cvelist/2018/1xxx/CVE-2018-1749.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2018-10-04T00:00:00",
        "ID": "CVE-2018-1749",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Security Key Lifecycle Manager",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "2.6"
                                        },
                                        {
                                            "version_value": "2.7"
                                        },
                                        {
                                            "version_value": "3.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "IBM"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 148484."
            }
        ]
    },
    "impact": {
        "cvssv3": {
            "BM": {
                "A": "N",
                "AC": "L",
                "AV": "N",
                "C": "N",
                "I": "L",
                "PR": "L",
                "S": "U",
                "SCORE": "4.300",
                "UI": "N"
            },
            "TM": {
                "E": "U",
                "RC": "C",
                "RL": "O"
            }
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Bypass Security"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "http://www.ibm.com/support/docview.wss?uid=ibm10733303",
                "refsource": "CONFIRM",
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733303"
            },
            {
                "name": "ibm-tivoli-cve20181749-sec-bypass(148484)",
                "refsource": "XF",
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148484"
            }
        ]
    }
}
- Synchronized data. 2017-12-13 17:04:27 -05:00			`{`
"-Synchronized-Data." 2019-03-18 00:34:36 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "psirt@us.ibm.com",`
			`"DATE_PUBLIC": "2018-10-04T00:00:00",`
			`"ID": "CVE-2018-1749",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Security Key Lifecycle Manager",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "2.6"`
			`},`
			`{`
			`"version_value": "2.7"`
			`},`
			`{`
			`"version_value": "3.0"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "IBM"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
IBM20181008-85451 Added CVE-2018-1750, CVE-2018-1742, CVE-2018-1741, CVE-2018-1743, CVE-2018-1749, CVE-2018-1753, CVE-2018-1723 2018-10-08 08:54:51 -04:00			`{`
"-Synchronized-Data." 2019-03-18 00:34:36 +00:00			`"lang": "eng",`
			`"value": "IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 148484."`
IBM20181008-85451 Added CVE-2018-1750, CVE-2018-1742, CVE-2018-1741, CVE-2018-1743, CVE-2018-1749, CVE-2018-1753, CVE-2018-1723 2018-10-08 08:54:51 -04:00			`}`
"-Synchronized-Data." 2019-03-18 00:34:36 +00:00			`]`
			`},`
			`"impact": {`
			`"cvssv3": {`
			`"BM": {`
			`"A": "N",`
			`"AC": "L",`
			`"AV": "N",`
			`"C": "N",`
			`"I": "L",`
			`"PR": "L",`
			`"S": "U",`
			`"SCORE": "4.300",`
			`"UI": "N"`
			`},`
			`"TM": {`
			`"E": "U",`
			`"RC": "C",`
			`"RL": "O"`
			`}`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Bypass Security"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "http://www.ibm.com/support/docview.wss?uid=ibm10733303",`
			`"refsource": "CONFIRM",`
			`"url": "http://www.ibm.com/support/docview.wss?uid=ibm10733303"`
			`},`
			`{`
			`"name": "ibm-tivoli-cve20181749-sec-bypass(148484)",`
			`"refsource": "XF",`
			`"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148484"`
			`}`
			`]`
			`}`
			`}`