admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-30 10:10:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-11T06:00:27.058937+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-11 06:00:30 +00:00
parent 669df9fb48
commit fdc89b0038
23 changed files with 1271 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
CVE-2023/CVE-2023-20xx/CVE-2023-2078.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-2078",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-11T03:15:09.227",
"lastModified": "2023-07-11T03:15:09.227",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The \"Buy Me a Coffee \u2013 Button and Widget Plugin\" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to update the plugins settings. CVE-2023-25030 may be a duplicate of this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/buymeacoffee/trunk/admin/class-buy-me-a-coffee-admin.php?rev=2816542",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/buymeacoffee/trunk/includes/class-buy-me-a-coffee.php?rev=2319979#L162",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2935565%40buymeacoffee&new=2935565%40buymeacoffee&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c1c218c6-1599-4dc9-846f-e0ef74821488?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2023/CVE-2023-20xx/CVE-2023-2079.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-2079",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-11T03:15:09.310",
"lastModified": "2023-07-11T03:15:09.310",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The \"Buy Me a Coffee \u2013 Button and Widget Plugin\" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This makes it possible for unauthenticated attackers to update the plugins settings, via a forged request granted the attacker can trick a site's administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/buymeacoffee/trunk/admin/class-buy-me-a-coffee-admin.php?rev=2816542",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/buymeacoffee/trunk/includes/class-buy-me-a-coffee.php?rev=2319979#L162",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2935565%40buymeacoffee&new=2935565%40buymeacoffee&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6309258e-e4fc-4edf-a771-2d82a9a85a5c?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2023/CVE-2023-314xx/CVE-2023-31405.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-31405",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:09.387",
"lastModified": "2023-07-11T03:15:09.387",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any effect on availability.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-117"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3324732",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-339xx/CVE-2023-33987.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-33987",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:09.450",
"lastModified": "2023-07-11T03:15:09.450",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which\u00a0may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate\u00a0messages. This can result in the back-end server executing a malicious payload which can be used to read or\u00a0modify information on the server or make it temporarily unavailable.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3233899",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-339xx/CVE-2023-33988.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-33988",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:09.523",
"lastModified": "2023-07-11T03:15:09.523",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in disclosure or modification of information.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3326769",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-339xx/CVE-2023-33989.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-33989",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:09.587",
"lastModified": "2023-07-11T03:15:09.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system compromise.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3331376",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-339xx/CVE-2023-33990.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-33990",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:09.657",
"lastModified": "2023-07-11T03:15:09.657",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP SQL Anywhere\u00a0- version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a Denial of Service. Further, an attacker might be able to modify sensitive data in shared memory objects.This issue only affects SAP SQL Anywhere on Windows. Other platforms are not impacted.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3331029",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-339xx/CVE-2023-33992.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-33992",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:09.717",
"lastModified": "2023-07-11T03:15:09.717",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs authorizations on the query as well as on the keyfigure/measure level. The missing check only affects the data level.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3088078",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-358xx/CVE-2023-35870.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-35870",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:09.800",
"lastModified": "2023-07-11T03:15:09.800",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a standard template could be deleted, hence making the resource temporarily unavailable.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3341211",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-358xx/CVE-2023-35871.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-35871",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:09.867",
"lastModified": "2023-07-11T03:15:09.867",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosure or system crashes, which can have low impact on confidentiality and high impact on the integrity and availability of the system.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3340735",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-358xx/CVE-2023-35872.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-35872",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:09.930",
"lastModified": "2023-07-11T03:15:09.930",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The\u00a0Message Display Tool (MDT) of SAP NetWeaver Process Integration\u00a0- version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The vulnerability does not allow access to\u00a0sensitive information or administrative functionalities. On successful exploitation an attacker can cause limited impact on confidentiality and availability of the application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3343564",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-358xx/CVE-2023-35873.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-35873",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:09.993",
"lastModified": "2023-07-11T03:15:09.993",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The\u00a0Runtime Workbench (RWB) of SAP NetWeaver Process Integration\u00a0- version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The vulnerability does not allow access to\u00a0sensitive information or administrative functionalities. On successful exploitation an attacker can cause limited impact on confidentiality and availability of the application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3343547",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-358xx/CVE-2023-35874.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-35874",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:10.050",
"lastModified": "2023-07-11T03:15:10.050",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3318850",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-369xx/CVE-2023-36917.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-36917",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:10.117",
"lastModified": "2023-07-11T03:15:10.117",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim\u2019s old password via brute force, due to unrestricted rate limit for password change functionality. Although the attack has no impact on integrity loss or system availability, this could lead to an attacker to completely takeover a victim\u2019s account.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3320702",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-369xx/CVE-2023-36918.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-36918",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:10.177",
"lastModified": "2023-07-11T03:15:10.177",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in disclosure or modification of information.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/3326769",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-369xx/CVE-2023-36919.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-36919",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:10.237",
"lastModified": "2023-07-11T03:15:10.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-644"
}
]
}
],
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/3326769",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-369xx/CVE-2023-36921.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-36921",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:10.297",
"lastModified": "2023-07-11T03:15:10.297",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-644"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3348145",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-369xx/CVE-2023-36922.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-36922",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:10.357",
"lastModified": "2023-07-11T03:15:10.357",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Due to programming error in function module or report, SAP NetWeaver ABAP (IS-OIL) - versions 600, 602, 603, 604, 605, 606, 617, 618, 800, 802, 803, 804, 805, 806, 807, allows an authenticated attacker to\u00a0inject an arbitrary operating system command into an unprotected parameter in a common (default) extension.\u00a0\u00a0On successful exploitation, the attacker can read or modify the system data as well as shut down the system.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3350297",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-369xx/CVE-2023-36924.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-36924",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:10.417",
"lastModified": "2023-07-11T03:15:10.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could modify all the syslog data causing a complete compromise of integrity of the application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-117"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3351410",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-369xx/CVE-2023-36925.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-36925",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:10.477",
"lastModified": "2023-07-11T05:15:28.067",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP Solution Manager (Diagnostics agent) - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application and other applications the Diagnostics Agent can reach.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3352058",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

24
CVE-2023/CVE-2023-371xx/CVE-2023-37189.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-37189",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-11T02:15:09.053",
"lastModified": "2023-07-11T02:15:09.053",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sahiloj/CVE-2023-37189/blob/main/README.md",
"source": "cve@mitre.org"
},
{
"url": "https://reference1.example.com/index.php?menu=billing_rates",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-371xx/CVE-2023-37190.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-37190",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-11T02:15:09.107",
"lastModified": "2023-07-11T02:15:09.107",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sahiloj/CVE-2023-37190/blob/main/README.md",
"source": "cve@mitre.org"
},
{
"url": "https://reference2.example.com/index.php?menu=grouplist",
"source": "cve@mitre.org"
}
]
}

42
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-11T02:00:51.334562+00:00
2023-07-11T06:00:27.058937+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-11T01:15:12.883000+00:00
2023-07-11T05:15:28.067000+00:00
```
### Last Data Feed Release
@ -29,29 +29,41 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
219655
219677
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `22`
* [CVE-2023-37191](CVE-2023/CVE-2023-371xx/CVE-2023-37191.json) (`2023-07-11T01:15:12.883`)
* [CVE-2023-37189](CVE-2023/CVE-2023-371xx/CVE-2023-37189.json) (`2023-07-11T02:15:09.053`)
* [CVE-2023-37190](CVE-2023/CVE-2023-371xx/CVE-2023-37190.json) (`2023-07-11T02:15:09.107`)
* [CVE-2023-2078](CVE-2023/CVE-2023-20xx/CVE-2023-2078.json) (`2023-07-11T03:15:09.227`)
* [CVE-2023-2079](CVE-2023/CVE-2023-20xx/CVE-2023-2079.json) (`2023-07-11T03:15:09.310`)
* [CVE-2023-31405](CVE-2023/CVE-2023-314xx/CVE-2023-31405.json) (`2023-07-11T03:15:09.387`)
* [CVE-2023-33987](CVE-2023/CVE-2023-339xx/CVE-2023-33987.json) (`2023-07-11T03:15:09.450`)
* [CVE-2023-33988](CVE-2023/CVE-2023-339xx/CVE-2023-33988.json) (`2023-07-11T03:15:09.523`)
* [CVE-2023-33989](CVE-2023/CVE-2023-339xx/CVE-2023-33989.json) (`2023-07-11T03:15:09.587`)
* [CVE-2023-33990](CVE-2023/CVE-2023-339xx/CVE-2023-33990.json) (`2023-07-11T03:15:09.657`)
* [CVE-2023-33992](CVE-2023/CVE-2023-339xx/CVE-2023-33992.json) (`2023-07-11T03:15:09.717`)
* [CVE-2023-35870](CVE-2023/CVE-2023-358xx/CVE-2023-35870.json) (`2023-07-11T03:15:09.800`)
* [CVE-2023-35871](CVE-2023/CVE-2023-358xx/CVE-2023-35871.json) (`2023-07-11T03:15:09.867`)
* [CVE-2023-35872](CVE-2023/CVE-2023-358xx/CVE-2023-35872.json) (`2023-07-11T03:15:09.930`)
* [CVE-2023-35873](CVE-2023/CVE-2023-358xx/CVE-2023-35873.json) (`2023-07-11T03:15:09.993`)
* [CVE-2023-35874](CVE-2023/CVE-2023-358xx/CVE-2023-35874.json) (`2023-07-11T03:15:10.050`)
* [CVE-2023-36917](CVE-2023/CVE-2023-369xx/CVE-2023-36917.json) (`2023-07-11T03:15:10.117`)
* [CVE-2023-36918](CVE-2023/CVE-2023-369xx/CVE-2023-36918.json) (`2023-07-11T03:15:10.177`)
* [CVE-2023-36919](CVE-2023/CVE-2023-369xx/CVE-2023-36919.json) (`2023-07-11T03:15:10.237`)
* [CVE-2023-36921](CVE-2023/CVE-2023-369xx/CVE-2023-36921.json) (`2023-07-11T03:15:10.297`)
* [CVE-2023-36922](CVE-2023/CVE-2023-369xx/CVE-2023-36922.json) (`2023-07-11T03:15:10.357`)
* [CVE-2023-36924](CVE-2023/CVE-2023-369xx/CVE-2023-36924.json) (`2023-07-11T03:15:10.417`)
* [CVE-2023-36925](CVE-2023/CVE-2023-369xx/CVE-2023-36925.json) (`2023-07-11T03:15:10.477`)
### CVEs modified in the last Commit
Recently modified CVEs: `9`
Recently modified CVEs: `0`
* [CVE-2021-46890](CVE-2021/CVE-2021-468xx/CVE-2021-46890.json) (`2023-07-11T00:24:44.113`)
* [CVE-2021-46891](CVE-2021/CVE-2021-468xx/CVE-2021-46891.json) (`2023-07-11T00:28:45.877`)
* [CVE-2023-36808](CVE-2023/CVE-2023-368xx/CVE-2023-36808.json) (`2023-07-10T23:58:42.933`)
* [CVE-2023-35940](CVE-2023/CVE-2023-359xx/CVE-2023-35940.json) (`2023-07-11T00:02:21.370`)
* [CVE-2023-35939](CVE-2023/CVE-2023-359xx/CVE-2023-35939.json) (`2023-07-11T00:03:34.423`)
* [CVE-2023-35924](CVE-2023/CVE-2023-359xx/CVE-2023-35924.json) (`2023-07-11T00:11:06.083`)
* [CVE-2023-34244](CVE-2023/CVE-2023-342xx/CVE-2023-34244.json) (`2023-07-11T00:14:17.360`)
* [CVE-2023-34107](CVE-2023/CVE-2023-341xx/CVE-2023-34107.json) (`2023-07-11T00:21:52.767`)
* [CVE-2023-35973](CVE-2023/CVE-2023-359xx/CVE-2023-35973.json) (`2023-07-11T00:50:42.443`)
## Download and Usage