diff --git a/schema/v5.0/docs/full-record-advanced-example.json b/schema/v5.0/docs/full-record-advanced-example.json
index b4087335c36..2b7f934523a 100644
--- a/schema/v5.0/docs/full-record-advanced-example.json
+++ b/schema/v5.0/docs/full-record-advanced-example.json
@@ -1,310 +1,310 @@
{
- "dataType": "CVE_RECORD",
- "dataVersion": "5.0",
- "cveMetadata": {
- "cveId": "CVE-1337-1234",
- "assignerOrgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6",
- "assignerShortName": "example",
- "requesterUserId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6",
- "serial": 1,
- "state": "PUBLISHED"
- },
- "containers": {
- "cna": {
- "providerMetadata": {
- "orgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6",
- "shortName": "example",
- "dateUpdated": "2021-09-08T16:24:00.000Z"
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0",
+ "cveMetadata": {
+ "cveId": "CVE-1337-1234",
+ "assignerOrgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6",
+ "assignerShortName": "example",
+ "requesterUserId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6",
+ "shortName": "example",
+ "dateUpdated": "2021-09-08T16:24:00.000Z"
+ },
+ "title": "Buffer overflow in Example Enterprise allows Privilege Escalation.",
+ "datePublic": "2021-09-08T16:24:00.000Z",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "lang": "en",
+ "cweId": "CWE-78",
+ "description": "CWE-78 OS Command Injection",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "impacts": [
+ {
+ "capecId": "CAPEC-233",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "CAPEC-233 Privilege Escalation"
+ }
+ ]
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "Example.org",
+ "product": "Example Enterprise",
+ "platforms": [
+ "Windows",
+ "MacOS",
+ "XT-4500"
+ ],
+ "collectionURL": "https://example.org/packages",
+ "packageName": "example_enterprise",
+ "repo": "git://example.org/source/example_enterprise",
+ "modules": [
+ "Web-Management-Interface"
+ ],
+ "programFiles": [
+ "example_enterprise/example.php"
+ ],
+ "programRoutines": [
+ {
+ "name": "parseFilename"
+ }
+ ],
+ "versions": [
+ {
+ "version": "1.0.0",
+ "status": "affected",
+ "lessThan": "1.0.6",
+ "versionType": "semver"
+ },
+ {
+ "version": "2.1.0",
+ "status": "unaffected",
+ "lessThan": "2.1.*",
+ "changes": [
+ {
+ "at": "2.1.6",
+ "status": "affected"
+ },
+ {
+ "at": "2.1.9",
+ "status": "unaffected"
+ }
+ ],
+ "versionType": "semver"
+ },
+ {
+ "version": "3.0.0",
+ "status": "unaffected",
+ "lessThan": "*",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, macOS, and XT-4500 allows remote unauthenticated attackers to escalate privileges. This issue affects: 1.0 versions before 1.0.6, 2.1 versions from 2.16 until 2.1.9.",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, macOS, and XT-4500 allows remote unauthenticated attackers to escalate privileges.
This issue affects:
> service disable webmgmt" - } - ] - } - ], - "configurations": [ - { - "lang": "en", - "value": "Web management interface should be enabled.\n> service status webmgmt\nwebmgmt running", - "supportingMedia": [ - { - "type": "text/html", - "base64": false, - "value": "Web management interface should be enabled.
> service status webmgmt" - } - ] - } - ], - "exploits": [ - { - "lang": "en", - "value": "Example.org is not aware of any malicious exploitation of the issue however exploits targeting this issue are publicly available.", - "supportingMedia": [ - { - "type": "text/html", - "base64": false, - "value": "Example.org is not aware of any malicious exploitation of the issue however exploits targeting this issue are publicly available." - } - ] - } - ], - "timeline": [ - { - "time": "2001-09-01T07:31:00.000Z", - "lang": "en", - "value": "Issue discovered by Alice using Acme Autofuzz" - }, - { - "time": "2021-09-02T16:36:00.000Z", - "lang": "en", - "value": "Confirmed by Bob" - }, - { - "time": "2021-09-07T16:37:00.000Z", - "lang": "en", - "value": "Fixes released" - } - ], - "credits": [ - { - "lang": "en", - "value": "Alice", - "type": "finder" - }, - { - "lang": "en", - "value": "Bob", - "type": "analyst" - }, - { - "lang": "en", - "value": "Acme Autofuzz", - "type": "tool" - } - ], - "references": [ - { - "url": "https://example.org/ESA-22-11-CVE-1337-1234", - "name": "ESA-22-11", - "tags": [ - "vendor-advisory" - ] - }, - { - "url": "https://example.com/blog/alice/pwning_example_enterprise", - "name": "Pwning Example Enterprise", - "tags": [ - "technical-description", - "third-party-advisory" - ] - }, - { - "url": "https://example.org/bugs/EXAMPLE-1234", - "name": "EXAMPLE-1234", - "tags": [ - "issue-tracking" - ] - }, - { - "url": "https://example.org/ExampleEnterprise", - "tags": [ - "product" - ] - } - ], - "source": { - "defects": [ - "EXAMPLE-1234" ], - "advisory": "ESA-22-11", - "discovery": "EXTERNAL" + "cvssV3_1": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } }, - "taxonomyMappings": [ - { - "taxonomyName": "ATT&CK", - "taxonomyVersion": "v9", - "taxonomyRelations": [ - { - "taxonomyId": "T1190", - "relationshipName": "mitigated by", - "relationshipValue": "M1048" - } - ] + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "If the enhanced host protection mode is turned on, this vulnerability can only be exploited to run os commands as user 'nobody'. Privilege escalation is not possible." + } + ], + "cvssV3_1": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } - ] - } + } + ], + "solutions": [ + { + "lang": "en", + "value": "This issue is fixed in 1.0.6, 2.1.9, and 3.0.0 and all later versions.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "This issue is fixed in 1.0.6, 2.1.9, and 3.0.0 and all later versions." + } + ] + } + ], + "workarounds": [ + { + "lang": "en", + "value": "Disable the web management interface with the command\n> service disable webmgmt", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "Disable the web management interface with the command
webmgmt running
> service disable webmgmt" + } + ] + } + ], + "configurations": [ + { + "lang": "en", + "value": "Web management interface should be enabled.\n> service status webmgmt\nwebmgmt running", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "Web management interface should be enabled.
> service status webmgmt" + } + ] + } + ], + "exploits": [ + { + "lang": "en", + "value": "Example.org is not aware of any malicious exploitation of the issue however exploits targeting this issue are publicly available.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "Example.org is not aware of any malicious exploitation of the issue however exploits targeting this issue are publicly available." + } + ] + } + ], + "timeline": [ + { + "time": "2001-09-01T07:31:00.000Z", + "lang": "en", + "value": "Issue discovered by Alice using Acme Autofuzz" + }, + { + "time": "2021-09-02T16:36:00.000Z", + "lang": "en", + "value": "Confirmed by Bob" + }, + { + "time": "2021-09-07T16:37:00.000Z", + "lang": "en", + "value": "Fixes released" + } + ], + "credits": [ + { + "lang": "en", + "value": "Alice", + "type": "finder" + }, + { + "lang": "en", + "value": "Bob", + "type": "analyst" + }, + { + "lang": "en", + "value": "Acme Autofuzz", + "type": "tool" + } + ], + "references": [ + { + "url": "https://example.org/ESA-22-11-CVE-1337-1234", + "name": "ESA-22-11", + "tags": [ + "vendor-advisory" + ] + }, + { + "url": "https://example.com/blog/alice/pwning_example_enterprise", + "name": "Pwning Example Enterprise", + "tags": [ + "technical-description", + "third-party-advisory" + ] + }, + { + "url": "https://example.org/bugs/EXAMPLE-1234", + "name": "EXAMPLE-1234", + "tags": [ + "issue-tracking" + ] + }, + { + "url": "https://example.org/ExampleEnterprise", + "tags": [ + "product" + ] + } + ], + "source": { + "defects": [ + "EXAMPLE-1234" + ], + "advisory": "ESA-22-11", + "discovery": "EXTERNAL" + }, + "taxonomyMappings": [ + { + "taxonomyName": "ATT&CK", + "taxonomyVersion": "v9", + "taxonomyRelations": [ + { + "taxonomyId": "T1190", + "relationshipName": "mitigated by", + "relationshipValue": "M1048" + } + ] + } + ] } - } \ No newline at end of file + } +} \ No newline at end of file diff --git a/schema/v5.0/docs/full-record-basic-example.json b/schema/v5.0/docs/full-record-basic-example.json index d50177fecbf..3dfb81e9bc2 100644 --- a/schema/v5.0/docs/full-record-basic-example.json +++ b/schema/v5.0/docs/full-record-basic-example.json @@ -1,52 +1,52 @@ { - "dataType": "CVE_RECORD", - "dataVersion": "5.0", - "cveMetadata": { - "cveId": "CVE-1337-1234", - "assignerOrgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6", - "state": "PUBLISHED" - }, - "containers": { - "cna": { - "providerMetadata": { - "orgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6" - }, - "problemTypes": [ - { - "descriptions": [ - { - "lang": "en", - "description": "CWE-78 OS Command Injection" - } - ] - } - ], - "affected": [ - { - "vendor": "Example.org", - "product": "Example Enterprise", - "versions": [ - { - "version": "1.0.0", - "status": "affected", - "lessThan": "1.0.6", - "versionType": "semver" - } - ], - "defaultStatus": "unaffected" - } - ], - "descriptions": [ - { - "lang": "en", - "value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, MacOS and XT-4500 allows remote unauthenticated attackers to escalate privileges.\n\nThis issue affects:\n * 1.0 versions before 1.0.6\n * 2.1 versions from 2.16 until 2.1.9." - } - ], - "references": [ - { - "url": "https://example.org/ESA-22-11-CVE-1337-1234" - } - ] - } + "dataType": "CVE_RECORD", + "dataVersion": "5.0", + "cveMetadata": { + "cveId": "CVE-1337-1234", + "assignerOrgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6", + "state": "PUBLISHED" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6" + }, + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "description": "CWE-78 OS Command Injection" + } + ] + } + ], + "affected": [ + { + "vendor": "Example.org", + "product": "Example Enterprise", + "versions": [ + { + "version": "1.0.0", + "status": "affected", + "lessThan": "1.0.6", + "versionType": "semver" + } + ], + "defaultStatus": "unaffected" + } + ], + "descriptions": [ + { + "lang": "en", + "value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, MacOS and XT-4500 allows remote unauthenticated attackers to escalate privileges.\n\nThis issue affects:\n * 1.0 versions before 1.0.6\n * 2.1 versions from 2.16 until 2.1.9." + } + ], + "references": [ + { + "url": "https://example.org/ESA-22-11-CVE-1337-1234" + } + ] } - } \ No newline at end of file + } +} \ No newline at end of file
webmgmt running