diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2621.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2621.json new file mode 100644 index 00000000000..4fd56ce01fe --- /dev/null +++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2621.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-2621", + "sourceIdentifier": "cybersecurity@hitachienergy.com", + "published": "2023-11-01T03:15:07.790", + "lastModified": "2023-11-01T03:15:07.790", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nThe McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer\nsystem. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client can\nexploit this vulnerability by uploading a crafted ZIP archive via the\nnetwork to McFeeder\u2019s service endpoint.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true", + "source": "cybersecurity@hitachienergy.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2622.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2622.json new file mode 100644 index 00000000000..0dae46b2c96 --- /dev/null +++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2622.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-2622", + "sourceIdentifier": "cybersecurity@hitachienergy.com", + "published": "2023-11-01T03:15:07.867", + "lastModified": "2023-11-01T03:15:07.867", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nAuthenticated clients can read arbitrary files on the MAIN Computer\nsystem using the remote procedure call (RPC) of the InspectSetup\nservice endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "references": [ + { + "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true", + "source": "cybersecurity@hitachienergy.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5514.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5514.json new file mode 100644 index 00000000000..3b4af94baed --- /dev/null +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5514.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-5514", + "sourceIdentifier": "cybersecurity@hitachienergy.com", + "published": "2023-11-01T03:15:07.933", + "lastModified": "2023-11-01T03:15:07.933", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nThe response messages received from the eSOMS report generation using certain parameter queries with full file path can be\nabused for enumerating the local file system structure.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true", + "source": "cybersecurity@hitachienergy.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5515.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5515.json new file mode 100644 index 00000000000..615f789803a --- /dev/null +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5515.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-5515", + "sourceIdentifier": "cybersecurity@hitachienergy.com", + "published": "2023-11-01T03:15:07.993", + "lastModified": "2023-11-01T03:15:07.993", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nThe responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against\nweb servers and deployed web applications.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true", + "source": "cybersecurity@hitachienergy.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5516.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5516.json new file mode 100644 index 00000000000..c234cfadc88 --- /dev/null +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5516.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-5516", + "sourceIdentifier": "cybersecurity@hitachienergy.com", + "published": "2023-11-01T03:15:08.060", + "lastModified": "2023-11-01T03:15:08.060", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nPoorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing\ninformation about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,\nbackend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities. \n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@hitachienergy.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true", + "source": "cybersecurity@hitachienergy.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index f36925ffebc..837086ab7df 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-01T03:00:21.355543+00:00 +2023-11-01T05:00:20.893532+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-01T01:15:08.067000+00:00 +2023-11-01T03:15:08.060000+00:00 ``` ### Last Data Feed Release @@ -29,24 +29,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -229433 +229438 ``` ### CVEs added in the last Commit -Recently added CVEs: `11` +Recently added CVEs: `5` -* [CVE-2023-5889](CVE-2023/CVE-2023-58xx/CVE-2023-5889.json) (`2023-11-01T01:15:07.423`) -* [CVE-2023-5890](CVE-2023/CVE-2023-58xx/CVE-2023-5890.json) (`2023-11-01T01:15:07.497`) -* [CVE-2023-5891](CVE-2023/CVE-2023-58xx/CVE-2023-5891.json) (`2023-11-01T01:15:07.563`) -* [CVE-2023-5892](CVE-2023/CVE-2023-58xx/CVE-2023-5892.json) (`2023-11-01T01:15:07.627`) -* [CVE-2023-5893](CVE-2023/CVE-2023-58xx/CVE-2023-5893.json) (`2023-11-01T01:15:07.687`) -* [CVE-2023-5894](CVE-2023/CVE-2023-58xx/CVE-2023-5894.json) (`2023-11-01T01:15:07.750`) -* [CVE-2023-5895](CVE-2023/CVE-2023-58xx/CVE-2023-5895.json) (`2023-11-01T01:15:07.817`) -* [CVE-2023-5896](CVE-2023/CVE-2023-58xx/CVE-2023-5896.json) (`2023-11-01T01:15:07.880`) -* [CVE-2023-5897](CVE-2023/CVE-2023-58xx/CVE-2023-5897.json) (`2023-11-01T01:15:07.937`) -* [CVE-2023-5898](CVE-2023/CVE-2023-58xx/CVE-2023-5898.json) (`2023-11-01T01:15:08.003`) -* [CVE-2023-5899](CVE-2023/CVE-2023-58xx/CVE-2023-5899.json) (`2023-11-01T01:15:08.067`) +* [CVE-2023-2621](CVE-2023/CVE-2023-26xx/CVE-2023-2621.json) (`2023-11-01T03:15:07.790`) +* [CVE-2023-2622](CVE-2023/CVE-2023-26xx/CVE-2023-2622.json) (`2023-11-01T03:15:07.867`) +* [CVE-2023-5514](CVE-2023/CVE-2023-55xx/CVE-2023-5514.json) (`2023-11-01T03:15:07.933`) +* [CVE-2023-5515](CVE-2023/CVE-2023-55xx/CVE-2023-5515.json) (`2023-11-01T03:15:07.993`) +* [CVE-2023-5516](CVE-2023/CVE-2023-55xx/CVE-2023-5516.json) (`2023-11-01T03:15:08.060`) ### CVEs modified in the last Commit