mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-19 17:31:42 +00:00
119 lines
4.0 KiB
JSON
119 lines
4.0 KiB
JSON
{
|
|
"id": "CVE-2018-15429",
|
|
"sourceIdentifier": "ykramarz@cisco.com",
|
|
"published": "2018-10-05T14:29:11.670",
|
|
"lastModified": "2020-09-16T19:13:21.970",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based UI of an affected system. A successful exploit could allow the attacker to access files that may contain sensitive data."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad en la interfaz web de Cisco HyperFlex HX Data Platform Software podr\u00eda permitir que un atacante remoto no autenticado acceda a informaci\u00f3n sensible en un sistema afectado. Esta vulnerabilidad se debe a la ausencia de entradas y autorizaci\u00f3n de peticiones HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una petici\u00f3n HTTP manipulada a la interfaz de usuario web de un sistema afectado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante acceda a archivos que podr\u00edan contener datos sensibles."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 1.4
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-862"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "ykramarz@cisco.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-20"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:hyperflex_hx_data_platform:2.6\\(1d\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "65EF06CB-ED3D-4B86-A9D2-5FB34F542CF8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:hyperflex_hx_data_platform:3.0\\(1a\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "94607F74-2E39-450A-8DC8-ACB6550FF4EB"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-hyperflex-uda",
|
|
"source": "ykramarz@cisco.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |