Merge pull request #3279 from CVEProject/int-main

int-main to main update

Author: alinh-mitre

src/assets/data/CNAsList.json

@@ -19868,15 +19868,15 @@
       {
         "label": "Policy",
         "language": "",
-        "url": "https://www.pcvuesolutions.com/index.php/vuln-disclosure"
+        "url": "https://www.pcvue.com/policies/vuln_disclosure"
       }
     ],
     "securityAdvisories": {
       "alerts": [],
       "advisories": [
         {
           "label": "Advisories",
-          "url": "https://www.pcvuesolutions.com/security"
+          "url": "https://www.pcvue.com/security"
         }
       ]
     },
@@ -24227,5 +24227,61 @@
       ]
     },
     "country": "USA"
+  },
+  {
+    "shortName": "Omnissa",
+    "cnaID": "CNA-2024-0078",
+    "organizationName": "Omnissa, LLC",
+    "scope": "All Omnissa products and services, including Workspace ONE and Horizon",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "security@omnissa.com"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://static.omnissa.com/uploads/omnissa-external-vulnerability-response-and-remediation-policy.pdf"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.omnissa.com/omnissa-security-response/"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Vendor"
+      ]
+    },
+    "country": "USA"
   }
 ]

src/assets/data/metrics.json

@@ -1169,7 +1169,7 @@
         },
         {
           "month": "November",
-          "value": "5"
+          "value": "6"
         },
         {
           "month": "December",

src/assets/data/navigation.json

@@ -151,8 +151,7 @@
       "Structure": {
         "id": "3.0",
         "label": "Structure",
-        "path": "Structure",
-        "items": {}
+        "path": "Structure"
       },
       "Program Relationship with Partners": {
         "id": "3.1",
@@ -168,7 +167,7 @@
             "label": "External Partners"
           },
           "Additional Resources": {
-            "anchorId": "AdditonalResources",
+            "anchorId": "AdditionalResources",
             "label": "Additional Resources"
           }
         }

src/assets/data/news.json

@@ -1,5 +1,73 @@
 {
   "currentNews": [
+    {
+      "id": 442,
+      "newsType": "news",
+      "title": "Omnissa Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "Omnissa Added as CNA",
+      "date": "2024-11-19",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/Omnissa'>Omnissa, LLC</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for all Omnissa products and services, including Workspace ONE and Horizon."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>421 CNAs</a> (419 CNAs and 2 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Omnissa is the 228th CNA from USA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Omnissa’s Root is the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 441,
+      "newsType": "blog",
+      "title": "Vulnerability Data Enrichment for CVE Records: 224 CNAs on the Enrichment Recognition List for November 18, 2024",
+      "urlKeywords": "CNA Enrichment Recognition List Update",
+      "date": "2024-11-19",
+      "author": {
+        "name": "CVE Program",
+        "organization": {
+          "name": "CVE Program",
+          "url": ""
+        },
+        "title": "",
+        "bio": ""
+      },
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The “<a href='/About/Metrics#CNAEnrichmentRecognition'>CNA Enrichment Recognition List</a>” for November 18, 2024, is now available with 224 CNAs listed. Published every two weeks on the CVE website, the list recognizes those <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> that are actively providing enhanced vulnerability data in their <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a>. CNAs are added to the list if they provide <a href='https://www.first.org/cvss/' target='_blank'>Common Vulnerability Scoring System (CVSS)</a> and <a href='https://cwe.mitre.org/' target='_blank'>Common Weakness Enumeration (CWE&trade;)</a> information 98% of the time or more within the two-week period of their last published CVE Record."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "For more about the recognition list, see “<a href='/Media/News/item/blog/2024/09/10/CNA-Enrichment-Recognition-List'>Recognition for CNAs Actively Providing Vulnerability Data Enrichment for CVE Records</a>.” To learn more about vulnerability information types like CVSS and CWE, see the <a href='/CVERecord/UserGuide'>CVE Record User Guide</a>. View the most current CNA Enrichment Recognition List on the CVE website Metrics page <a href='/About/Metrics#CNAEnrichmentRecognition'>here</a>."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "CNA Enrichment Recognition List for November 18, 2024, with 224 CNAs listed: <ul><li>9front Systems</li><li>Absolute Software</li><li>Acronis International GmbH</li><li>Adobe Systems Incorporated</li><li>Advanced Micro Devices Inc.</li><li>AlgoSec</li><li>Amazon</li><li>AMI</li><li>AppCheck Ltd.</li><li>Arista Networks, Inc.</li><li>Asea Brown Boveri Ltd.</li><li>ASR Microelectronics Co., Ltd.</li><li>Autodesk</li><li>Automotive Security Research Group (ASRG)</li><li>Avaya Inc.</li><li>Axis Communications AB</li><li>Baicells Technologies Co., Ltd.</li><li>Baidu, Inc.</li><li>Baxter Healthcare</li><li>Becton, Dickinson and Company (BD)</li><li>BeyondTrust Inc.</li><li>Bitdefender</li><li>BlackBerry</li><li>Brocade Communications Systems, Inc.</li><li>Canon EMEA</li><li>Canon Inc.</li><li>Carrier Global Corporation</li><li>Cato Networks</li><li>CERT.PL</li><li>CERT@VDE</li><li>Check Point Software Technologies Ltd.</li><li>Checkmarx</li><li>Checkmk GmbH</li><li>Ciena Corporation</li><li>cirosec GmbH</li><li>Cisco Systems, Inc.</li><li>ClickHouse, Inc.</li><li>Cloudflare, Inc.</li><li>Concrete CMS</li><li>CyberDanube</li><li>Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government</li><li>Dassault Systèmes</li><li>Dell EMC</li><li>Dfinity Foundation</li><li>DirectCyber</li><li>Docker Inc.</li><li>dotCMS LLC</li><li>Dragos, Inc.</li><li>Dutch Institute for Vulnerability Disclosure (DIVD)</li><li>Eaton</li><li>Eclipse Foundation</li><li>ELAN Microelectronics Corp.</li><li>Elastic</li><li>EnterpriseDB Corporation</li><li>Environmental Systems Research Institute, Inc. (Esri)</li><li>Ericsson</li><li>ESET, spol. s r.o.</li><li>EU Agency for Cybersecurity (ENISA)</li><li>Exodus Intelligence</li><li>F5 Networks</li><li>Flexera Software LLC</li><li>Fluid Attacks</li><li>Forcepoint</li><li>Forescout Technologies</li><li>ForgeRock, Inc.</li><li>Fortinet, Inc.</li><li>Fortra, LLC</li><li>Gallagher Group Ltd</li><li>GE Healthcare</li><li>Genetec Inc.</li><li>Gitea Limited</li><li>GitHub (maintainer security advisories)</li><li>GitHub Inc, (Products Only)</li><li>GitLab Inc.</li><li>Glyph & Cog, LLC</li><li>Google LLC</li><li>Grafana Labs</li><li>Hanwha Vision Co., Ltd.</li><li>HashiCorp Inc.</li><li>HeroDevs</li><li>HiddenLayer, Inc.</li><li>Hillstone Networks Inc.</li><li>Hitachi Energy</li><li>Hitachi Vantara</li><li>Hitachi, Ltd.</li><li>Honeywell International Inc.</li><li>HP Inc.</li><li>Huawei Technologies</li><li>HYPR Corp</li><li>ICS-CERT</li><li>IDEMIA</li><li>Indian Computer Emergency Response Team (CERT-In)</li><li>Intel Corporation</li><li>Israel National Cyber Directorate</li><li>Ivanti</li><li>Jamf</li><li>JetBrains s.r.o.</li><li>Johnson Controls</li><li>JPCERT/CC</li><li>Kaspersky</li><li>KNIME AG</li><li>KrCERT/CC</li><li>Kubernetes</li><li>Lenovo Group Ltd.</li><li>Lexmark International Inc.</li><li>LG Electronics</li><li>Liferay, Inc.</li><li>Logitech</li><li>M-Files Corporation</li><li>ManageEngine</li><li>Mattermost, Inc</li><li>Mautic</li><li>Microchip Technology</li><li>Microsoft Corporation</li><li>Milestone Systems A/S</li><li>Mitsubishi Electric Corporation</li><li>MongoDB</li><li>Moxa Inc.</li><li>N-able</li><li>National Cyber Security Centre - Netherlands (NCSC-NL)</li><li>National Cyber Security Centre SK-CERT</li><li>National Instruments</li><li>Netflix, Inc.</li><li>Netskope</li><li>Network Optix</li><li>NLnet Labs</li><li>NortonLifeLock Inc</li><li>Nozomi Networks Inc.</li><li>Nvidia Corporation</li><li>Octopus Deploy</li><li>Okta</li><li>ONEKEY GmbH</li><li>Open Design Alliance</li><li>Open-Xchange</li><li>OpenAnolis</li><li>openEuler</li><li>OpenHarmony</li><li>OpenText (formerly Micro Focus)</li><li>OTRS AG</li><li>Palantir Technologies</li><li>Palo Alto Networks</li><li>Panasonic Holdings Corporation</li><li>Pandora FMS</li><li>PaperCut Software Pty Ltd</li><li>Patchstack OÜ</li><li>Payara</li><li>Pegasystems</li><li>Pentraze Cybersecurity</li><li>Perforce</li><li>Ping Identity Corporation</li><li>PostgreSQL</li><li>Progress Software Corporation</li><li>Proofpoint Inc.</li><li>Protect AI</li><li>Pure Storage, Inc.</li><li>QNAP Systems, Inc.</li><li>Qualcomm, Inc.</li><li>Qualys, Inc.</li><li>rami.io GmbH</li><li>Rapid7, Inc.</li><li>Robert Bosch GmbH</li><li>Rockwell Automation</li><li>SailPoint Technologies</li><li>Samsung TV & Appliance</li><li>SBA Research gGmbH</li><li>Schneider Electric SE</li><li>Schweitzer Engineering Laboratories, Inc.</li><li>Secomea</li><li>Securin</li><li>Security Risk Advisors</li><li>ServiceNow</li><li>SHENZHEN CoolKit Technology CO., LTD.</li><li>SICK AG</li><li>Siemens</li><li>Sierra Wireless Inc.</li><li>Silicon Labs</li><li>Snow Software</li><li>Snyk</li><li>SoftIron</li><li>SolarWinds</li><li>Sonatype Inc.</li><li>Sophos</li><li>Spanish National Cybersecurity Institute, S.A.</li><li>Splunk</li><li>STAR Labs SG Pte. Ltd.</li><li>Switzerland National Cyber Security Centre (NCSC)</li><li>Synaptics</li><li>Synology Inc.</li><li>Talos</li><li>TeamViewer Germany GmbH</li><li>Temporal Technologies Inc.</li><li>Tenable Network Security, Inc.</li><li>Thales Group</li><li>The Document Foundation</li><li>The Missing Link Australia (TML)</li><li>The Tcpdump Group</li><li>The Wikimedia Foundation</li><li>TianoCore.org</li><li>Tigera</li><li>Toshiba Corporation</li><li>TR-CERT (Computer Emergency Response Team of the Republic of Turkey)</li><li>Trellix</li><li>TWCERT/CC</li><li>upKeeper Solutions</li><li>VulDB</li><li>VulnCheck</li><li>VULSec Labs</li><li>WatchGuard Technologies, Inc.</li><li>Western Digital</li><li>Wiz, Inc.</li><li>Wordfence</li><li>Xerox Corporation</li><li>Xiaomi Technology Co Ltd</li><li>Yandex N.V.</li><li>Yokogawa Group</li><li>Yugabyte, Inc.</li><li>Zabbix</li><li>Zephyr Project</li><li>Zero Day Initiative</li><li>Zoom Video Communications, Inc.</li><li>Zscaler, Inc.</li><li>ZTE Corporation</li><li>ZUSO Advanced Research Team (ZUSO ART)</li><li>Zyxel Corporation</li></ul>"
+        }
+      ]
+    },
+    {
+      "id": 440,
+      "newsType": "news",
+      "title": "Minutes from CVE Board Teleconference Meeting on October 30 Now Available",
+      "urlKeywords": "CVE Board Minutes from October 30",
+      "date": "2024-11-19",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The <a href='/ProgramOrganization/Board'>CVE Board</a> held a teleconference meeting on October 30, 2024. Read the <a href='https://cve.mitre.org/community/board/meeting_summaries/30_October_2024.pdf' target='_blank'>meeting minutes summary</a>."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The CVE Board is the organization responsible for the strategic direction, governance, operational structure, policies, and rules of the CVE Program. The Board includes members from numerous cybersecurity-related organizations including commercial security tool vendors, academia, research institutions, government departments and agencies, and other prominent security experts, as well as end-users of vulnerability information."
+        }
+      ]
+    },
     {
       "id": 439,
       "newsType": "news",

src/assets/style/globals.scss

@@ -561,6 +561,15 @@ label {
   overflow-x: auto
 }
 
+.cve-scroll-box {
+  max-height: 15rem;
+  border-bottom: 1px solid lightgray;
+  overflow-y: scroll;
+  border-top: 1px solid lightgray;
+  padding: .75rem
+}
+
+
 .cve-w-100 {
   width: 100%;
 }
@@ -575,6 +584,7 @@ label {
   background-color: rgba(0, 0, 0, .5);
   box-shadow: 0 0 1px rgba(255, 255, 255, .5);
 }
+
 /* Other ends here*/
 
 /* Third party CSS */

src/components/AdpVulnerabilityEnrichment.vue

@@ -71,12 +71,12 @@
               </div>
             </div>
           </div>
-          <div id="cve-kevs" v-if="kevs.length > 0 && roleName === 'adp'" class="cve-scroll-border-bottom mt-5">
+          <div id="cve-kevs" v-if="kevs.length > 0 && roleName === 'adp'" class="mt-5">
             <h4 class="title mb-0">KEV <span class="tag">{{ kevs.length }} Total</span></h4>
-            <div class="cve-learn-more cve-scroll-border-bottom">
+            <div class="cve-learn-more ">
               <router-link to="/CVERecord/UserGuide/#cve-kev" class="cve-learn-more-link">Learn more</router-link>
             </div>
-            <div class="cve-y-scroll mt-3 mb-3">
+            <div class="cve-y-scroll cve-scroll-box mt-3">
               <ul class="mt-1">
                 <li v-for="kev in kevs" :key="kev.key">
                   <a :href="kev.reference" target="_blank">{{ kev.reference }}</a><span class="is-italic cve-help-text"> ({{ kev.dateAdded }})</span>
@@ -131,13 +131,13 @@
           </div>
         </div>
         <div v-if="roleName !== 'cveProgram'">
-          <div id="cve-cwes" v-if="cwes.length > 0" class="cve-scroll-border-bottom mt-5">
+          <div id="cve-cwes" v-if="cwes.length > 0" class="mt-5">
             <h4 class="title mb-0">CWE <span class="tag">{{ cwes.length }} Total</span></h4>
-            <div class="cve-learn-more cve-scroll-border-bottom mb-5">
+            <div class="cve-learn-more mb-3">
               <router-link to="/CVERecord/UserGuide/#cve-cwe" class="cve-learn-more-link">Learn more</router-link>
             </div>
-            <div class="cve-y-scroll">
-              <ul class="mt-0 mb-3">
+            <div class="cve-y-scroll cve-scroll-box">
+              <ul class="mt-0 mb-0">
                 <li v-for="cwe in cwes" :key="cwe.key">
                   <a v-if="cwe.cweId !== 'CWE ID not provided'" :href="`https://cwe.mitre.org/data/definitions/${cwe.cweNumber}.html`" target="_blank">
                     <span class="has-text-weight-bold">{{ cwe.cweId }}<span v-if="cwe.description.length > 0">: </span></span>
@@ -406,11 +406,14 @@ export default {
       }
     },
     getCveProgramReferences(){
-      if (this.containerObject.providerMetadata.shortName.toLowerCase() !== useCveRecordLookupStore().cveProgramShortName) return;
+      if (this.containerObject.providerMetadata.shortName?.toLowerCase() !== useCveRecordLookupStore().cveProgramShortName) return;
       this.cveProgramReferences = useCveRecordLookupStore().getReferences(this.containerObject.references);
     },
     getUpdatedDate() {
-      this.dateUpdated = this.getDate(this.containerObject.providerMetadata.dateUpdated);
+      if(this.containerObject.providerMetadata?.dateUpdated) {
+        this.dateUpdated = this.getDate(this.containerObject.providerMetadata?.dateUpdated);
+      }
+    
     },
     getDate(dateTime) {
       const [date] = dateTime.split('T');
@@ -460,7 +463,4 @@ export default {
     overflow-y: scroll;
   }
 
-  .cve-scroll-border-bottom {
-    border-bottom: 1px solid lightgray;
-  }
 </style>

src/components/CveRecordReferences.vue

@@ -3,23 +3,25 @@
     class="mt-5"
     style="word-break:break-all;"
   >
-    <h4 class="title mb-0">References</h4>
-    <ul>
-      <li v-for="(reference, index) in references" :key="`link-${index}`" class="cve-word-wrap">
-        <span class="icon-text">
-          <a :href="reference.url" target="_blank">
-            {{ (typeof reference.name !== 'undefined' && reference.name.length > 0) ? `${reference.hostname}: ${reference.name}` : reference.url }}
-            <span class="icon cve-icon-xxs">
-              <p id="enewsletter" class="is-hidden">external site</p>
-              <font-awesome-icon icon="external-link-alt" aria-labelledby="enewsletter"></font-awesome-icon>
-            </span>
-          </a>
-        </span>
-        <span v-for="tag in reference.tags" :key="tag">
-          <span class="tag ml-2" v-if="tag.length > 0">{{tag}}</span>
-        </span>
-      </li>
-    </ul>
+    <h4 class="title mb-3">References <span class="tag">{{ references.length }} Total</span></h4>
+    <div class="cve-scroll-box">
+      <ul class="mt-0">
+        <li v-for="(reference, index) in references" :key="`link-${index}`" class="cve-word-wrap">
+          <span class="icon-text">
+            <a :href="reference.url" target="_blank">
+              {{ (typeof reference.name !== 'undefined' && reference.name.length > 0) ? `${reference.hostname}: ${reference.name}` : reference.url }}
+              <span class="icon cve-icon-xxs">
+                <p id="enewsletter" class="is-hidden">external site</p>
+                <font-awesome-icon icon="external-link-alt" aria-labelledby="enewsletter"></font-awesome-icon>
+              </span>
+            </a>
+          </span>
+          <span v-for="tag in reference.tags" :key="tag">
+            <span class="tag ml-2" v-if="tag.length > 0">{{tag}}</span>
+          </span>
+        </li>
+      </ul>
+    </div>
   </div>
 </template>
 
@@ -32,4 +34,7 @@ export default {
     }
   }
 }
-</script>
+</script>
+<style lang="scss">
+  @import '@/assets/style/globals.scss'; 
+</style>