admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2009/CVE-2009-03xx/CVE-2009-0307.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

196 lines
6.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2009-0307",
"sourceIdentifier": "cve@mitre.org",
"published": "2009-04-22T18:30:00.170",
"lastModified": "2024-11-21T00:59:36.113",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"Customize Statistics Page\" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script or HTML via the (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, and (11) referenceTime parameters."
},
{
"lang": "es",
"value": "Una Vulnerabilidad de tipo Cross-Site Scripting (XSS) en la \"Customize Statistics Page\" (admin/statistics/ConfigureStatistics) en el servicio de conexi\u00f3n MDS en Research in Motion (RIM) BlackBerry Enterprise Server (BES) anterior a versi\u00f3n 4.1.6 MR5 permite a atacantes remotos inyectar script web o HTML arbitrario por medio de los par\u00e1metros (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, y (11) referenceTime."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"baseScore": 4.3,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:*:mr4:*:*:*:*:*:*",
"versionEndIncluding": "4.1.6",
"matchCriteriaId": "1200C916-4168-49E6-A0F4-665F6A5954F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7A2FFD-C840-459C-95C2-92FEDF341D5E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "8E297652-3533-4B2B-BA9E-FDC452BAE650"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B51FB6C5-1EA2-451E-A89B-9CE5EE3F8626"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4ACEF3E-E394-45E2-B20F-8575C92A490F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "9F71618E-5CB6-41A7-9705-6AD4344CDEA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BD344A-EE9C-4ECB-8CB1-35146FD6F056"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1694E42-9AA5-4503-9714-CBDE388481A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F378AF-E25B-4D60-AF7E-9E6FB228BF1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "265D8F90-96C3-4627-ABA5-994C25F70A45"
}
]
}
]
}
],
"references": [
{
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0170.html",
"source": "cve@mitre.org"
},
{
"url": "http://osvdb.org/53772",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/34740",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.blackberry.com/btsc/dynamickc.do?externalId=KB17969&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB17969",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/34573",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "http://www.securitytracker.com/id?1022081",
"source": "cve@mitre.org"
},
{
"url": "http://www.vupen.com/english/advisories/2009/1090",
"source": "cve@mitre.org"
},
{
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0170.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://osvdb.org/53772",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://secunia.com/advisories/34740",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.blackberry.com/btsc/dynamickc.do?externalId=KB17969&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB17969",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/34573",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "http://www.securitytracker.com/id?1022081",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.vupen.com/english/advisories/2009/1090",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink