cvelist/2018/1xxx/CVE-2018-1749.json

97 lines
2.7 KiB
JSON
Raw Normal View History

2017-12-13 17:04:27 -05:00
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Bypass Security"
}
]
}
]
2017-12-13 17:04:27 -05:00
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "2.6"
},
{
"version_value" : "2.7"
},
{
"version_value" : "3.0"
}
]
}
}
]
}
}
]
}
},
2017-12-13 17:04:27 -05:00
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"I" : "L",
"PR" : "L",
"A" : "N",
"AV" : "N",
"S" : "U",
"SCORE" : "4.300",
"UI" : "N",
"AC" : "L",
"C" : "N"
}
}
},
2017-12-13 17:04:27 -05:00
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 148484."
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2018-10-04T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1749"
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 733303 (Security Key Lifecycle Manager)",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733303",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733303"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148484",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-tivoli-cve20181749-sec-bypass (148484)"
2017-12-13 17:04:27 -05:00
}
]
}
}