mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-01 11:11:27 +00:00
110 lines
3.1 KiB
JSON
110 lines
3.1 KiB
JSON
{
|
|
"id": "CVE-2023-5514",
|
|
"sourceIdentifier": "cybersecurity@hitachienergy.com",
|
|
"published": "2023-11-01T03:15:07.933",
|
|
"lastModified": "2023-11-08T19:36:35.017",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "\nThe response messages received from the eSOMS report generation using certain parameter queries with full file path can be\nabused for enumerating the local file system structure.\n\n"
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se puede abusar de los mensajes de respuesta recibidos de la generaci\u00f3n del informe eSOMS utilizando ciertas consultas de par\u00e1metros con la ruta completa del archivo para enumerar la estructura del sistema de archivos local."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 1.4
|
|
},
|
|
{
|
|
"source": "cybersecurity@hitachienergy.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 1.4
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-209"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "cybersecurity@hitachienergy.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-209"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "6.3.13",
|
|
"matchCriteriaId": "BE3D04FB-2676-491B-8FBC-9D5D5911E289"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true",
|
|
"source": "cybersecurity@hitachienergy.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |