IBM20190802-10710

Added CVE-2019-4275, CVE-2018-1987
2025-06-07 21:47:16 +00:00 · 2019-08-02 10:07:10 -04:00 · 2019-08-02 10:07:10 -04:00 · 03e45038da
commit 03e45038da
parent a7918f5104
2 changed files with 183 additions and 30 deletions
--- a/2018/1xxx/CVE-2018-1987.json
+++ b/2018/1xxx/CVE-2018-1987.json
@ -1,18 +1,93 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2018-1987",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
-    "data_type": "CVE",
-    "data_version": "4.0",
-    "description": {
-        "description_data": [
+   "impact" : {
+      "cvssv3" : {
+         "BM" : {
+            "PR" : "N",
+            "S" : "U",
+            "AC" : "H",
+            "I" : "N",
+            "AV" : "L",
+            "UI" : "N",
+            "C" : "H",
+            "SCORE" : "5.100",
+            "A" : "N"
+         },
+         "TM" : {
+            "E" : "U",
+            "RL" : "O",
+            "RC" : "C"
+         }
+      }
+   },
+   "data_type" : "CVE",
+   "data_format" : "MITRE",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file.  IBM X-Force ID:  154280."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "value" : "Obtain Information",
+                  "lang" : "eng"
+               }
+            ]
+         }
+      ]
+   },
+   "data_version" : "4.0",
+   "CVE_data_meta" : {
+      "ASSIGNER" : "psirt@us.ibm.com",
+      "STATE" : "PUBLIC",
+      "DATE_PUBLIC" : "2019-07-31T00:00:00",
+      "ID" : "CVE-2018-1987"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "product" : {
+                  "product_data" : [
+                     {
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "7.1"
+                              },
+                              {
+                                 "version_value" : "8.1"
+                              }
+                           ]
+                        },
+                        "product_name" : "Spectrum Protect for Enterprise Resource Planning"
+                     }
+                  ]
+               },
+               "vendor_name" : "IBM"
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10883782",
+            "refsource" : "CONFIRM",
+            "title" : "IBM Security Bulletin 883782 (Spectrum Protect for Enterprise Resource Planning)",
+            "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10883782"
+         },
+         {
+            "refsource" : "XF",
+            "name" : "ibm-tivoli-cve20181987-info-disc (154280)",
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/154280",
+            "title" : "X-Force Vulnerability Report"
+         }
+      ]
+   }
+}
--- a/2019/4xxx/CVE-2019-4275.json
+++ b/2019/4xxx/CVE-2019-4275.json
@ -1,18 +1,96 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-4275",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
-    "data_type": "CVE",
-    "data_version": "4.0",
-    "description": {
-        "description_data": [
+   "CVE_data_meta" : {
+      "DATE_PUBLIC" : "2019-08-01T00:00:00",
+      "ID" : "CVE-2019-4275",
+      "STATE" : "PUBLIC",
+      "ASSIGNER" : "psirt@us.ibm.com"
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "value" : "Denial of Service",
+                  "lang" : "eng"
+               }
+            ]
+         }
+      ]
+   },
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "value" : "IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service.  IBM X-Force ID:  160296.",
+            "lang" : "eng"
+         }
+      ]
+   },
+   "data_type" : "CVE",
+   "impact" : {
+      "cvssv3" : {
+         "TM" : {
+            "E" : "U",
+            "RL" : "O",
+            "RC" : "C"
+         },
+         "BM" : {
+            "SCORE" : "6.200",
+            "A" : "H",
+            "UI" : "N",
+            "C" : "N",
+            "I" : "N",
+            "AC" : "L",
+            "AV" : "L",
+            "PR" : "N",
+            "S" : "U"
+         }
+      }
+   },
+   "data_format" : "MITRE",
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10959011",
+            "title" : "IBM Security Bulletin 959011 (Jazz for Service Management)",
+            "refsource" : "CONFIRM",
+            "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10959011"
+         },
+         {
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160296",
+            "title" : "X-Force Vulnerability Report",
+            "refsource" : "XF",
+            "name" : "ibm-jazz-cve20194275-dos (160296)"
+         }
+      ]
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "vendor_name" : "IBM",
+               "product" : {
+                  "product_data" : [
+                     {
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "1.1.3"
+                              },
+                              {
+                                 "version_value" : "1.1.3.1"
+                              },
+                              {
+                                 "version_value" : "1.1.3.2"
+                              }
+                           ]
+                        },
+                        "product_name" : "Jazz for Service Management"
+                     }
+                  ]
+               }
            }
-        ]
-    }
-}
+         ]
+      }
+   }
+}