-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Auto-Update: 2023-12-19T03:00:24.215173+00:00
- Loading branch information
1 parent
61f84f9
commit 0176a67
Showing
26 changed files
with
1,856 additions
and
109 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,16 +2,40 @@ | |
| "id": "CVE-2022-43843", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2023-12-14T01:15:07.453", | ||
| "lastModified": "2023-12-14T13:52:16.903", | ||
| "vulnStatus": "Awaiting Analysis", | ||
| "lastModified": "2023-12-19T02:00:44.520", | ||
| "vulnStatus": "Analyzed", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080." | ||
| }, | ||
| { | ||
| "lang": "es", | ||
| "value": "IBM Spectrum Scale 5.1.5.0 a 5.1.5.1 utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial. ID de IBM X-Force: 239080." | ||
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", | ||
| "attackVector": "NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "NONE", | ||
| "userInteraction": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "HIGH", | ||
| "integrityImpact": "NONE", | ||
| "availabilityImpact": "NONE", | ||
| "baseScore": 7.5, | ||
| "baseSeverity": "HIGH" | ||
| }, | ||
| "exploitabilityScore": 3.9, | ||
| "impactScore": 3.6 | ||
| }, | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Secondary", | ||
|
|
@@ -46,14 +70,50 @@ | |
| ] | ||
| } | ||
| ], | ||
| "configurations": [ | ||
| { | ||
| "nodes": [ | ||
| { | ||
| "operator": "OR", | ||
| "negate": false, | ||
| "cpeMatch": [ | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ibm:spectrum_scale:5.1.5.0:*:*:*:*:*:*:*", | ||
| "matchCriteriaId": "D316671F-A7DC-44EA-A075-9976F5B91C2F" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ibm:spectrum_scale:5.1.5.1:*:*:*:*:*:*:*", | ||
| "matchCriteriaId": "767AB3CF-B1A9-4AFE-93C2-028212F9FBB0" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239080", | ||
| "source": "[email protected]" | ||
| "source": "[email protected]", | ||
| "tags": [ | ||
| "VDB Entry", | ||
| "Vendor Advisory" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://https://www.ibm.com/support/pages/node/7094941", | ||
| "source": "[email protected]" | ||
| "source": "[email protected]", | ||
| "tags": [ | ||
| "Broken Link" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://www.ibm.com/support/pages/node/7094941", | ||
| "source": "[email protected]", | ||
| "tags": [ | ||
| "Vendor Advisory" | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,15 +2,41 @@ | |
| "id": "CVE-2023-41719", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2023-12-14T02:15:12.460", | ||
| "lastModified": "2023-12-14T13:52:16.903", | ||
| "vulnStatus": "Awaiting Analysis", | ||
| "lastModified": "2023-12-19T01:41:56.543", | ||
| "vulnStatus": "Analyzed", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution." | ||
| }, | ||
| { | ||
| "lang": "es", | ||
| "value": "Existe una vulnerabilidad en todas las versiones de Ivanti Connect Secure inferiores a 22.6R2 donde un atacante que se hace pasar por un administrador puede crear una solicitud web espec\u00edfica que puede conducir a la ejecuci\u00f3n remota de c\u00f3digo." | ||
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", | ||
| "attackVector": "NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "HIGH", | ||
| "userInteraction": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "HIGH", | ||
| "integrityImpact": "HIGH", | ||
| "availabilityImpact": "HIGH", | ||
| "baseScore": 7.2, | ||
| "baseSeverity": "HIGH" | ||
| }, | ||
| "exploitabilityScore": 1.2, | ||
| "impactScore": 5.9 | ||
| } | ||
| ], | ||
| "cvssMetricV30": [ | ||
| { | ||
| "source": "[email protected]", | ||
|
|
@@ -34,10 +60,98 @@ | |
| } | ||
| ] | ||
| }, | ||
| "weaknesses": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "NVD-CWE-noinfo" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "configurations": [ | ||
| { | ||
| "nodes": [ | ||
| { | ||
| "operator": "OR", | ||
| "negate": false, | ||
| "cpeMatch": [ | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*", | ||
| "matchCriteriaId": "CE228FBD-5AD1-4BC6-AF63-5248E671B04F" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*", | ||
| "matchCriteriaId": "44C26423-8621-4F6D-A45B-0A6B6E873AB6" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*", | ||
| "matchCriteriaId": "BC391EB5-C457-459C-8EAA-EA0043487C0B" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:21.9:r1:*:*:*:*:*:*", | ||
| "matchCriteriaId": "BD52B87C-4BED-44AE-A959-A316DAF895EC" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:21.12:r1:*:*:*:*:*:*", | ||
| "matchCriteriaId": "8CA29F12-36DE-4FBF-9EE7-7CE4B75AFA61" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*", | ||
| "matchCriteriaId": "80C56782-273A-4151-BE81-13FEEFE46A6A" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*", | ||
| "matchCriteriaId": "6564FE9E-7D96-4226-8378-DAC25525CDD1" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*", | ||
| "matchCriteriaId": "BCBF6DD0-2826-4E61-8FB6-DB489EBF8981" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*", | ||
| "matchCriteriaId": "415219D0-2D9A-4617-ABB7-6FF918421BEE" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*", | ||
| "matchCriteriaId": "E9F55E7B-7B38-4AEC-A015-D8CB9DE5E72C" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*", | ||
| "matchCriteriaId": "D3DF17AC-EC26-4B76-8989-B7880C9EF73E" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*", | ||
| "matchCriteriaId": "001E117B-E8EE-4C20-AEBF-34FF5EB5051E" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US", | ||
| "source": "[email protected]" | ||
| "source": "[email protected]", | ||
| "tags": [ | ||
| "Release Notes", | ||
| "Vendor Advisory" | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,15 +2,41 @@ | |
| "id": "CVE-2023-41720", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2023-12-14T02:15:12.670", | ||
| "lastModified": "2023-12-14T13:52:06.780", | ||
| "vulnStatus": "Awaiting Analysis", | ||
| "lastModified": "2023-12-19T01:44:28.233", | ||
| "vulnStatus": "Analyzed", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system." | ||
| }, | ||
| { | ||
| "lang": "es", | ||
| "value": "Existe una vulnerabilidad en todas las versiones de Ivanti Connect Secure inferiores a 22.6R2 donde un atacante con un punto de apoyo en un dispositivo Ivanti Connect Secure (ICS) puede escalar sus privilegios explotando una aplicaci\u00f3n instalada vulnerable. Esta vulnerabilidad permite al atacante obtener privilegios de ejecuci\u00f3n elevados en el sistema afectado." | ||
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", | ||
| "attackVector": "LOCAL", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "NONE", | ||
| "userInteraction": "REQUIRED", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "HIGH", | ||
| "integrityImpact": "HIGH", | ||
| "availabilityImpact": "HIGH", | ||
| "baseScore": 7.8, | ||
| "baseSeverity": "HIGH" | ||
| }, | ||
| "exploitabilityScore": 1.8, | ||
| "impactScore": 5.9 | ||
| } | ||
| ], | ||
| "cvssMetricV30": [ | ||
| { | ||
| "source": "[email protected]", | ||
|
|
@@ -34,10 +60,97 @@ | |
| } | ||
| ] | ||
| }, | ||
| "weaknesses": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "NVD-CWE-noinfo" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "configurations": [ | ||
| { | ||
| "nodes": [ | ||
| { | ||
| "operator": "OR", | ||
| "negate": false, | ||
| "cpeMatch": [ | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*", | ||
| "matchCriteriaId": "CE228FBD-5AD1-4BC6-AF63-5248E671B04F" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*", | ||
| "matchCriteriaId": "44C26423-8621-4F6D-A45B-0A6B6E873AB6" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*", | ||
| "matchCriteriaId": "BC391EB5-C457-459C-8EAA-EA0043487C0B" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:21.9:r1:*:*:*:*:*:*", | ||
| "matchCriteriaId": "BD52B87C-4BED-44AE-A959-A316DAF895EC" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:21.12:r1:*:*:*:*:*:*", | ||
| "matchCriteriaId": "8CA29F12-36DE-4FBF-9EE7-7CE4B75AFA61" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*", | ||
| "matchCriteriaId": "80C56782-273A-4151-BE81-13FEEFE46A6A" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*", | ||
| "matchCriteriaId": "6564FE9E-7D96-4226-8378-DAC25525CDD1" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*", | ||
| "matchCriteriaId": "BCBF6DD0-2826-4E61-8FB6-DB489EBF8981" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*", | ||
| "matchCriteriaId": "415219D0-2D9A-4617-ABB7-6FF918421BEE" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*", | ||
| "matchCriteriaId": "E9F55E7B-7B38-4AEC-A015-D8CB9DE5E72C" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*", | ||
| "matchCriteriaId": "D3DF17AC-EC26-4B76-8989-B7880C9EF73E" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*", | ||
| "matchCriteriaId": "001E117B-E8EE-4C20-AEBF-34FF5EB5051E" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US", | ||
| "source": "[email protected]" | ||
| "source": "[email protected]", | ||
| "tags": [ | ||
| "Release Notes" | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
Oops, something went wrong.