cvelist/2018/1xxx/CVE-2018-1804.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "psirt@us.ibm.com",
      "DATE_PUBLIC" : "2018-12-11T00:00:00",
      "ID" : "CVE-2018-1804",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "Security Access Manager Appliance",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "9.0.1.0"
                              },
                              {
                                 "version_value" : "9.0.2.0"
                              },
                              {
                                 "version_value" : "9.0.3.0"
                              },
                              {
                                 "version_value" : "9.0.4.0"
                              },
                              {
                                 "version_value" : "9.0.5.0"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "IBM"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703."
         }
      ]
   },
   "impact" : {
      "cvssv3" : {
         "BM" : {
            "A" : "N",
            "AC" : "H",
            "AV" : "N",
            "C" : "L",
            "I" : "N",
            "PR" : "N",
            "S" : "U",
            "SCORE" : "3.700",
            "UI" : "N"
         },
         "TM" : {
            "E" : "U",
            "RC" : "C",
            "RL" : "O"
         }
      }
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "Obtain Information"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
            "refsource" : "CONFIRM",
            "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
         },
         {
            "name" : "ibm-sam-cve20181804-info-disc(149703)",
            "refsource" : "XF",
            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149703"
         }
      ]
   }
}
- Synchronized data. 2017-12-13 17:04:27 -05:00			`{`
- Synchronized data. 2018-12-13 11:07:30 -05:00			`"CVE_data_meta" : {`
			`"ASSIGNER" : "psirt@us.ibm.com",`
			`"DATE_PUBLIC" : "2018-12-11T00:00:00",`
			`"ID" : "CVE-2018-1804",`
			`"STATE" : "PUBLIC"`
			`},`
IBM20181213-101622 Added CVE-2018-1887, CVE-2018-1813, CVE-2018-1665, CVE-2018-1805, CVE-2018-1821, CVE-2018-1804, CVE-2017-1268, CVE-2018-1817, CVE-2018-1653, CVE-2018-1818, CVE-2018-1667, CVE-2018-1803, CVE-2018-1740, CVE-2018-1886, CVE-2018-1814, CVE-2018-1815 2018-12-13 10:16:22 -05:00			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "Security Access Manager Appliance",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "9.0.1.0"`
			`},`
			`{`
			`"version_value" : "9.0.2.0"`
			`},`
			`{`
			`"version_value" : "9.0.3.0"`
			`},`
			`{`
			`"version_value" : "9.0.4.0"`
			`},`
			`{`
			`"version_value" : "9.0.5.0"`
			`}`
			`]`
			`}`
			`}`
			`]`
- Synchronized data. 2018-12-13 11:07:30 -05:00			`},`
			`"vendor_name" : "IBM"`
IBM20181213-101622 Added CVE-2018-1887, CVE-2018-1813, CVE-2018-1665, CVE-2018-1805, CVE-2018-1821, CVE-2018-1804, CVE-2017-1268, CVE-2018-1817, CVE-2018-1653, CVE-2018-1818, CVE-2018-1667, CVE-2018-1803, CVE-2018-1740, CVE-2018-1886, CVE-2018-1814, CVE-2018-1815 2018-12-13 10:16:22 -05:00			`}`
			`]`
			`}`
			`},`
- Synchronized data. 2018-12-13 11:07:30 -05:00			`"data_format" : "MITRE",`
- Synchronized data. 2017-12-13 17:04:27 -05:00			`"data_type" : "CVE",`
- Synchronized data. 2018-12-13 11:07:30 -05:00			`"data_version" : "4.0",`
- Synchronized data. 2017-12-13 17:04:27 -05:00			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
- Synchronized data. 2018-12-13 11:07:30 -05:00			`"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703."`
IBM20181213-101622 Added CVE-2018-1887, CVE-2018-1813, CVE-2018-1665, CVE-2018-1805, CVE-2018-1821, CVE-2018-1804, CVE-2017-1268, CVE-2018-1817, CVE-2018-1653, CVE-2018-1818, CVE-2018-1667, CVE-2018-1803, CVE-2018-1740, CVE-2018-1886, CVE-2018-1814, CVE-2018-1815 2018-12-13 10:16:22 -05:00			`}`
			`]`
			`},`
- Synchronized data. 2018-12-13 11:07:30 -05:00			`"impact" : {`
			`"cvssv3" : {`
			`"BM" : {`
			`"A" : "N",`
			`"AC" : "H",`
			`"AV" : "N",`
			`"C" : "L",`
			`"I" : "N",`
			`"PR" : "N",`
			`"S" : "U",`
			`"SCORE" : "3.700",`
			`"UI" : "N"`
IBM20181213-101622 Added CVE-2018-1887, CVE-2018-1813, CVE-2018-1665, CVE-2018-1805, CVE-2018-1821, CVE-2018-1804, CVE-2017-1268, CVE-2018-1817, CVE-2018-1653, CVE-2018-1818, CVE-2018-1667, CVE-2018-1803, CVE-2018-1740, CVE-2018-1886, CVE-2018-1814, CVE-2018-1815 2018-12-13 10:16:22 -05:00			`},`
- Synchronized data. 2018-12-13 11:07:30 -05:00			`"TM" : {`
			`"E" : "U",`
			`"RC" : "C",`
			`"RL" : "O"`
- Synchronized data. 2017-12-13 17:04:27 -05:00			`}`
- Synchronized data. 2018-12-13 11:07:30 -05:00			`}`
IBM20181213-101622 Added CVE-2018-1887, CVE-2018-1813, CVE-2018-1665, CVE-2018-1805, CVE-2018-1821, CVE-2018-1804, CVE-2017-1268, CVE-2018-1817, CVE-2018-1653, CVE-2018-1818, CVE-2018-1667, CVE-2018-1803, CVE-2018-1740, CVE-2018-1886, CVE-2018-1814, CVE-2018-1815 2018-12-13 10:16:22 -05:00			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Obtain Information"`
			`}`
			`]`
			`}`
			`]`
			`},`
- Synchronized data. 2018-12-13 11:07:30 -05:00			`"references" : {`
			`"reference_data" : [`
			`{`
			`"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",`
			`"refsource" : "CONFIRM",`
			`"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785"`
			`},`
			`{`
			`"name" : "ibm-sam-cve20181804-info-disc(149703)",`
			`"refsource" : "XF",`
			`"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149703"`
			`}`
			`]`
			`}`
- Synchronized data. 2017-12-13 17:04:27 -05:00			`}`