2024-11-20 17:03:21 +00:00
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Code4Berry Decoration Management System 1.0. Affected by this issue is some unknown functionality of the file /decoration/admin/userregister.php of the component User Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
Auto-Update: 2024-11-23T17:01:05.402126+00:00
2024-11-23 17:04:17 +00:00
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad, que se ha clasificado como cr\u00edtica, en Code4Berry Decoration Management System 1.0. Este problema afecta a algunas funciones desconocidas del archivo /decoration/admin/userregister.php del componente User Handler. La manipulaci\u00f3n provoca problemas de permisos. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
Auto-Update: 2024-11-20T17:00:19.994555+00:00
2024-11-20 17:03:21 +00:00
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
Auto-Update: 2024-11-23T17:01:05.402126+00:00
2024-11-23 17:04:17 +00:00
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
Auto-Update: 2024-11-20T17:00:19.994555+00:00
2024-11-20 17:03:21 +00:00
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
Auto-Update: 2025-03-02T03:00:19.570958+00:00
2025-03-02 03:03:52 +00:00
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
Auto-Update: 2024-11-20T17:00:19.994555+00:00
2024-11-20 17:03:21 +00:00
"exploitMaturity": "NOT_DEFINED",
Auto-Update: 2025-03-02T03:00:19.570958+00:00
2025-03-02 03:03:52 +00:00
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
Auto-Update: 2024-11-20T17:00:19.994555+00:00
2024-11-20 17:03:21 +00:00
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
Auto-Update: 2025-03-02T03:00:19.570958+00:00
2025-03-02 03:03:52 +00:00
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
Auto-Update: 2024-11-20T17:00:19.994555+00:00
2024-11-20 17:03:21 +00:00
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
Auto-Update: 2024-11-23T17:01:05.402126+00:00
2024-11-23 17:04:17 +00:00
"providerUrgency": "NOT_DEFINED"
Auto-Update: 2024-11-20T17:00:19.994555+00:00
2024-11-20 17:03:21 +00:00
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
Auto-Update: 2024-11-23T17:01:05.402126+00:00
2024-11-23 17:04:17 +00:00
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
Auto-Update: 2024-11-20T17:00:19.994555+00:00
2024-11-20 17:03:21 +00:00
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
Auto-Update: 2024-11-23T17:01:05.402126+00:00
2024-11-23 17:04:17 +00:00
"availabilityImpact": "LOW"
Auto-Update: 2024-11-20T17:00:19.994555+00:00
2024-11-20 17:03:21 +00:00
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
Auto-Update: 2024-11-23T17:01:05.402126+00:00
2024-11-23 17:04:17 +00:00
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
Auto-Update: 2024-11-20T17:00:19.994555+00:00
2024-11-20 17:03:21 +00:00
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
Auto-Update: 2024-11-23T17:01:05.402126+00:00
2024-11-23 17:04:17 +00:00
"baseScore": 6.5,
Auto-Update: 2024-11-20T17:00:19.994555+00:00
2024-11-20 17:03:21 +00:00
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
Auto-Update: 2024-11-23T17:01:05.402126+00:00
2024-11-23 17:04:17 +00:00
"availabilityImpact": "PARTIAL"
Auto-Update: 2024-11-20T17:00:19.994555+00:00
2024-11-20 17:03:21 +00:00
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-266"
},
{
"lang": "en",
"value": "CWE-275"
}
]
Auto-Update: 2024-11-23T17:01:05.402126+00:00
2024-11-23 17:04:17 +00:00
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code4berry:decoration_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D42B74B-33F5-447D-AFAB-57A6080F4FAE"
}
]
}
]
Auto-Update: 2024-11-20T17:00:19.994555+00:00
2024-11-20 17:03:21 +00:00
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.285500",
Auto-Update: 2024-11-23T17:01:05.402126+00:00
2024-11-23 17:04:17 +00:00
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
Auto-Update: 2024-11-20T17:00:19.994555+00:00
2024-11-20 17:03:21 +00:00
},
{
"url": "https://vuldb.com/?id.285500",
Auto-Update: 2024-11-23T17:01:05.402126+00:00
2024-11-23 17:04:17 +00:00
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
Auto-Update: 2024-11-20T17:00:19.994555+00:00
2024-11-20 17:03:21 +00:00
},
{
"url": "https://vuldb.com/?submit.441914",
Auto-Update: 2024-11-23T17:01:05.402126+00:00
2024-11-23 17:04:17 +00:00
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
Auto-Update: 2024-11-20T17:00:19.994555+00:00
2024-11-20 17:03:21 +00:00
}
]
}
Reference in New Issue Copy Permalink