From 02cd9957af8d626fc29272cb89b8a6d4458b5d29 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 14 Mar 2022 17:01:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/39xxx/CVE-2021-39051.json | 182 +++++++++++++-------------- 2021/39xxx/CVE-2021-39055.json | 180 +++++++++++++-------------- 2022/0xxx/CVE-2022-0969.json | 18 +++ 2022/0xxx/CVE-2022-0970.json | 18 +++ 2022/22xxx/CVE-2022-22344.json | 180 +++++++++++++-------------- 2022/22xxx/CVE-2022-22354.json | 218 ++++++++++++++++----------------- 6 files changed, 416 insertions(+), 380 deletions(-) create mode 100644 2022/0xxx/CVE-2022-0969.json create mode 100644 2022/0xxx/CVE-2022-0970.json diff --git a/2021/39xxx/CVE-2021-39051.json b/2021/39xxx/CVE-2021-39051.json index 44dd5f6a884..00d9432505d 100644 --- a/2021/39xxx/CVE-2021-39051.json +++ b/2021/39xxx/CVE-2021-39051.json @@ -1,93 +1,93 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Spectrum Copy Data Management", - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0.0" - }, - { - "version_value" : "2.2.14.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Spectrum Copy Data Management \t2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spectrum Copy Data Management", + "version": { + "version_data": [ + { + "version_value": "2.2.0.0" + }, + { + "version_value": "2.2.14.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "AV" : "N", - "S" : "U", - "AC" : "H", - "SCORE" : "4.800", - "UI" : "N", - "I" : "L", - "PR" : "N", - "A" : "N", - "C" : "L" - } - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6562479", - "url" : "https://www.ibm.com/support/pages/node/6562479", - "title" : "IBM Security Bulletin 6562479 (Spectrum Copy Data Management)", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/214441", - "name" : "ibm-spectrum-cve202139051-ssrf (214441)" - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2021-39051", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2022-03-11T00:00:00" - }, - "data_version" : "4.0", - "data_type" : "CVE", - "data_format" : "MITRE" -} + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "AV": "N", + "S": "U", + "AC": "H", + "SCORE": "4.800", + "UI": "N", + "I": "L", + "PR": "N", + "A": "N", + "C": "L" + } + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6562479", + "url": "https://www.ibm.com/support/pages/node/6562479", + "title": "IBM Security Bulletin 6562479 (Spectrum Copy Data Management)", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214441", + "name": "ibm-spectrum-cve202139051-ssrf (214441)" + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2021-39051", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2022-03-11T00:00:00" + }, + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39055.json b/2021/39xxx/CVE-2021-39055.json index 5c06e399d70..532ec7d8841 100644 --- a/2021/39xxx/CVE-2021-39055.json +++ b/2021/39xxx/CVE-2021-39055.json @@ -1,93 +1,93 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Copy Data Management \t2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214534.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "SCORE" : "5.400", - "UI" : "R", - "S" : "C", - "AV" : "N", - "I" : "L", - "A" : "N", - "PR" : "L", - "C" : "L" - }, - "TM" : { - "RL" : "O", - "E" : "H", - "RC" : "C" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } - ] - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2022-03-11T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2021-39055" - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6562479", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6562479 (Spectrum Copy Data Management)", - "url" : "https://www.ibm.com/support/pages/node/6562479" - }, - { - "name" : "ibm-spectrum-cve202139055-xss (214534)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/214534", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0.0" - }, - { - "version_value" : "2.2.14.3" - } - ] - }, - "product_name" : "Spectrum Copy Data Management" - } - ] - }, - "vendor_name" : "IBM" + "value": "IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214534.", + "lang": "eng" } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE" -} + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AC": "L", + "SCORE": "5.400", + "UI": "R", + "S": "C", + "AV": "N", + "I": "L", + "A": "N", + "PR": "L", + "C": "L" + }, + "TM": { + "RL": "O", + "E": "H", + "RC": "C" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2022-03-11T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2021-39055" + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6562479", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6562479 (Spectrum Copy Data Management)", + "url": "https://www.ibm.com/support/pages/node/6562479" + }, + { + "name": "ibm-spectrum-cve202139055-xss (214534)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214534", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.2.0.0" + }, + { + "version_value": "2.2.14.3" + } + ] + }, + "product_name": "Spectrum Copy Data Management" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE" +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0969.json b/2022/0xxx/CVE-2022-0969.json new file mode 100644 index 00000000000..caad610b44d --- /dev/null +++ b/2022/0xxx/CVE-2022-0969.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0969", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0970.json b/2022/0xxx/CVE-2022-0970.json new file mode 100644 index 00000000000..81b26e4b9ea --- /dev/null +++ b/2022/0xxx/CVE-2022-0970.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0970", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22344.json b/2022/22xxx/CVE-2022-22344.json index 5191377c952..3f5e79f6e79 100644 --- a/2022/22xxx/CVE-2022-22344.json +++ b/2022/22xxx/CVE-2022-22344.json @@ -1,93 +1,93 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Copy Data Management \t2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "I" : "L", - "UI" : "N", - "SCORE" : "4.800", - "AC" : "H", - "S" : "U", - "AV" : "N", - "C" : "L", - "A" : "N", - "PR" : "N" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2022-22344", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2022-03-11T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6562479", - "title" : "IBM Security Bulletin 6562479 (Spectrum Copy Data Management)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6562479" - }, - { - "name" : "ibm-spectrum-cve202222344-header-injection (220038)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/220038" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Spectrum Copy Data Management", - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0.0" - }, - { - "version_value" : "2.2.14.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "value": "IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038", + "lang": "eng" } - ] - } - }, - "data_type" : "CVE", - "data_format" : "MITRE" -} + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "I": "L", + "UI": "N", + "SCORE": "4.800", + "AC": "H", + "S": "U", + "AV": "N", + "C": "L", + "A": "N", + "PR": "N" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-22344", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-03-11T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6562479", + "title": "IBM Security Bulletin 6562479 (Spectrum Copy Data Management)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6562479" + }, + { + "name": "ibm-spectrum-cve202222344-header-injection (220038)", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220038" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spectrum Copy Data Management", + "version": { + "version_data": [ + { + "version_value": "2.2.0.0" + }, + { + "version_value": "2.2.14.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_type": "CVE", + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22354.json b/2022/22xxx/CVE-2022-22354.json index 77672390ce7..2feabc872d3 100644 --- a/2022/22xxx/CVE-2022-22354.json +++ b/2022/22xxx/CVE-2022-22354.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ID" : "CVE-2022-22354", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2022-03-11T00:00:00" - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6562989", - "url" : "https://www.ibm.com/support/pages/node/6562989", - "title" : "IBM Security Bulletin 6562989 (Spectrum Protect Plus)", - "refsource" : "CONFIRM" - }, - { - "url" : "https://www.ibm.com/support/pages/node/6562479", - "title" : "IBM Security Bulletin 6562479 (Spectrum Copy Data Management)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6562479" - }, - { - "name" : "ibm-spectrum-cve202222354-dos (220485)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/220485", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "SCORE" : "6.200", - "UI" : "N", - "AC" : "L", - "AV" : "L", - "I" : "N", - "A" : "H", - "PR" : "N", - "C" : "N" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management \t2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485.", - "lang" : "eng" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ID": "CVE-2022-22354", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2022-03-11T00:00:00" + }, + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0.0" - }, - { - "version_value" : "2.2.14.3" - } - ] - }, - "product_name" : "Spectrum Copy Data Management" - }, - { - "product_name" : "Spectrum Protect Plus", - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0.0" - }, - { - "version_value" : "10.1.9.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "url": "https://www.ibm.com/support/pages/node/6562479", + "title": "IBM Security Bulletin 6562479 (Spectrum Copy Data Management)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6562479" + }, + { + "name": "https://www.ibm.com/support/pages/node/6562989", + "url": "https://www.ibm.com/support/pages/node/6562989", + "title": "IBM Security Bulletin 6562989 (Spectrum Protect Plus)", + "refsource": "CONFIRM" + }, + { + "name": "ibm-spectrum-cve202222354-dos (220485)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220485", + "title": "X-Force Vulnerability Report", + "refsource": "XF" } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE" -} + ] + }, + "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "SCORE": "6.200", + "UI": "N", + "AC": "L", + "AV": "L", + "I": "N", + "A": "H", + "PR": "N", + "C": "N" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } + }, + "description": { + "description_data": [ + { + "value": "IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485.", + "lang": "eng" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.2.0.0" + }, + { + "version_value": "2.2.14.3" + } + ] + }, + "product_name": "Spectrum Copy Data Management" + }, + { + "product_name": "Spectrum Protect Plus", + "version": { + "version_data": [ + { + "version_value": "10.1.0.0" + }, + { + "version_value": "10.1.9.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE" +} \ No newline at end of file