From aae6a96fed4792f02b8a419f2387918e2d813739 Mon Sep 17 00:00:00 2001
From: cad-safe-bot <cad-safe-bot@protonmail.com>
Date: Wed, 29 Nov 2023 11:00:22 +0000
Subject: [PATCH] Auto-Update: 2023-11-29T11:00:18.604388+00:00

---
 CVE-2023/CVE-2023-55xx/CVE-2023-5598.json |  6 +--
 CVE-2023/CVE-2023-60xx/CVE-2023-6020.json | 24 +++++-----
 CVE-2023/CVE-2023-60xx/CVE-2023-6021.json | 24 +++++-----
 CVE-2023/CVE-2023-60xx/CVE-2023-6070.json | 55 +++++++++++++++++++++++
 README.md                                 | 24 ++++------
 5 files changed, 89 insertions(+), 44 deletions(-)
 create mode 100644 CVE-2023/CVE-2023-60xx/CVE-2023-6070.json

diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5598.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5598.json
index 7767f196abc..3cd007b7f5c 100644
--- a/CVE-2023/CVE-2023-55xx/CVE-2023-5598.json
+++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5598.json
@@ -2,12 +2,12 @@
   "id": "CVE-2023-5598",
   "sourceIdentifier": "3DS.Information-Security@3ds.com",
   "published": "2023-11-21T10:15:07.900",
-  "lastModified": "2023-11-25T01:22:55.993",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-11-29T10:15:07.353",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "Stored Cross-site Scripting (XSS) vulnerabilities\u00c2\u00a0affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code."
+      "value": "Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code."
     },
     {
       "lang": "es",
diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6020.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6020.json
index 8c34fe6a6f4..18a55d0aea8 100644
--- a/CVE-2023/CVE-2023-60xx/CVE-2023-6020.json
+++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6020.json
@@ -2,12 +2,12 @@
   "id": "CVE-2023-6020",
   "sourceIdentifier": "security@huntr.dev",
   "published": "2023-11-16T21:15:09.443",
-  "lastModified": "2023-11-24T23:09:22.967",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-11-29T10:15:07.507",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication."
+      "value": "LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.\n\n"
     },
     {
       "lang": "es",
@@ -35,28 +35,26 @@
         },
         "exploitabilityScore": 3.9,
         "impactScore": 3.6
-      }
-    ],
-    "cvssMetricV30": [
+      },
       {
         "source": "security@huntr.dev",
         "type": "Secondary",
         "cvssData": {
-          "version": "3.0",
-          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
           "attackVector": "NETWORK",
           "attackComplexity": "LOW",
           "privilegesRequired": "NONE",
           "userInteraction": "NONE",
-          "scope": "CHANGED",
+          "scope": "UNCHANGED",
           "confidentialityImpact": "HIGH",
-          "integrityImpact": "LOW",
+          "integrityImpact": "NONE",
           "availabilityImpact": "NONE",
-          "baseScore": 9.3,
-          "baseSeverity": "CRITICAL"
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
         },
         "exploitabilityScore": 3.9,
-        "impactScore": 4.7
+        "impactScore": 3.6
       }
     ]
   },
diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6021.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6021.json
index 4a1861ead61..3f86011422f 100644
--- a/CVE-2023/CVE-2023-60xx/CVE-2023-6021.json
+++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6021.json
@@ -2,12 +2,12 @@
   "id": "CVE-2023-6021",
   "sourceIdentifier": "security@huntr.dev",
   "published": "2023-11-16T17:15:09.020",
-  "lastModified": "2023-11-24T23:05:43.850",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-11-29T10:15:07.707",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication."
+      "value": "LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\n\n"
     },
     {
       "lang": "es",
@@ -35,28 +35,26 @@
         },
         "exploitabilityScore": 3.9,
         "impactScore": 3.6
-      }
-    ],
-    "cvssMetricV30": [
+      },
       {
         "source": "security@huntr.dev",
         "type": "Secondary",
         "cvssData": {
-          "version": "3.0",
-          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
           "attackVector": "NETWORK",
           "attackComplexity": "LOW",
           "privilegesRequired": "NONE",
           "userInteraction": "NONE",
-          "scope": "CHANGED",
+          "scope": "UNCHANGED",
           "confidentialityImpact": "HIGH",
-          "integrityImpact": "LOW",
+          "integrityImpact": "NONE",
           "availabilityImpact": "NONE",
-          "baseScore": 9.3,
-          "baseSeverity": "CRITICAL"
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
         },
         "exploitabilityScore": 3.9,
-        "impactScore": 4.7
+        "impactScore": 3.6
       }
     ]
   },
diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6070.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6070.json
new file mode 100644
index 00000000000..462b8875613
--- /dev/null
+++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6070.json
@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-6070",
+  "sourceIdentifier": "trellixpsirt@trellix.com",
+  "published": "2023-11-29T09:15:21.877",
+  "lastModified": "2023-11-29T09:15:21.877",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nA server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "trellixpsirt@trellix.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "trellixpsirt@trellix.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-918"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10413",
+      "source": "trellixpsirt@trellix.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index 7fefa5b9932..6d03b52a483 100644
--- a/README.md
+++ b/README.md
@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-11-29T07:00:17.662412+00:00
+2023-11-29T11:00:18.604388+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-11-29T06:15:46.853000+00:00
+2023-11-29T10:15:07.707000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,29 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-231672
+231673
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `9`
+Recently added CVEs: `1`
 
-* [CVE-2023-46886](CVE-2023/CVE-2023-468xx/CVE-2023-46886.json) (`2023-11-29T05:15:07.863`)
-* [CVE-2023-46887](CVE-2023/CVE-2023-468xx/CVE-2023-46887.json) (`2023-11-29T05:15:07.980`)
-* [CVE-2023-47462](CVE-2023/CVE-2023-474xx/CVE-2023-47462.json) (`2023-11-29T05:15:08.033`)
-* [CVE-2023-45479](CVE-2023/CVE-2023-454xx/CVE-2023-45479.json) (`2023-11-29T06:15:46.507`)
-* [CVE-2023-45480](CVE-2023/CVE-2023-454xx/CVE-2023-45480.json) (`2023-11-29T06:15:46.620`)
-* [CVE-2023-45481](CVE-2023/CVE-2023-454xx/CVE-2023-45481.json) (`2023-11-29T06:15:46.660`)
-* [CVE-2023-45482](CVE-2023/CVE-2023-454xx/CVE-2023-45482.json) (`2023-11-29T06:15:46.710`)
-* [CVE-2023-45483](CVE-2023/CVE-2023-454xx/CVE-2023-45483.json) (`2023-11-29T06:15:46.760`)
-* [CVE-2023-45484](CVE-2023/CVE-2023-454xx/CVE-2023-45484.json) (`2023-11-29T06:15:46.810`)
+* [CVE-2023-6070](CVE-2023/CVE-2023-60xx/CVE-2023-6070.json) (`2023-11-29T09:15:21.877`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `1`
+Recently modified CVEs: `3`
 
-* [CVE-2023-5408](CVE-2023/CVE-2023-54xx/CVE-2023-5408.json) (`2023-11-29T06:15:46.853`)
+* [CVE-2023-5598](CVE-2023/CVE-2023-55xx/CVE-2023-5598.json) (`2023-11-29T10:15:07.353`)
+* [CVE-2023-6020](CVE-2023/CVE-2023-60xx/CVE-2023-6020.json) (`2023-11-29T10:15:07.507`)
+* [CVE-2023-6021](CVE-2023/CVE-2023-60xx/CVE-2023-6021.json) (`2023-11-29T10:15:07.707`)
 
 
 ## Download and Usage