"-Synchronized-Data."

cve-team · cve-team · commit 23e4ce7461da · 2021-09-28T14:00:56.000Z
diff --git a/2021/22xxx/CVE-2021-22535.json b/2021/22xxx/CVE-2021-22535.json
@@ -4,14 +4,58 @@
     "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2021-22535",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security@microfocus.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Directory and Resource Administrator (DRA)",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "All DRA versions prior to 10.1 Patch 1"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "unauthorized information security disclosure."
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://support.microfocus.com/kb/doc.php?id=7025273",
+                "url": "https://support.microfocus.com/kb/doc.php?id=7025273"
+            }
+        ]
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure."
             }
         ]
     }
diff --git a/2021/33xxx/CVE-2021-33904.json b/2021/33xxx/CVE-2021-33904.json
@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS."
+                "value": "** DISPUTED ** In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states \"there are configurable security flags and we are unable to reproduce them with the available information.\""
             }
         ]
     },
diff --git a/2021/34xxx/CVE-2021-34369.json b/2021/34xxx/CVE-2021-34369.json
@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value."
+                "value": "** DISPUTED ** portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states \"the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable.\""
             }
         ]
     },
diff --git a/2021/34xxx/CVE-2021-34370.json b/2021/34xxx/CVE-2021-34370.json
@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS."
+                "value": "** DISPUTED ** Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states \"there are configurable security flags and we are unable to reproduce them with the available information.\""
             }
         ]
     },
diff --git a/2021/34xxx/CVE-2021-34636.json b/2021/34xxx/CVE-2021-34636.json
@@ -1,18 +1,106 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
+        "AKA": "Wordfence",
+        "ASSIGNER": "security@wordfence.com",
+        "DATE_PUBLIC": "2021-09-27T13:41:00.000Z",
         "ID": "CVE-2021-34636",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Countdown and CountUp, WooCommerce Sales Timer <= 1.5.7 Cross-Site Request Forgery to Stored Cross-Site Scripting"
     },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Countdown and CountUp, WooCommerce Sales Timers",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<=",
+                                            "version_name": "1.5.7",
+                                            "version_value": "1.5.7"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "WpDevArt"
+                }
+            ]
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "Xu-Liang Liao"
+        }
+    ],
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_theme function found in the ~/includes/admin/coundown_theme_page.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.7."
             }
         ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "HIGH",
+            "baseScore": 8.8,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "NONE",
+            "scope": "UNCHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34636",
+                "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34636"
+            },
+            {
+                "refsource": "MISC",
+                "url": "https://plugins.trac.wordpress.org/changeset/2605523/countdown-wpdevart-extended/trunk/includes/admin/coundown_theme_page.php",
+                "name": "https://plugins.trac.wordpress.org/changeset/2605523/countdown-wpdevart-extended/trunk/includes/admin/coundown_theme_page.php"
+            }
+        ]
+    },
+    "solution": [
+        {
+            "lang": "eng",
+            "value": "Update plugin to version 1.5.8 or newer. "
+        }
+    ],
+    "source": {
+        "discovery": "EXTERNAL"
     }
 }
diff --git a/2021/38xxx/CVE-2021-38124.json b/2021/38xxx/CVE-2021-38124.json
@@ -4,14 +4,58 @@
     "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2021-38124",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security@microfocus.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "ArcSight Enterprise Security Manager (ESM).",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "ArcSight ESM versions 7.0.2 through 7.5."
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Remote Code Execution."
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://portal.microfocus.com/s/article/KM000001960",
+                "url": "https://portal.microfocus.com/s/article/KM000001960"
+            }
+        ]
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution."
             }
         ]
     }
diff --git a/2021/41xxx/CVE-2021-41768.json b/2021/41xxx/CVE-2021-41768.json
@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2021-41768",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
diff --git a/2021/41xxx/CVE-2021-41769.json b/2021/41xxx/CVE-2021-41769.json
@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2021-41769",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@`
`34`	`34`	`"description_data": [`
`35`	`35`	`{`
`36`	`36`	`"lang": "eng",`
`37`		`- "value": "In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS."`
	`37`	`+ "value": " DISPUTED In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states \"there are configurable security flags and we are unable to reproduce them with the available information.\""`
`38`	`38`	`}`
`39`	`39`	`]`
`40`	`40`	`},`