From 0b6bbc6fd18c93e820c30feaf00cfb3054be9d68 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 13 Sep 2024 04:03:16 +0000 Subject: [PATCH] Auto-Update: 2024-09-13T04:00:17.081703+00:00 --- CVE-2024/CVE-2024-431xx/CVE-2024-43180.json | 60 +++++++++++++++++++++ README.md | 11 ++-- _state.csv | 5 +- 3 files changed, 68 insertions(+), 8 deletions(-) create mode 100644 CVE-2024/CVE-2024-431xx/CVE-2024-43180.json diff --git a/CVE-2024/CVE-2024-431xx/CVE-2024-43180.json b/CVE-2024/CVE-2024-431xx/CVE-2024-43180.json new file mode 100644 index 00000000000..1b61eb20e68 --- /dev/null +++ b/CVE-2024/CVE-2024-431xx/CVE-2024-43180.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-43180", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-09-13T02:15:01.887", + "lastModified": "2024-09-13T02:15:01.887", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-614" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/351213", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7168234", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 244ed7c4c74..0932023309f 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-09-13T02:00:17.243546+00:00 +2024-09-13T04:00:17.081703+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-09-13T01:15:02.320000+00:00 +2024-09-13T02:15:01.887000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -262716 +262717 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -- [CVE-2024-8762](CVE-2024/CVE-2024-87xx/CVE-2024-8762.json) (`2024-09-13T01:15:02.320`) +- [CVE-2024-43180](CVE-2024/CVE-2024-431xx/CVE-2024-43180.json) (`2024-09-13T02:15:01.887`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2024-31336](CVE-2024/CVE-2024-313xx/CVE-2024-31336.json) (`2024-09-13T01:15:01.980`) ## Download and Usage diff --git a/_state.csv b/_state.csv index a11df4c18de..dae06da9cb0 100644 --- a/_state.csv +++ b/_state.csv @@ -250970,7 +250970,7 @@ CVE-2024-31332,0,0,fe533958eb1f5014a983744e26d4dc56008592fb4b2dc96ebd425a317d9ee CVE-2024-31333,0,0,fffa52c47c5b8e1c2bcdc9fe3c080f43dd069e7ef7813f142892cae434fbd8ff,2024-08-19T13:00:23.117000 CVE-2024-31334,0,0,69828e729ce39e0f18173fda19e01cf9f4d39333d7345a58dacf94a302bbacd6,2024-07-11T15:05:41.960000 CVE-2024-31335,0,0,3a5c3c43b9344b158e79d76d5bd0e2d36d3e7822b50bec9afc211045c26c9812,2024-08-01T13:50:52.347000 -CVE-2024-31336,0,1,e16f98988b82130b2e32557c399f0ea25778a1838eb9ccce21afc0b2ed5c5a95,2024-09-13T01:15:01.980000 +CVE-2024-31336,0,0,e16f98988b82130b2e32557c399f0ea25778a1838eb9ccce21afc0b2ed5c5a95,2024-09-13T01:15:01.980000 CVE-2024-31339,0,0,cd4c96aade7176a5aa7427f1e13d7eb03c1e703de2eb92c3c6c97472cece1e5c,2024-07-12T16:11:34.910000 CVE-2024-3134,0,0,29c3b545a5da0a472480af2af3f9f3acedbe4b841a8f6f121606a369bcd8fa7c,2024-05-17T18:36:05.263000 CVE-2024-31340,0,0,69d2a170836208f6faad46a647a02e1d14f5dbc15c6da296b85bfb3a229fe567,2024-07-03T01:54:45.633000 @@ -258634,6 +258634,7 @@ CVE-2024-43167,0,0,4e0990bddf2f78bd7962e7fefd45b238c4cd5730031930510e72195ad3b2d CVE-2024-43168,0,0,dda21c5c2e3bbeaf5d69baa1c2ddcb5d63c7d6cc03584943a831db0d376f97f0,2024-08-12T13:41:36.517000 CVE-2024-4317,0,0,2ab51635ebb5a78f9093ee7220532c2f98c47bcb30186dfa33cf412783a7fe8e,2024-05-14T16:11:39.510000 CVE-2024-4318,0,0,7b0a62dc8691f5e6f2210e7e19a78c6d4d5c9f053f662e7593a96cdc8c097afb,2024-05-16T13:03:05.353000 +CVE-2024-43180,1,1,200f4bd3951da6e58848640994148b26107e802b8478772c0fc602c4452f6fcb,2024-09-13T02:15:01.887000 CVE-2024-4319,0,0,7ca0245a01df3d5ced472265b32f90c6f6a22a37af3715d5589379ecac1f6a24,2024-06-11T13:54:12.057000 CVE-2024-43199,0,0,94150f8459e19abf18625a946d8a507867275817cd3d9928084030fcb7fa8330,2024-08-12T12:59:48.253000 CVE-2024-4320,0,0,f21f873c3bfeb896c071276000f6bbe2ae4420d2f2c3184178334c98a666705b,2024-06-07T14:56:05.647000 @@ -262714,4 +262715,4 @@ CVE-2024-8749,0,0,6c300bdfd0775f414e5e2003c3bfef67fe867038e6f1a0c3495f0a7e6012e1 CVE-2024-8750,0,0,418fabeb18e7b297a31252c3e8fef09ccda76bf14212f7478abfd99c5bae6ae6,2024-09-12T12:35:54.013000 CVE-2024-8751,0,0,66bf4cb3efd3a19b11cc04552e956e3ad68f7c58b21ee98d18c0d4f60816db0f,2024-09-12T22:15:02.680000 CVE-2024-8754,0,0,dcef29ecbc812aa49fbf1b13b0eb401b8ca812115ed5357160273332851b27b7,2024-09-12T18:14:03.913000 -CVE-2024-8762,1,1,cd0180b0880cf0bebff2c6b1b9d52d51ab239e3d6ee0b5d44daa1480e3a9c097,2024-09-13T01:15:02.320000 +CVE-2024-8762,0,0,cd0180b0880cf0bebff2c6b1b9d52d51ab239e3d6ee0b5d44daa1480e3a9c097,2024-09-13T01:15:02.320000