mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-09-17 18:45:49 +00:00
133 lines
4.1 KiB
JSON
133 lines
4.1 KiB
JSON
{
|
|
"id": "CVE-2012-2421",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2012-04-25T20:55:01.340",
|
|
"lastModified": "2024-11-21T01:39:04.643",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Los manejadores intu-help-qb (tambi\u00e9n conocido como Intuit Help System Async Pluggable Protocol) en HelpAsyncPluggableProtocol.dll en Intuit QuickBooks v2009 hasta v2012, cuando se utiliza Internet Explorer, podr\u00eda permitir a atacantes remotos leer ficheros arbitrarios en archivos ZIP a trav\u00e9s de una ruta completa en el URI."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N",
|
|
"baseScore": 1.8,
|
|
"accessVector": "ADJACENT_NETWORK",
|
|
"accessComplexity": "HIGH",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "LOW",
|
|
"exploitabilityScore": 3.2,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-22"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:intuit:quickbooks:2009:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "406C7E8C-1F81-482D-9E64-7DBFCBCFEEE6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:intuit:quickbooks:2010:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "16920868-86EE-483B-A6F1-383C7D006DF0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:intuit:quickbooks:2011:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B50F6D01-614E-4FDC-B4BE-4D0D3CEC52D6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:intuit:quickbooks:2012:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4736C29C-D28D-4116-908B-EE55DD892B41"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.kb.cert.org/vuls/id/232979",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"US Government Resource"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/522139",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75172",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.kb.cert.org/vuls/id/232979",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"US Government Resource"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/522139",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75172",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |