Closed fwininger closed 2 weeks ago
Hi! It looks like for three of these, you're suggesting a change to the CPE section. One of these is brand new, though. Can you provide some info on your intent with 2024/29xxx/CVE-2024-29851.json ?
In fact, I use your base for my detection algorithm. :+1: I was informed of false positives on the 3 existing CVEs, so I tried to specify the versions of the CPEs.
When I looked at the details on the publisher advisory, I saw that CVE-2024-29851 was not present in the database unlike the other 3. I copied the JSON from MITRE and added an ADP section to be similar with the other 3 CVEs.
Oh I see! Interesting use case, I don't think we were expecting people to just create ADP sections for us!
I'd love to know more about how you're using this ADP data for whatever it is you're doing.
Working on these upstream, CVE-2024-29848 has been updated, let us know how that looks to you. We won't be able to accept this PR but thanks for pointing out the issues.
BTW think the CNA container for https://cveawg.mitre.org/api/cve/CVE-2024-29849 is incorrect, KB4581 advisory says that the vulnerabilities are fixed in 12.1.2.172. Also that doesn't look like semver.
{
"version": "12.1.2.172",
"status": "affected",
"lessThan": "12.1.2.172",
"versionType": "semver"
},
This has been languishing -- I think the asked-for changes did make it in (it's all merge conflicting now which implies as much), can you check to see if it's all good @fwininger?
🗣 Description
Update request for Veeam Backup Enterprise Manager Vulnerabilities (CVE-2024-29849, CVE-2024-29850, CVE-2024-29851, CVE-2024-29852)
Reference
https://www.veeam.com/kb4581