Auto-Update: 2024-03-18T11:00:37.871709+00:00

CVE-2024/CVE-2024-16xx/CVE-2024-1604.json

@@ -0,0 +1,63 @@
+{
+  "id": "CVE-2024-1604",
+  "sourceIdentifier": "cvd@cert.pl",
+  "published": "2024-03-18T10:15:19.900",
+  "lastModified": "2024-03-18T10:15:19.900",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper authorization in the report management and creation module of BMC Control-M branches\u00a09.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate.\n\nFix for 9.0.20 branch was released in version 9.0.20.238.\u00a0Fix for 9.0.21 branch was released in version 9.0.21.201. \n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cvd@cert.pl",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cvd@cert.pl",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-863"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert.pl/en/posts/2024/03/CVE-2024-1604",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://cert.pl/posts/2024/03/CVE-2024-1604",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://www.bmc.com/it-solutions/control-m.html",
+      "source": "cvd@cert.pl"
+    }
+  ]
+}

CVE-2024/CVE-2024-16xx/CVE-2024-1605.json

@@ -0,0 +1,63 @@
+{
+  "id": "CVE-2024-1605",
+  "sourceIdentifier": "cvd@cert.pl",
+  "published": "2024-03-18T10:15:20.583",
+  "lastModified": "2024-03-18T10:15:20.583",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "BMC Control-M  branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL)  from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. \n\nFix for 9.0.20 branch was released in version 9.0.20.238.\u00a0Fix for 9.0.21 branch was released in version 9.0.21.201. \n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cvd@cert.pl",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.6,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 4.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cvd@cert.pl",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert.pl/en/posts/2024/03/CVE-2024-1604",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://cert.pl/posts/2024/03/CVE-2024-1604",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://www.bmc.com/it-solutions/control-m.html",
+      "source": "cvd@cert.pl"
+    }
+  ]
+}

CVE-2024/CVE-2024-16xx/CVE-2024-1606.json

@@ -0,0 +1,63 @@
+{
+  "id": "CVE-2024-1606",
+  "sourceIdentifier": "cvd@cert.pl",
+  "published": "2024-03-18T10:15:20.863",
+  "lastModified": "2024-03-18T10:15:20.863",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Lack of input sanitization in BMC Control-M  branches 9.0.20 and 9.0.21 allows logged-in users for\u00a0manipulation of generated  web pages via injection of  HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker.\n\nFix for 9.0.20 branch was released in version 9.0.20.238.\u00a0Fix for 9.0.21 branch was released in version 9.0.21.200. \n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cvd@cert.pl",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.6,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cvd@cert.pl",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-80"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert.pl/en/posts/2024/03/CVE-2024-1604",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://cert.pl/posts/2024/03/CVE-2024-1604",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://www.bmc.com/it-solutions/control-m.html",
+      "source": "cvd@cert.pl"
+    }
+  ]
+}

CVE-2024/CVE-2024-280xx/CVE-2024-28039.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2024-28039",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2024-03-18T09:15:06.483",
+  "lastModified": "2024-03-18T09:15:06.483",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service (DoS) condition."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "http://fitnesse.org/FitNesseDownload",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://github.com/unclebob/fitnesse",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://github.com/unclebob/fitnesse/blob/master/SECURITY.md",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://jvn.jp/en/jp/JVN94521208/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-03-18T09:00:39.926637+00:00
+2024-03-18T11:00:37.871709+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-03-18T08:15:06.400000+00:00
+2024-03-18T10:15:20.863000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,20 +29,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-241781
+241785
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `7`
+Recently added CVEs: `4`
 
-* [CVE-2024-21824](CVE-2024/CVE-2024-218xx/CVE-2024-21824.json) (`2024-03-18T08:15:06.087`)
-* [CVE-2024-22475](CVE-2024/CVE-2024-224xx/CVE-2024-22475.json) (`2024-03-18T08:15:06.173`)
-* [CVE-2024-23604](CVE-2024/CVE-2024-236xx/CVE-2024-23604.json) (`2024-03-18T08:15:06.233`)
-* [CVE-2024-27974](CVE-2024/CVE-2024-279xx/CVE-2024-27974.json) (`2024-03-18T08:15:06.287`)
-* [CVE-2024-28125](CVE-2024/CVE-2024-281xx/CVE-2024-28125.json) (`2024-03-18T08:15:06.347`)
-* [CVE-2024-28128](CVE-2024/CVE-2024-281xx/CVE-2024-28128.json) (`2024-03-18T08:15:06.400`)
-* [CVE-2024-29156](CVE-2024/CVE-2024-291xx/CVE-2024-29156.json) (`2024-03-18T07:15:05.880`)
+* [CVE-2024-1604](CVE-2024/CVE-2024-16xx/CVE-2024-1604.json) (`2024-03-18T10:15:19.900`)
+* [CVE-2024-1605](CVE-2024/CVE-2024-16xx/CVE-2024-1605.json) (`2024-03-18T10:15:20.583`)
+* [CVE-2024-1606](CVE-2024/CVE-2024-16xx/CVE-2024-1606.json) (`2024-03-18T10:15:20.863`)
+* [CVE-2024-28039](CVE-2024/CVE-2024-280xx/CVE-2024-28039.json) (`2024-03-18T09:15:06.483`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -238790,6 +238790,9 @@ CVE-2024-1591,0,0,813b185516fa7310825023c3e019d8a3dad8db3ac6e030a92367a91ad355f3
 CVE-2024-1592,0,0,4582ff945ad5ca026cbf9802fe1ff930654543e6af8959ddb0064a96f357fa86,2024-03-04T13:58:23.447000
 CVE-2024-1595,0,0,0ac9aed2c4ed6b9e7bc181d6ab55412b8033a5bfcbc541a4a4b602392614e428,2024-03-01T14:04:26.010000
 CVE-2024-1597,0,0,0788307c80ba77730580ebf7121ded97ea91ea8a6104800552d5fad5d2571fd9,2024-02-28T02:15:24.200000
+CVE-2024-1604,1,1,f03e64e076771f10a4466b1653b837ed73edc455ea0a99c28551d16bf8f086f0,2024-03-18T10:15:19.900000
+CVE-2024-1605,1,1,54e4dae625736985f2a55e6599ffb1abe4d5ce0ac2b4b1339cb85fbc1236aa01,2024-03-18T10:15:20.583000
+CVE-2024-1606,1,1,a561afbf8c29489e57c320d94e3f00d7262440823579ed6619d2c954f1912bee,2024-03-18T10:15:20.863000
 CVE-2024-1608,0,0,9c8b01b69ae5b4c70260d911aff7b2894c96a989ff451b383a0cacb2ffa6ce98,2024-02-20T19:50:53.960000
 CVE-2024-1618,0,0,d4ed9a7b03a6bc2af34446a7f8522f650b18bcab5c93148fbff943d48943d202,2024-03-12T16:02:33.900000
 CVE-2024-1619,0,0,3bd1c888593742e1605642ab3506d543678d2b012b17cc6ff867249b1db44054,2024-02-29T13:49:29.390000
@@ -239592,7 +239595,7 @@ CVE-2024-21815,0,0,77643bc01852fedba42660856307ea92e48bb3e3a61f220c8468619481001
 CVE-2024-21816,0,0,1c59ad824873b45e692308f55039674fb26186a48eef31c5167e14b30ad2d48e,2024-03-04T13:58:23.447000
 CVE-2024-2182,0,0,14bda1bfcdbdf6b080e85345ab2fdae24b0366e1f08f909e690ef4866c4d1dff,2024-03-12T17:46:17.273000
 CVE-2024-21821,0,0,4c3f841f13791c81362ea564b3fbf92012289121b1ae208771ab4f8c8efda3a4,2024-01-18T17:08:35.830000
-CVE-2024-21824,1,1,c1cdc2d3ea2481a42a8abdd1bb8cc537b301ce8f4369b37ab2671314039376c0,2024-03-18T08:15:06.087000
+CVE-2024-21824,0,0,c1cdc2d3ea2481a42a8abdd1bb8cc537b301ce8f4369b37ab2671314039376c0,2024-03-18T08:15:06.087000
 CVE-2024-21825,0,0,863f3bb0e32138d36771cc5631b2bee7f6404deacea520723a59336b368d85d0,2024-02-26T18:15:07.390000
 CVE-2024-21826,0,0,86b5e9b280063a0ae27fb6d21bc17eab887de733b019435029a476d441c4590c,2024-03-04T13:58:23.447000
 CVE-2024-21833,0,0,d495db7ecc3e5eea6a844ebf68934df72f88808ddb4472cc88d71eac4c0a6284,2024-01-18T18:26:59.627000
@@ -239875,7 +239878,7 @@ CVE-2024-22463,0,0,5b884681f5c1cb31ebf38842df7c3075a8e9d98da101d1e4ec4faa1ef09b6
 CVE-2024-22464,0,0,890f63b91e1207e51dc2d0fc686f763deb067d6410c523bfc64d52071d75be15,2024-02-15T05:03:27.617000
 CVE-2024-2247,0,0,b52dba6f68142dbeca56f2f1bf8b23a5401066ec4f0585445fe0cb42ba284eff,2024-03-14T10:15:07.027000
 CVE-2024-22473,0,0,ba695bcad0bbe2cba422f3053697429916506f0f0ce55f150fe9af4a818e1f6b,2024-02-22T19:07:27.197000
-CVE-2024-22475,1,1,33e191f20f26c04b0dc5ed44a066597bc27a3961d127d59ca446b81a73b31962,2024-03-18T08:15:06.173000
+CVE-2024-22475,0,0,33e191f20f26c04b0dc5ed44a066597bc27a3961d127d59ca446b81a73b31962,2024-03-18T08:15:06.173000
 CVE-2024-2249,0,0,cf7e9c481ceeab4ebea44cd6aa64f5dbe4abd16900b5ad6fea6a1dcff54afc44,2024-03-15T12:53:06.423000
 CVE-2024-22490,0,0,36caaa8caefc70cd3fb65a62a9488b2446e68d14844d0a61d7baf757d2000caa,2024-01-29T22:48:35.493000
 CVE-2024-22491,0,0,99c25b0ff8de89fe3ebd04368e499e7fe9b3820707560bd21fed90048934c0ad,2024-01-23T14:28:45.890000
@@ -240257,7 +240260,7 @@ CVE-2024-23553,0,0,51ea2d50cc1ff4dbab518de2a29e9ef6a91bd6b91073c23eb1a7f0cb7c8f1
 CVE-2024-2357,0,0,313587ca8b6b7919815ba797bea441002843b5151b56a9603272699863c7c655,2024-03-12T12:40:13.500000
 CVE-2024-23591,0,0,f4c08614f6a162f49ecc99f020c088036b0b565e06b57796e1304b45ae78e59d,2024-02-20T22:15:08.353000
 CVE-2024-23603,0,0,fa877b171423c355baa3228ce2c605e41edbf822a3508567d7754cb447355052,2024-02-14T18:04:45.380000
-CVE-2024-23604,1,1,ebf520efdb1291625cebf2afa512ecc89e9f0859d871db5a1cc4908400df4c55,2024-03-18T08:15:06.233000
+CVE-2024-23604,0,0,ebf520efdb1291625cebf2afa512ecc89e9f0859d871db5a1cc4908400df4c55,2024-03-18T08:15:06.233000
 CVE-2024-23605,0,0,6357ef47a85c4e22049db0926cbddeb8bbc82cdf2a1a81b5a28ca15d9cbb7aa0,2024-02-26T18:15:07.673000
 CVE-2024-23606,0,0,598e3aff4ae1bfd2aada0c773944509bbb201f8071a41b1a5b9e3c7372eb5aae,2024-02-20T19:50:53.960000
 CVE-2024-23607,0,0,8fbc2564c100ed17fa897212d565c049df0409466e1eb4358411ecb3ce547801,2024-02-14T18:04:45.380000
@@ -241637,9 +241640,10 @@ CVE-2024-27958,0,0,2ee086fb447798c561fd1c831c754d734514f619f6ebb04cf96679cb78dfe
 CVE-2024-27959,0,0,e2d4c3e5066dc506643038067fab6e9f26070ced2f7f327a18ffcd82b243c593,2024-03-17T22:38:29.433000
 CVE-2024-27960,0,0,6ff911c5617586aebae672070284633e223cb5b14cbbc3b1801f17c292900f46,2024-03-17T22:38:29.433000
 CVE-2024-27961,0,0,3162bfbc67900a83a9b4114dba265e7189f0bad8c0ddf2d85f6724674d13510a,2024-03-17T22:38:29.433000
-CVE-2024-27974,1,1,488bcc5b63f94acd0b1ffdaaa0228d98259feadd04707d2943e178cd4181ca3d,2024-03-18T08:15:06.287000
+CVE-2024-27974,0,0,488bcc5b63f94acd0b1ffdaaa0228d98259feadd04707d2943e178cd4181ca3d,2024-03-18T08:15:06.287000
 CVE-2024-27986,0,0,221ac31a72264e8303bc0dc716d0bcad27f92aa2e3b64824247f9d02601983b8,2024-03-14T12:52:09.877000
 CVE-2024-27987,0,0,ce6fd0b1730cd837f285c0aaaa1258cf6aa8505469e7f313401adb363ee7f395,2024-03-15T12:53:06.423000
+CVE-2024-28039,1,1,a91718c4020837fd9e211325d1d6147f0b785cbdbab9fb18babde9370ced1b12,2024-03-18T09:15:06.483000
 CVE-2024-28053,0,0,e281ed045d826247c32c0ccef204d2c431b80f755e75c928bfd444d7e8497772,2024-03-15T12:53:06.423000
 CVE-2024-28069,0,0,bc55065fc354d40d7b16dc028d30e9ac9c120daebe64d1e74cc55e5aec96ab01,2024-03-17T22:38:29.433000
 CVE-2024-28070,0,0,d9b3309fdc4db05937449ae85d6df93a299898f40c2c79f5bb7988f4ebb25838,2024-03-17T22:38:29.433000
@@ -241660,8 +241664,8 @@ CVE-2024-28115,0,0,3e0e705412ec4ecfb9fabefcb95634cd838a6bf7c9c03087d677ba199986f
 CVE-2024-28120,0,0,1945ab744b479cd2a55b16e82913f94d84bcc236918a39e22cfe06aca7010c4c,2024-03-12T12:40:13.500000
 CVE-2024-28121,0,0,6ad3b99e4c8dd1459c44e51d2edc62f08f0aa4d5ffd25ea4a2fe7aa5af2916e8,2024-03-13T21:16:00.460000
 CVE-2024-28122,0,0,3209f9a611aea4804720e8e5b4eeb3a02772982f302e787ac8040299af464092,2024-03-11T01:32:39.697000
-CVE-2024-28125,1,1,65d9c24a5e0c0b4d148512225b96193c0bf73b8894ddd2671583c2b38959e5fa,2024-03-18T08:15:06.347000
-CVE-2024-28128,1,1,a17695a240f4f2d82ca81a1ea07dea66dfa16007f2258e0e74076abcd1b5a954,2024-03-18T08:15:06.400000
+CVE-2024-28125,0,0,65d9c24a5e0c0b4d148512225b96193c0bf73b8894ddd2671583c2b38959e5fa,2024-03-18T08:15:06.347000
+CVE-2024-28128,0,0,a17695a240f4f2d82ca81a1ea07dea66dfa16007f2258e0e74076abcd1b5a954,2024-03-18T08:15:06.400000
 CVE-2024-28149,0,0,bb1327eb2ceb44ae2cc8e952fde2f54b109f1740591e1ece1b912c644025402b,2024-03-06T21:42:54.697000
 CVE-2024-28150,0,0,bd9c785686979f74fc956d3a9d80b65ba208ec849a10e17a7f0c9226761980a2,2024-03-06T21:42:54.697000
 CVE-2024-28151,0,0,473d59d35d2166d8f0877541c6be6e5f16e5683e6e89c2ed65e060f312f6c9a8,2024-03-06T21:42:54.697000
@@ -241779,4 +241783,4 @@ CVE-2024-28859,0,0,2d0407c7b83f2786a493b842ae3fe3ce3f906494adee8b0e0f61c75557fcb
 CVE-2024-28862,0,0,b0dc40150b0e5f15633ecb26c2614b37fe6eefbb423911349887989b36d78640,2024-03-17T22:38:29.433000
 CVE-2024-29151,0,0,5ec903f1e83fe9ef91dd8fa281d0d9249de67095eb219c2fefc315dc2fd25383,2024-03-18T06:15:05.913000
 CVE-2024-29154,0,0,27deb04035bee400856eb7d08b4f1bd8e0f3cd03c5a26708ab341cdb537485b4,2024-03-18T06:15:06.080000
-CVE-2024-29156,1,1,dc9b9c233c31a730eb56f0d9193b5d656bd692e0fe6247903130d468d58de8ec,2024-03-18T07:15:05.880000
+CVE-2024-29156,0,0,dc9b9c233c31a730eb56f0d9193b5d656bd692e0fe6247903130d468d58de8ec,2024-03-18T07:15:05.880000