-
Notifications
You must be signed in to change notification settings - Fork 219
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- 3 new CVEs: CVE-2023-33838, CVE-2025-0795, CVE-2025-0797 - 0 updated CVEs:
- Loading branch information
cvelistV5 Github Action
committed
Jan 29, 2025
1 parent
2d637c7
commit bab1b28
Showing
5 changed files
with
456 additions
and
44 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,103 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2023-33838", | ||
| "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "ibm", | ||
| "dateReserved": "2023-05-23T00:31:47.071Z", | ||
| "datePublished": "2025-01-29T01:22:19.102Z", | ||
| "dateUpdated": "2025-01-29T01:22:19.102Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "affected": [ | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:ibm:security_verify_governance:10.0.2:*:*:*:*:*:*:*" | ||
| ], | ||
| "defaultStatus": "unaffected", | ||
| "product": "Security Verify Governance", | ||
| "vendor": "IBM", | ||
| "versions": [ | ||
| { | ||
| "status": "affected", | ||
| "version": "10.0.2" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "supportingMedia": [ | ||
| { | ||
| "base64": false, | ||
| "type": "text/html", | ||
| "value": "IBM Security Verify Governance 10.0.2 Identity Manager \n\n<span style=\"background-color: rgb(255, 255, 255);\">uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.</span>" | ||
| } | ||
| ], | ||
| "value": "IBM Security Verify Governance 10.0.2 Identity Manager \n\nuses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input." | ||
| } | ||
| ], | ||
| "metrics": [ | ||
| { | ||
| "cvssV3_1": { | ||
| "attackComplexity": "HIGH", | ||
| "attackVector": "NETWORK", | ||
| "availabilityImpact": "NONE", | ||
| "baseScore": 4.4, | ||
| "baseSeverity": "MEDIUM", | ||
| "confidentialityImpact": "HIGH", | ||
| "integrityImpact": "NONE", | ||
| "privilegesRequired": "HIGH", | ||
| "scope": "UNCHANGED", | ||
| "userInteraction": "NONE", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", | ||
| "version": "3.1" | ||
| }, | ||
| "format": "CVSS", | ||
| "scenarios": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "GENERAL" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "cweId": "CWE-759", | ||
| "description": "CWE-759 Use of a One-Way Hash without a Salt", | ||
| "lang": "en", | ||
| "type": "CWE" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", | ||
| "shortName": "ibm", | ||
| "dateUpdated": "2025-01-29T01:22:19.102Z" | ||
| }, | ||
| "references": [ | ||
| { | ||
| "tags": [ | ||
| "vendor-advisory" | ||
| ], | ||
| "url": "https://www.ibm.com/support/pages/node/7172200" | ||
| } | ||
| ], | ||
| "source": { | ||
| "discovery": "UNKNOWN" | ||
| }, | ||
| "title": "IBM Security Verify Governance information disclosure", | ||
| "x_generator": { | ||
| "engine": "Vulnogram 0.2.0" | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,155 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2025-0795", | ||
| "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "VulDB", | ||
| "dateReserved": "2025-01-28T14:34:31.298Z", | ||
| "datePublished": "2025-01-29T01:00:16.263Z", | ||
| "dateUpdated": "2025-01-29T01:00:16.263Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "providerMetadata": { | ||
| "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", | ||
| "shortName": "VulDB", | ||
| "dateUpdated": "2025-01-29T01:00:16.263Z" | ||
| }, | ||
| "title": "ESAFENET CDG todolistjump.jsp cross site scripting", | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "type": "CWE", | ||
| "cweId": "CWE-79", | ||
| "lang": "en", | ||
| "description": "Cross Site Scripting" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "type": "CWE", | ||
| "cweId": "CWE-94", | ||
| "lang": "en", | ||
| "description": "Code Injection" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "affected": [ | ||
| { | ||
| "vendor": "ESAFENET", | ||
| "product": "CDG", | ||
| "versions": [ | ||
| { | ||
| "version": "V5", | ||
| "status": "affected" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "A vulnerability was found in ESAFENET CDG V5. It has been classified as problematic. This affects an unknown part of the file /todolistjump.jsp. The manipulation of the argument flowId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." | ||
| }, | ||
| { | ||
| "lang": "de", | ||
| "value": "Es wurde eine Schwachstelle in ESAFENET CDG V5 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /todolistjump.jsp. Durch Beeinflussen des Arguments flowId mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung." | ||
| } | ||
| ], | ||
| "metrics": [ | ||
| { | ||
| "cvssV4_0": { | ||
| "version": "4.0", | ||
| "baseScore": 5.3, | ||
| "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", | ||
| "baseSeverity": "MEDIUM" | ||
| } | ||
| }, | ||
| { | ||
| "cvssV3_1": { | ||
| "version": "3.1", | ||
| "baseScore": 3.5, | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", | ||
| "baseSeverity": "LOW" | ||
| } | ||
| }, | ||
| { | ||
| "cvssV3_0": { | ||
| "version": "3.0", | ||
| "baseScore": 3.5, | ||
| "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", | ||
| "baseSeverity": "LOW" | ||
| } | ||
| }, | ||
| { | ||
| "cvssV2_0": { | ||
| "version": "2.0", | ||
| "baseScore": 4, | ||
| "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" | ||
| } | ||
| } | ||
| ], | ||
| "timeline": [ | ||
| { | ||
| "time": "2025-01-28T00:00:00.000Z", | ||
| "lang": "en", | ||
| "value": "Advisory disclosed" | ||
| }, | ||
| { | ||
| "time": "2025-01-28T01:00:00.000Z", | ||
| "lang": "en", | ||
| "value": "VulDB entry created" | ||
| }, | ||
| { | ||
| "time": "2025-01-28T15:39:52.000Z", | ||
| "lang": "en", | ||
| "value": "VulDB entry last update" | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "rian.xinc (VulDB User)", | ||
| "type": "reporter" | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://vuldb.com/?id.293919", | ||
| "name": "VDB-293919 | ESAFENET CDG todolistjump.jsp cross site scripting", | ||
| "tags": [ | ||
| "vdb-entry", | ||
| "technical-description" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?ctiid.293919", | ||
| "name": "VDB-293919 | CTI Indicators (IOB, IOC, TTP, IOA)", | ||
| "tags": [ | ||
| "signature", | ||
| "permissions-required" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?submit.483349", | ||
| "name": "Submit #483349 | esafenet CDG V5 Cross-Site Scripting (XSS)", | ||
| "tags": [ | ||
| "third-party-advisory" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://github.com/Rain1er/report/blob/main/CDG/todolistjump.md", | ||
| "tags": [ | ||
| "exploit" | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.