admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-03-14 17:01:36 +00:00
parent 47a12bdd15
commit 02cd9957af
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 416 additions and 380 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2021/39xxx/CVE-2021-39051.json
View File

@ -1,93 +1,93 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Copy Data Management",
"version" : {
"version_data" : [
{
"version_value" : "2.2.0.0"
},
{
"version_value" : "2.2.14.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Copy Data Management \t2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Copy Data Management",
"version": {
"version_data": [
{
"version_value": "2.2.0.0"
},
{
"version_value": "2.2.14.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AV" : "N",
"S" : "U",
"AC" : "H",
"SCORE" : "4.800",
"UI" : "N",
"I" : "L",
"PR" : "N",
"A" : "N",
"C" : "L"
}
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6562479",
"url" : "https://www.ibm.com/support/pages/node/6562479",
"title" : "IBM Security Bulletin 6562479 (Spectrum Copy Data Management)",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/214441",
"name" : "ibm-spectrum-cve202139051-ssrf (214441)"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2021-39051",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-03-11T00:00:00"
},
"data_version" : "4.0",
"data_type" : "CVE",
"data_format" : "MITRE"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"AV": "N",
"S": "U",
"AC": "H",
"SCORE": "4.800",
"UI": "N",
"I": "L",
"PR": "N",
"A": "N",
"C": "L"
}
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6562479",
"url": "https://www.ibm.com/support/pages/node/6562479",
"title": "IBM Security Bulletin 6562479 (Spectrum Copy Data Management)",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214441",
"name": "ibm-spectrum-cve202139051-ssrf (214441)"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2021-39051",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-03-11T00:00:00"
},
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE"
}

178
2021/39xxx/CVE-2021-39055.json
View File

@ -1,93 +1,93 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Spectrum Copy Data Management \t2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214534.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"SCORE" : "5.400",
"UI" : "R",
"S" : "C",
"AV" : "N",
"I" : "L",
"A" : "N",
"PR" : "L",
"C" : "L"
},
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-03-11T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2021-39055"
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6562479",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6562479 (Spectrum Copy Data Management)",
"url" : "https://www.ibm.com/support/pages/node/6562479"
},
{
"name" : "ibm-spectrum-cve202139055-xss (214534)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/214534",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.2.0.0"
},
{
"version_value" : "2.2.14.3"
}
]
},
"product_name" : "Spectrum Copy Data Management"
}
]
},
"vendor_name" : "IBM"
"value": "IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214534.",
"lang": "eng"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE"
]
},
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"SCORE": "5.400",
"UI": "R",
"S": "C",
"AV": "N",
"I": "L",
"A": "N",
"PR": "L",
"C": "L"
},
"TM": {
"RL": "O",
"E": "H",
"RC": "C"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-03-11T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2021-39055"
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6562479",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6562479 (Spectrum Copy Data Management)",
"url": "https://www.ibm.com/support/pages/node/6562479"
},
{
"name": "ibm-spectrum-cve202139055-xss (214534)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214534",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.2.0.0"
},
{
"version_value": "2.2.14.3"
}
]
},
"product_name": "Spectrum Copy Data Management"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE"
}

18
2022/0xxx/CVE-2022-0969.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0969",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/0xxx/CVE-2022-0970.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0970",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2022/22xxx/CVE-2022-22344.json
View File

@ -1,93 +1,93 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Spectrum Copy Data Management \t2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"I" : "L",
"UI" : "N",
"SCORE" : "4.800",
"AC" : "H",
"S" : "U",
"AV" : "N",
"C" : "L",
"A" : "N",
"PR" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2022-22344",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2022-03-11T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6562479",
"title" : "IBM Security Bulletin 6562479 (Spectrum Copy Data Management)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6562479"
},
{
"name" : "ibm-spectrum-cve202222344-header-injection (220038)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/220038"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Copy Data Management",
"version" : {
"version_data" : [
{
"version_value" : "2.2.0.0"
},
{
"version_value" : "2.2.14.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
"value": "IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038",
"lang": "eng"
}
]
}
},
"data_type" : "CVE",
"data_format" : "MITRE"
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"I": "L",
"UI": "N",
"SCORE": "4.800",
"AC": "H",
"S": "U",
"AV": "N",
"C": "L",
"A": "N",
"PR": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22344",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2022-03-11T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6562479",
"title": "IBM Security Bulletin 6562479 (Spectrum Copy Data Management)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6562479"
},
{
"name": "ibm-spectrum-cve202222344-header-injection (220038)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220038"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Copy Data Management",
"version": {
"version_data": [
{
"version_value": "2.2.0.0"
},
{
"version_value": "2.2.14.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_type": "CVE",
"data_format": "MITRE"
}

216
2022/22xxx/CVE-2022-22354.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ID" : "CVE-2022-22354",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-03-11T00:00:00"
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6562989",
"url" : "https://www.ibm.com/support/pages/node/6562989",
"title" : "IBM Security Bulletin 6562989 (Spectrum Protect Plus)",
"refsource" : "CONFIRM"
},
{
"url" : "https://www.ibm.com/support/pages/node/6562479",
"title" : "IBM Security Bulletin 6562479 (Spectrum Copy Data Management)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6562479"
},
{
"name" : "ibm-spectrum-cve202222354-dos (220485)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/220485",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"SCORE" : "6.200",
"UI" : "N",
"AC" : "L",
"AV" : "L",
"I" : "N",
"A" : "H",
"PR" : "N",
"C" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management \t2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"ID": "CVE-2022-22354",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-03-11T00:00:00"
},
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.2.0.0"
},
{
"version_value" : "2.2.14.3"
}
]
},
"product_name" : "Spectrum Copy Data Management"
},
{
"product_name" : "Spectrum Protect Plus",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0.0"
},
{
"version_value" : "10.1.9.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
"url": "https://www.ibm.com/support/pages/node/6562479",
"title": "IBM Security Bulletin 6562479 (Spectrum Copy Data Management)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6562479"
},
{
"name": "https://www.ibm.com/support/pages/node/6562989",
"url": "https://www.ibm.com/support/pages/node/6562989",
"title": "IBM Security Bulletin 6562989 (Spectrum Protect Plus)",
"refsource": "CONFIRM"
},
{
"name": "ibm-spectrum-cve202222354-dos (220485)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220485",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE"
]
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"SCORE": "6.200",
"UI": "N",
"AC": "L",
"AV": "L",
"I": "N",
"A": "H",
"PR": "N",
"C": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.2.0.0"
},
{
"version_value": "2.2.14.3"
}
]
},
"product_name": "Spectrum Copy Data Management"
},
{
"product_name": "Spectrum Protect Plus",
"version": {
"version_data": [
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.1.9.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE"
}