bpmcdevitt/data_importer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added avaya captured data potential example

Browse source
This commit is contained in:
Brendan McDevitt 2022-05-20 17:53:05 -05:00
parent c4901695d9
commit 1cb04b140f
1 changed files with 54 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
doc/cna_readme_notes/cnas_with_html_advisories.md
View file

@ -211,6 +211,60 @@ https://www.autodesk.com/trust/security-advisories
### Advisory ### Advisory
https://support.avaya.com/security https://support.avaya.com/security
#### Captured Data Potential From Advisory #### Captured Data Potential From Advisory
```
{
:bulletin_id => 'ASA-2017-350',
:overview => 'PostgreSQL is an advanced object-relational database management system (DBMS). Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2017-12172 and CVE-2017-15097 to these issues. More information about these vulnerabilities can be found in the security advisory issued by Red Hat: https://access.redhat.com/errata/RHSA-2017:3402',
:affected_packages => [
{
:product => 'Avaya Aura® Application Enablement Services',
:versions => '7.1.0.0 through 7.1.2.0',
:resolution => 'Upgrade to 7.1.3.0 or later',
:information => 'The risk is mitigated because only administrative users have access to the database by default.'
},
{
:product => 'Avaya Aura® Utility Services',
:versions => '7.1.0.0 through 7.1.2.0',
:resolution => 'Upgrade to 7.1.3.0 or later',
:information => 'The risk is mitigated because only administrative users have access to the database by default.'
}
],
:cvss_3.0_scoring_and_metrics => [
{
:vulnerability => 'CVE-2017-12172',
:cvssv3_base_score => '6.5 (Medium)',
:cvssv3_metrics => 'CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H',
},
{
:vulnerability => 'CVE-2017-15097',
:cvssv3_base_score => '6.5 (Medium)',
:cvssv3_metrics => 'CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H'
}
],
:avaya_software_only_products => [
{
:product => 'Avaya Aura® Application Enablement Services',
:actions => 'Depending on the Operating System installed, the affected package may be installed on the underlying Operating System supporting the AES application.'
},
{
:product => 'Oceanalytics Elite',
:actions => 'Depending on the Operating System installed, the affected package may be installed on the underlying Operating System supporting the application.'
}
],
:revision_history => [
{
:version => '1.0',
:date => 'December 18, 2017',
:description => 'Initial Statement issued.',
},
{
:version => '2.0',
:date => 'August 29, 2018',
:description => 'Updated versions and resolution for all products and set advisory status to Final.'
}
]
}
```
## Becton, Dickinson and Company (BD) ## Becton, Dickinson and Company (BD)
### Advisory ### Advisory