diff --git a/2017/1xxx/CVE-2017-1609.json b/2017/1xxx/CVE-2017-1609.json index c5ae2bd7a80..3824e6906aa 100644 --- a/2017/1xxx/CVE-2017-1609.json +++ b/2017/1xxx/CVE-2017-1609.json @@ -1,18 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1609", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Quality Manager (RQM) 5.0 thorugh 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132929." } ] + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 738137 (Rational Quality Manager)", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738137", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10738137", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "name" : "ibm-rqm-cve20171609-xss (132929)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132929", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_version" : "4.0", + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "H" + }, + "BM" : { + "AV" : "N", + "UI" : "R", + "S" : "C", + "A" : "N", + "PR" : "L", + "AC" : "L", + "I" : "L", + "C" : "L", + "SCORE" : "5.400" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Cross-Site Scripting", + "lang" : "eng" + } + ] + } + ] + }, + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Rational Quality Manager", + "version" : { + "version_data" : [ + { + "version_value" : "5.0" + }, + { + "version_value" : "6.0" + }, + { + "version_value" : "6.0.1" + }, + { + "version_value" : "6.0.2" + }, + { + "version_value" : "6.0.3" + }, + { + "version_value" : "6.0.4" + }, + { + "version_value" : "6.0.5" + }, + { + "version_value" : "6.0.6" + }, + { + "version_value" : "5.01" + }, + { + "version_value" : "5.02" + } + ] + } + } + ] + } + } + ] + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2017-1609", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-10-31T00:00:00", + "STATE" : "PUBLIC" } } diff --git a/2018/1xxx/CVE-2018-1552.json b/2018/1xxx/CVE-2018-1552.json index 93f0812cba0..cc528c7cb8f 100644 --- a/2018/1xxx/CVE-2018-1552.json +++ b/2018/1xxx/CVE-2018-1552.json @@ -1,18 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1552", - "STATE" : "RESERVED" + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016247", + "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016247", + "title" : "IBM Security Bulletin 2016247 (Robotic Process Automation with Automation Anywhere)", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-rpa-cve20181552-file-upload (142889)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142889" + } + ] }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to run it, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 142889." } ] - } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "AV" : "N", + "UI" : "R", + "S" : "U", + "A" : "L", + "AC" : "L", + "PR" : "L", + "I" : "L", + "C" : "L", + "SCORE" : "5.500" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "data_type" : "CVE", + "data_version" : "4.0", + "CVE_data_meta" : { + "ID" : "CVE-2018-1552", + "DATE_PUBLIC" : "2018-10-30T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "10.0" + }, + { + "version_value" : "11.0" + } + ] + }, + "product_name" : "Robotic Process Automation with Automation Anywhere" + } + ] + } + } + ] + } + }, + "data_format" : "MITRE" } diff --git a/2018/1xxx/CVE-2018-1788.json b/2018/1xxx/CVE-2018-1788.json index 2dfb0ca1110..81fce7f7360 100644 --- a/2018/1xxx/CVE-2018-1788.json +++ b/2018/1xxx/CVE-2018-1788.json @@ -1,17 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1788", - "STATE" : "RESERVED" - }, "data_format" : "MITRE", - "data_type" : "CVE", + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Spectrum Protect", + "version" : { + "version_data" : [ + { + "version_value" : "7.1" + }, + { + "version_value" : "8.1" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2018-10-31T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "ID" : "CVE-2018-1788" + }, + "impact" : { + "cvssv3" : { + "BM" : { + "AV" : "L", + "S" : "U", + "UI" : "N", + "I" : "N", + "PR" : "H", + "AC" : "H", + "A" : "N", + "SCORE" : "4.100", + "C" : "H" + }, + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + } + } + }, "data_version" : "4.0", + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10730357", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10730357", + "title" : "IBM Security Bulletin 730357 (Spectrum Protect)" + }, + { + "refsource" : "XF", + "name" : "ibm-tivoli-cve20181788-info-disc (148873)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148873", + "title" : "X-Force Vulnerability Report" + } + ] + }, "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873." } ] } diff --git a/2018/1xxx/CVE-2018-1835.json b/2018/1xxx/CVE-2018-1835.json index 8af2a2e5578..83fb1fcfbe4 100644 --- a/2018/1xxx/CVE-2018-1835.json +++ b/2018/1xxx/CVE-2018-1835.json @@ -1,18 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1835", - "STATE" : "RESERVED" + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "PR" : "L", + "I" : "N", + "AC" : "L", + "A" : "L", + "SCORE" : "7.100", + "C" : "H", + "AV" : "N", + "S" : "U", + "UI" : "N" + } + } }, - "data_format" : "MITRE", - "data_type" : "CVE", "data_version" : "4.0", + "data_type" : "CVE", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150514." } ] - } + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733815", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733815", + "title" : "IBM Security Bulletin 733815 (Daeja ViewONE)", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150514", + "name" : "ibm-dejaviewone-cve20181835-xxe (150514)", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2018-10-26T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "ID" : "CVE-2018-1835" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Daeja ViewONE", + "version" : { + "version_data" : [ + { + "version_value" : "5" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, + "data_format" : "MITRE" } diff --git a/2018/1xxx/CVE-2018-1846.json b/2018/1xxx/CVE-2018-1846.json index 2f67aa42f29..4ae77d3ec30 100644 --- a/2018/1xxx/CVE-2018-1846.json +++ b/2018/1xxx/CVE-2018-1846.json @@ -1,18 +1,117 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1846", - "STATE" : "RESERVED" + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-10-31T00:00:00", + "ID" : "CVE-2018-1846" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.0" + }, + { + "version_value" : "6.0" + }, + { + "version_value" : "6.0.1" + }, + { + "version_value" : "6.0.2" + }, + { + "version_value" : "6.0.3" + }, + { + "version_value" : "6.0.4" + }, + { + "version_value" : "6.0.5" + }, + { + "version_value" : "6.0.6" + }, + { + "version_value" : "5.01" + }, + { + "version_value" : "5.02" + } + ] + }, + "product_name" : "Rational Engineering Lifecycle Manager" + } + ] + } + } + ] + } }, "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150945." } ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10738075", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738075", + "title" : "IBM Security Bulletin 738075 (Rational Engineering Lifecycle Manager)" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150945", + "name" : "ibm-relm-cve20181846-info-disc (150945)", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "data_version" : "4.0", + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + }, + "BM" : { + "AV" : "N", + "S" : "U", + "UI" : "N", + "PR" : "L", + "AC" : "L", + "I" : "N", + "A" : "L", + "SCORE" : "7.100", + "C" : "H" + } + } } } diff --git a/2018/1xxx/CVE-2018-1876.json b/2018/1xxx/CVE-2018-1876.json index bc0201b5282..df51270cd85 100644 --- a/2018/1xxx/CVE-2018-1876.json +++ b/2018/1xxx/CVE-2018-1876.json @@ -1,18 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1876", - "STATE" : "RESERVED" + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] }, - "data_format" : "MITRE", - "data_type" : "CVE", "data_version" : "4.0", + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + }, + "BM" : { + "C" : "H", + "SCORE" : "6.200", + "A" : "N", + "PR" : "N", + "I" : "N", + "AC" : "L", + "UI" : "N", + "S" : "U", + "AV" : "L" + } + } + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 735967 (Robotic Process Automation with Automation Anywhere)", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10735967", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10735967" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151707", + "name" : "ibm-rpa-cve20181876-info-disc (151707)" + } + ] + }, "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707.", + "lang" : "eng" } ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2018-10-30T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "ID" : "CVE-2018-1876" + }, + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Robotic Process Automation with Automation Anywhere", + "version" : { + "version_data" : [ + { + "version_value" : "11" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" + } + ] + } } } diff --git a/2018/1xxx/CVE-2018-1877.json b/2018/1xxx/CVE-2018-1877.json index 1373b5f8e91..d8fe9f8b1d8 100644 --- a/2018/1xxx/CVE-2018-1877.json +++ b/2018/1xxx/CVE-2018-1877.json @@ -1,18 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1877", - "STATE" : "RESERVED" + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] }, - "data_format" : "MITRE", - "data_type" : "CVE", "data_version" : "4.0", + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "H", + "SCORE" : "6.200", + "A" : "N", + "AC" : "L", + "PR" : "N", + "I" : "N", + "UI" : "N", + "S" : "U", + "AV" : "L" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 735973 (Robotic Process Automation with Automation Anywhere)", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10735973", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10735973" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151713", + "name" : "ibm-rpa-cve20181877-info-disc (151713)" + } + ] + }, "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713.", + "lang" : "eng" } ] + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-10-30T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2018-1877" + }, + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "11" + } + ] + }, + "product_name" : "Robotic Process Automation with Automation Anywhere" + } + ] + }, + "vendor_name" : "IBM" + } + ] + } } } diff --git a/2018/1xxx/CVE-2018-1878.json b/2018/1xxx/CVE-2018-1878.json index d2570cb0764..72e9db2b320 100644 --- a/2018/1xxx/CVE-2018-1878.json +++ b/2018/1xxx/CVE-2018-1878.json @@ -1,18 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1878", - "STATE" : "RESERVED" + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10735977", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10735977", + "title" : "IBM Security Bulletin 735977 (Robotic Process Automation with Automation Anywhere)" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151714", + "name" : "ibm-rpa-cve20181878-info-disc (151714)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714.", + "lang" : "eng" } ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "AV" : "N", + "UI" : "N", + "S" : "U", + "A" : "N", + "AC" : "L", + "I" : "N", + "PR" : "N", + "C" : "L", + "SCORE" : "5.300" + } + } + }, + "data_type" : "CVE", + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Robotic Process Automation with Automation Anywhere", + "version" : { + "version_data" : [ + { + "version_value" : "11" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, + "data_format" : "MITRE", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2018-10-30T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2018-1878" } }