admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-06-10 13:58:33 +00:00
parent 6e8632f120
commit 03f8d6df3e
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
12 changed files with 1075 additions and 985 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
2019/2xxx/CVE-2019-2219.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "Android-9 Android-10"
"version_value": "Android-8.0 Android-8.1 Android-9 Android-10"
}
]
}
@ -46,8 +46,8 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2019-12-01",
"url": "https://source.android.com/security/bulletin/2019-12-01"
"name": "https://source.android.com/security/bulletin/2020-06-01",
"url": "https://source.android.com/security/bulletin/2020-06-01"
}
]
},
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "In System UI, there is a possible bypass of user's consent for access to sensor data due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-119041698"
"value": "In System UI, there is a possible bypass of user's consent for access to sensor data due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-119041698"
}
]
}

188
2019/4xxx/CVE-2019-4576.json
View File

@ -1,96 +1,96 @@
{
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"S" : "U",
"PR" : "N",
"AV" : "N",
"A" : "N",
"C" : "H",
"SCORE" : "5.900",
"AC" : "H",
"UI" : "N",
"I" : "N"
}
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-06-09T00:00:00",
"ID" : "CVE-2019-4576",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"value" : "IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166803.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6221298",
"url" : "https://www.ibm.com/support/pages/node/6221298",
"title" : "IBM Security Bulletin 6221298 (QRadar Network Packet Capture Software)"
},
{
"refsource" : "XF",
"name" : "ibm-qradar-cve20194576-info-disc (166803)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/166803",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "QRadar Network Packet Capture Software",
"version" : {
"version_data" : [
{
"version_value" : "7.3"
},
{
"version_value" : "7.3.3.Patch1"
},
{
"version_value" : "7.4"
}
]
}
}
]
},
"vendor_name" : "IBM"
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"S": "U",
"PR": "N",
"AV": "N",
"A": "N",
"C": "H",
"SCORE": "5.900",
"AC": "H",
"UI": "N",
"I": "N"
}
]
}
}
}
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2020-06-09T00:00:00",
"ID": "CVE-2019-4576",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"value": "IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166803.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6221298",
"url": "https://www.ibm.com/support/pages/node/6221298",
"title": "IBM Security Bulletin 6221298 (QRadar Network Packet Capture Software)"
},
{
"refsource": "XF",
"name": "ibm-qradar-cve20194576-info-disc (166803)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166803",
"title": "X-Force Vulnerability Report"
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QRadar Network Packet Capture Software",
"version": {
"version_data": [
{
"version_value": "7.3"
},
{
"version_value": "7.3.3.Patch1"
},
{
"version_value": "7.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

18
2020/14xxx/CVE-2020-14003.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14003",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/14xxx/CVE-2020-14004.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14004",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/14xxx/CVE-2020-14005.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14005",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/14xxx/CVE-2020-14006.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14006",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/14xxx/CVE-2020-14007.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14007",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

356
2020/4xxx/CVE-2020-4432.json
View File

@ -1,180 +1,180 @@
{
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Aspera Streaming",
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
}
},
{
"product_name" : "Aspera High-Speed Transfer Endpoint",
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.10"
}
]
},
"product_name" : "Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)"
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Server On Demand"
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Faspex On Demand"
},
{
"version" : {
"version_data" : [
{
"version_value" : "1.4.3"
}
]
},
"product_name" : "Aspera Proxy Server"
},
{
"product_name" : "Aspera Application Platform On Demand",
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Shares On Demand"
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
},
"product_name" : "Aspera High-Speed Transfer Server"
},
{
"product_name" : "Aspera Transfer Cluster Manager",
"version" : {
"version_data" : [
{
"version_value" : "1.3.1"
}
]
}
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Aspera Streaming",
"version": {
"version_data": [
{
"version_value": "3.9.3"
}
]
}
},
{
"product_name": "Aspera High-Speed Transfer Endpoint",
"version": {
"version_data": [
{
"version_value": "3.9.3"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "3.9.10"
}
]
},
"product_name": "Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)"
},
{
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
},
"product_name": "Aspera Server On Demand"
},
{
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
},
"product_name": "Aspera Faspex On Demand"
},
{
"version": {
"version_data": [
{
"version_value": "1.4.3"
}
]
},
"product_name": "Aspera Proxy Server"
},
{
"product_name": "Aspera Application Platform On Demand",
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
},
"product_name": "Aspera Shares On Demand"
},
{
"version": {
"version_data": [
{
"version_value": "3.9.3"
}
]
},
"product_name": "Aspera High-Speed Transfer Server"
},
{
"product_name": "Aspera Transfer Cluster Manager",
"version": {
"version_data": [
{
"version_value": "1.3.1"
}
]
}
}
]
}
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. IBM X-Force ID: 180810."
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6221324",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6221324 (Aspera on Demand (AOD))",
"url" : "https://www.ibm.com/support/pages/node/6221324"
},
{
"refsource" : "XF",
"name" : "ibm-aspera-cve20204432-command-exec (180810)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/180810",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-06-09T00:00:00",
"ID" : "CVE-2020-4432",
"STATE" : "PUBLIC"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"C" : "H",
"A" : "H",
"AV" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "7.500",
"I" : "H",
"AC" : "H",
"UI" : "N"
}
}
},
"data_format" : "MITRE"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. IBM X-Force ID: 180810."
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6221324",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6221324 (Aspera on Demand (AOD))",
"url": "https://www.ibm.com/support/pages/node/6221324"
},
{
"refsource": "XF",
"name": "ibm-aspera-cve20204432-command-exec (180810)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180810",
"title": "X-Force Vulnerability Report"
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-06-09T00:00:00",
"ID": "CVE-2020-4432",
"STATE": "PUBLIC"
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"C": "H",
"A": "H",
"AV": "N",
"PR": "L",
"S": "U",
"SCORE": "7.500",
"I": "H",
"AC": "H",
"UI": "N"
}
}
},
"data_format": "MITRE"
}

354
2020/4xxx/CVE-2020-4433.json
View File

@ -1,180 +1,180 @@
{
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AC" : "H",
"SCORE" : "7.500",
"I" : "H",
"UI" : "N",
"PR" : "L",
"S" : "U",
"C" : "H",
"AV" : "N",
"A" : "H"
}
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4433",
"DATE_PUBLIC" : "2020-06-09T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Faspex On Demand"
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Server On Demand"
},
{
"product_name" : "Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)",
"version" : {
"version_data" : [
{
"version_value" : "3.9.10"
}
]
}
},
{
"product_name" : "Aspera High-Speed Transfer Endpoint",
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
}
},
{
"product_name" : "Aspera Streaming",
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
}
},
{
"product_name" : "Aspera Transfer Cluster Manager",
"version" : {
"version_data" : [
{
"version_value" : "1.3.1"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
},
"product_name" : "Aspera High-Speed Transfer Server"
},
{
"product_name" : "Aspera Shares On Demand",
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Application Platform On Demand"
},
{
"product_name" : "Aspera Proxy Server",
"version" : {
"version_data" : [
{
"version_value" : "1.4.3"
}
]
}
}
]
}
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"AC": "H",
"SCORE": "7.500",
"I": "H",
"UI": "N",
"PR": "L",
"S": "U",
"C": "H",
"AV": "N",
"A": "H"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2020-4433",
"DATE_PUBLIC": "2020-06-09T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
},
"product_name": "Aspera Faspex On Demand"
},
{
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
},
"product_name": "Aspera Server On Demand"
},
{
"product_name": "Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)",
"version": {
"version_data": [
{
"version_value": "3.9.10"
}
]
}
},
{
"product_name": "Aspera High-Speed Transfer Endpoint",
"version": {
"version_data": [
{
"version_value": "3.9.3"
}
]
}
},
{
"product_name": "Aspera Streaming",
"version": {
"version_data": [
{
"version_value": "3.9.3"
}
]
}
},
{
"product_name": "Aspera Transfer Cluster Manager",
"version": {
"version_data": [
{
"version_value": "1.3.1"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "3.9.3"
}
]
},
"product_name": "Aspera High-Speed Transfer Server"
},
{
"product_name": "Aspera Shares On Demand",
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
},
"product_name": "Aspera Application Platform On Demand"
},
{
"product_name": "Aspera Proxy Server",
"version": {
"version_data": [
{
"version_value": "1.4.3"
}
]
}
}
]
}
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6221324",
"title" : "IBM Security Bulletin 6221324 (Aspera on Demand (AOD))",
"url" : "https://www.ibm.com/support/pages/node/6221324"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/180814",
"name" : "ibm-aspera-cve20204433-bo (180814)",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force ID: 180814."
}
]
},
"data_type" : "CVE"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6221324",
"title": "IBM Security Bulletin 6221324 (Aspera on Demand (AOD))",
"url": "https://www.ibm.com/support/pages/node/6221324"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180814",
"name": "ibm-aspera-cve20204433-bo (180814)",
"refsource": "XF"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force ID: 180814."
}
]
},
"data_type": "CVE"
}

354
2020/4xxx/CVE-2020-4434.json
View File

@ -1,180 +1,180 @@
{
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "7.500",
"AC" : "H",
"I" : "H",
"UI" : "N",
"A" : "H",
"AV" : "N",
"C" : "H",
"S" : "U",
"PR" : "L"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-06-09T00:00:00",
"ID" : "CVE-2020-4434",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900."
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6221324",
"title" : "IBM Security Bulletin 6221324 (Aspera on Demand (AOD))",
"url" : "https://www.ibm.com/support/pages/node/6221324"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/180900",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-aspera-cve20204434-bo (180900)",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Shares On Demand"
},
{
"product_name" : "Aspera Application Platform On Demand",
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
}
},
{
"product_name" : "Aspera Transfer Cluster Manager",
"version" : {
"version_data" : [
{
"version_value" : "1.3.1"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
},
"product_name" : "Aspera High-Speed Transfer Server"
},
{
"version" : {
"version_data" : [
{
"version_value" : "1.4.3"
}
]
},
"product_name" : "Aspera Proxy Server"
},
{
"product_name" : "Aspera Faspex On Demand",
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
}
},
{
"product_name" : "Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)",
"version" : {
"version_data" : [
{
"version_value" : "3.9.10"
}
]
}
},
{
"product_name" : "Aspera High-Speed Transfer Endpoint",
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
},
"product_name" : "Aspera Streaming"
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Server On Demand"
}
]
}
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"SCORE": "7.500",
"AC": "H",
"I": "H",
"UI": "N",
"A": "H",
"AV": "N",
"C": "H",
"S": "U",
"PR": "L"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-06-09T00:00:00",
"ID": "CVE-2020-4434",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6221324",
"title": "IBM Security Bulletin 6221324 (Aspera on Demand (AOD))",
"url": "https://www.ibm.com/support/pages/node/6221324"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180900",
"title": "X-Force Vulnerability Report",
"name": "ibm-aspera-cve20204434-bo (180900)",
"refsource": "XF"
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
},
"product_name": "Aspera Shares On Demand"
},
{
"product_name": "Aspera Application Platform On Demand",
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
}
},
{
"product_name": "Aspera Transfer Cluster Manager",
"version": {
"version_data": [
{
"version_value": "1.3.1"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "3.9.3"
}
]
},
"product_name": "Aspera High-Speed Transfer Server"
},
{
"version": {
"version_data": [
{
"version_value": "1.4.3"
}
]
},
"product_name": "Aspera Proxy Server"
},
{
"product_name": "Aspera Faspex On Demand",
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
}
},
{
"product_name": "Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)",
"version": {
"version_data": [
{
"version_value": "3.9.10"
}
]
}
},
{
"product_name": "Aspera High-Speed Transfer Endpoint",
"version": {
"version_data": [
{
"version_value": "3.9.3"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "3.9.3"
}
]
},
"product_name": "Aspera Streaming"
},
{
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
},
"product_name": "Aspera Server On Demand"
}
]
}
}
]
}
]
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
}
}

354
2020/4xxx/CVE-2020-4435.json
View File

@ -1,180 +1,180 @@
{
"data_format" : "MITRE",
"CVE_data_meta" : {
"ID" : "CVE-2020-4435",
"DATE_PUBLIC" : "2020-06-09T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"SCORE" : "7.500",
"I" : "H",
"AC" : "H",
"UI" : "N",
"A" : "H",
"AV" : "N",
"C" : "H",
"S" : "U",
"PR" : "L"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901."
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6221324",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6221324 (Aspera on Demand (AOD))",
"url" : "https://www.ibm.com/support/pages/node/6221324"
},
{
"name" : "ibm-aspera-cve20204435-command-exec (180901)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/180901",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.3.1"
}
]
},
"product_name" : "Aspera Transfer Cluster Manager"
},
{
"product_name" : "Aspera High-Speed Transfer Server",
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Shares On Demand"
},
{
"product_name" : "Aspera Application Platform On Demand",
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
}
},
{
"product_name" : "Aspera Proxy Server",
"version" : {
"version_data" : [
{
"version_value" : "1.4.3"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Faspex On Demand"
},
{
"product_name" : "Aspera Server On Demand",
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.10"
}
]
},
"product_name" : "Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)"
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
},
"product_name" : "Aspera Streaming"
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
},
"product_name" : "Aspera High-Speed Transfer Endpoint"
}
]
},
"vendor_name" : "IBM"
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-4435",
"DATE_PUBLIC": "2020-06-09T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"SCORE": "7.500",
"I": "H",
"AC": "H",
"UI": "N",
"A": "H",
"AV": "N",
"C": "H",
"S": "U",
"PR": "L"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901."
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6221324",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6221324 (Aspera on Demand (AOD))",
"url": "https://www.ibm.com/support/pages/node/6221324"
},
{
"name": "ibm-aspera-cve20204435-command-exec (180901)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180901",
"title": "X-Force Vulnerability Report"
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.3.1"
}
]
},
"product_name": "Aspera Transfer Cluster Manager"
},
{
"product_name": "Aspera High-Speed Transfer Server",
"version": {
"version_data": [
{
"version_value": "3.9.3"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
},
"product_name": "Aspera Shares On Demand"
},
{
"product_name": "Aspera Application Platform On Demand",
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
}
},
{
"product_name": "Aspera Proxy Server",
"version": {
"version_data": [
{
"version_value": "1.4.3"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
},
"product_name": "Aspera Faspex On Demand"
},
{
"product_name": "Aspera Server On Demand",
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "3.9.10"
}
]
},
"product_name": "Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)"
},
{
"version": {
"version_data": [
{
"version_value": "3.9.3"
}
]
},
"product_name": "Aspera Streaming"
},
{
"version": {
"version_data": [
{
"version_value": "3.9.3"
}
]
},
"product_name": "Aspera High-Speed Transfer Endpoint"
}
]
},
"vendor_name": "IBM"
}
]
}
]
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
}
}

356
2020/4xxx/CVE-2020-4436.json
View File

@ -1,180 +1,180 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Aspera Faspex On Demand",
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.10"
}
]
},
"product_name" : "Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)"
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
},
"product_name" : "Aspera High-Speed Transfer Endpoint"
},
{
"product_name" : "Aspera Streaming",
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Server On Demand"
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Shares On Demand"
},
{
"product_name" : "Aspera Application Platform On Demand",
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
}
},
{
"product_name" : "Aspera Transfer Cluster Manager",
"version" : {
"version_data" : [
{
"version_value" : "1.3.1"
}
]
}
},
{
"product_name" : "Aspera High-Speed Transfer Server",
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
}
},
{
"product_name" : "Aspera Proxy Server",
"version" : {
"version_data" : [
{
"version_value" : "1.4.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aspera Faspex On Demand",
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "3.9.10"
}
]
},
"product_name": "Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)"
},
{
"version": {
"version_data": [
{
"version_value": "3.9.3"
}
]
},
"product_name": "Aspera High-Speed Transfer Endpoint"
},
{
"product_name": "Aspera Streaming",
"version": {
"version_data": [
{
"version_value": "3.9.3"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
},
"product_name": "Aspera Server On Demand"
},
{
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
},
"product_name": "Aspera Shares On Demand"
},
{
"product_name": "Aspera Application Platform On Demand",
"version": {
"version_data": [
{
"version_value": "3.7.4"
}
]
}
},
{
"product_name": "Aspera Transfer Cluster Manager",
"version": {
"version_data": [
{
"version_value": "1.3.1"
}
]
}
},
{
"product_name": "Aspera High-Speed Transfer Server",
"version": {
"version_data": [
{
"version_value": "3.9.3"
}
]
}
},
{
"product_name": "Aspera Proxy Server",
"version": {
"version_data": [
{
"version_value": "1.4.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. IBM X-Force ID: 180902.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6221324",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6221324",
"title" : "IBM Security Bulletin 6221324 (Aspera on Demand (AOD))"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/180902",
"refsource" : "XF",
"name" : "ibm-aspera-cve20204436-bo (180902)"
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"A" : "H",
"C" : "H",
"S" : "U",
"PR" : "L",
"SCORE" : "8.800",
"AC" : "L",
"UI" : "N",
"I" : "H"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4436",
"DATE_PUBLIC" : "2020-06-09T00:00:00"
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"data_version": "4.0",
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. IBM X-Force ID: 180902.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6221324",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6221324",
"title": "IBM Security Bulletin 6221324 (Aspera on Demand (AOD))"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180902",
"refsource": "XF",
"name": "ibm-aspera-cve20204436-bo (180902)"
}
]
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"A": "H",
"C": "H",
"S": "U",
"PR": "L",
"SCORE": "8.800",
"AC": "L",
"UI": "N",
"I": "H"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4436",
"DATE_PUBLIC": "2020-06-09T00:00:00"
}
}