diff --git a/2017/1xxx/CVE-2017-1622.json b/2017/1xxx/CVE-2017-1622.json index bdcecdf2a3e..818af13a561 100644 --- a/2017/1xxx/CVE-2017-1622.json +++ b/2017/1xxx/CVE-2017-1622.json @@ -1,63 +1,10 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "UI" : "N", - "PR" : "N", - "SCORE" : "3.700", - "I" : "N", - "AC" : "H", - "S" : "U", - "A" : "N", - "C" : "L" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-12-02T00:00:00", + "ID" : "CVE-2017-1622", + "STATE" : "PUBLIC" }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10742713", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10742713", - "title" : "IBM Security Bulletin 742713 (QRadar SIEM)", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-qradar-cve20171622-info-disc (133120)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133120", - "refsource" : "XF" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120.", - "lang" : "eng" - } - ] - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_type" : "CVE", "affects" : { "vendor" : { "vendor_data" : [ @@ -84,10 +31,61 @@ ] } }, - "CVE_data_meta" : { - "ID" : "CVE-2017-1622", - "DATE_PUBLIC" : "2018-12-02T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "H", + "AV" : "N", + "C" : "L", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "3.700", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10742713", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10742713" + }, + { + "name" : "ibm-qradar-cve20171622-info-disc(133120)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133120" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1568.json b/2018/1xxx/CVE-2018-1568.json index dfffe14889c..e3ecd868a36 100644 --- a/2018/1xxx/CVE-2018-1568.json +++ b/2018/1xxx/CVE-2018-1568.json @@ -1,4 +1,10 @@ { + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-12-03T00:00:00", + "ID" : "CVE-2018-1568", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ @@ -6,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "QRadar SIEM", "version" : { "version_data" : [ { @@ -15,8 +22,7 @@ "version_value" : "7.3" } ] - }, - "product_name" : "QRadar SIEM" + } } ] }, @@ -25,69 +31,61 @@ ] } }, + "data_format" : "MITRE", "data_type" : "CVE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-12-03T00:00:00", - "ID" : "CVE-2018-1568" - }, - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "N", - "AC" : "L", - "SCORE" : "4.000", - "PR" : "N", - "UI" : "N", - "AV" : "L", - "A" : "N", - "C" : "L", - "S" : "U" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118." + "value" : "IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118." } ] }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 737023 (QRadar SIEM)", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10737023", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10737023", - "refsource" : "CONFIRM" + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "L", + "C" : "L", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "4.000", + "UI" : "N" }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143118", - "name" : "ibm-qradar-cve20181568-info-disc (143118)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" } - ] + } }, "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Obtain Information", - "lang" : "eng" + "lang" : "eng", + "value" : "Obtain Information" } ] } ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10737023", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10737023" + }, + { + "name" : "ibm-qradar-cve20181568-info-disc(143118)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143118" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1648.json b/2018/1xxx/CVE-2018-1648.json index ab0180eb4c0..9dac82e5bd5 100644 --- a/2018/1xxx/CVE-2018-1648.json +++ b/2018/1xxx/CVE-2018-1648.json @@ -1,73 +1,14 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "S" : "U", - "A" : "N", - "C" : "H", - "PR" : "N", - "AV" : "N", - "UI" : "N", - "SCORE" : "5.900", - "AC" : "H", - "I" : "N" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144653." - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 737027 (QRadar SIEM)", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10737027", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10737027" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144653", - "name" : "ibm-qradar-cve20181648-info-disc (144653)", - "title" : "X-Force Vulnerability Report" - } - ] - }, "CVE_data_meta" : { "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2018-12-03T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2018-1648" + "ID" : "CVE-2018-1648", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -84,10 +25,67 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, - "data_type" : "CVE" + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144653." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "H", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "5.900", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10737027", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10737027" + }, + { + "name" : "ibm-qradar-cve20181648-info-disc(144653)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144653" + } + ] + } } diff --git a/2018/1xxx/CVE-2018-1650.json b/2018/1xxx/CVE-2018-1650.json index 07ce65ceed0..5bd19fd77a4 100644 --- a/2018/1xxx/CVE-2018-1650.json +++ b/2018/1xxx/CVE-2018-1650.json @@ -1,5 +1,10 @@ { - "data_type" : "CVE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-12-03T00:00:00", + "ID" : "CVE-2018-1650", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ @@ -26,67 +31,60 @@ ] } }, - "CVE_data_meta" : { - "ID" : "CVE-2018-1650", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-12-03T00:00:00", - "STATE" : "PUBLIC" - }, - "impact" : { - "cvssv3" : { - "BM" : { - "SCORE" : "5.900", - "I" : "N", - "AC" : "H", - "AV" : "L", - "UI" : "N", - "PR" : "N", - "S" : "C", - "C" : "H", - "A" : "N" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, + "data_format" : "MITRE", + "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { - "value" : "IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656.", - "lang" : "eng" + "lang" : "eng", + "value" : "IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "H", + "AV" : "L", + "C" : "H", + "I" : "N", + "PR" : "N", + "S" : "C", + "SCORE" : "5.900", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] } ] }, "references" : { "reference_data" : [ { - "title" : "IBM Security Bulletin 737025 (QRadar SIEM)", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10737025", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10737025", - "refsource" : "CONFIRM" + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10737025" }, { + "name" : "ibm-qradar-cve20181650-info-disc(144656)", "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144656", - "name" : "ibm-qradar-cve20181650-info-disc (144656)" - } - ] - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144656" } ] } diff --git a/2018/1xxx/CVE-2018-1697.json b/2018/1xxx/CVE-2018-1697.json index ed7a845d1be..432456f64b0 100644 --- a/2018/1xxx/CVE-2018-1697.json +++ b/2018/1xxx/CVE-2018-1697.json @@ -1,67 +1,9 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "S" : "U", - "C" : "L", - "A" : "N", - "AV" : "N", - "PR" : "L", - "UI" : "N", - "SCORE" : "4.300", - "AC" : "L", - "I" : "N" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966.", - "lang" : "eng" - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10737457", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10737457", - "title" : "IBM Security Bulletin 737457 (Maximo Asset Management)" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145966", - "name" : "ibm-maximo-cve20181697-info-disc (145966)", - "refsource" : "XF" - } - ] - }, "CVE_data_meta" : { - "ID" : "CVE-2018-1697", + "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2018-12-03T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" + "ID" : "CVE-2018-1697", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { @@ -86,5 +28,61 @@ ] } }, - "data_type" : "CVE" + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "4.300", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10737457", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10737457" + }, + { + "name" : "ibm-maximo-cve20181697-info-disc(145966)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145966" + } + ] + } } diff --git a/2018/1xxx/CVE-2018-1728.json b/2018/1xxx/CVE-2018-1728.json index 816b559bd1f..b33476d63d2 100644 --- a/2018/1xxx/CVE-2018-1728.json +++ b/2018/1xxx/CVE-2018-1728.json @@ -1,63 +1,10 @@ { - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147707.", - "lang" : "eng" - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-12-03T00:00:00", + "ID" : "CVE-2018-1728", + "STATE" : "PUBLIC" }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 742723 (QRadar SIEM)", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10742723", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10742723", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147707", - "name" : "ibm-qradar-cve20181728-xss (147707)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "C" : "L", - "S" : "C", - "PR" : "L", - "AV" : "N", - "UI" : "R", - "I" : "L", - "AC" : "L", - "SCORE" : "5.400" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "H" - } - } - }, - "data_type" : "CVE", "affects" : { "vendor" : { "vendor_data" : [ @@ -84,10 +31,61 @@ ] } }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-12-03T00:00:00", - "ID" : "CVE-2018-1728" + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147707." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" + }, + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10742723", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10742723" + }, + { + "name" : "ibm-qradar-cve20181728-xss(147707)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147707" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1730.json b/2018/1xxx/CVE-2018-1730.json index 254db026634..3939584f16c 100644 --- a/2018/1xxx/CVE-2018-1730.json +++ b/2018/1xxx/CVE-2018-1730.json @@ -1,5 +1,10 @@ { - "data_type" : "CVE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-12-03T00:00:00", + "ID" : "CVE-2018-1730", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ @@ -26,58 +31,37 @@ ] } }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-12-03T00:00:00", - "ID" : "CVE-2018-1730" + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147709." + } + ] }, "impact" : { "cvssv3" : { "BM" : { "A" : "L", - "C" : "H", - "S" : "U", - "AV" : "N", - "PR" : "L", - "UI" : "N", - "I" : "N", "AC" : "L", - "SCORE" : "7.100" + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "7.100", + "UI" : "N" }, "TM" : { - "RL" : "O", "E" : "U", - "RC" : "C" + "RC" : "C", + "RL" : "O" } } }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10742741&myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10742741&myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E", - "title" : "IBM Security Bulletin 742741 (QRadar SIEM)" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147709", - "name" : "ibm-qradar-cve20181730-xxe (147709)", - "refsource" : "XF" - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147709." - } - ] - }, - "data_format" : "MITRE", "problemtype" : { "problemtype_data" : [ { @@ -89,5 +73,19 @@ ] } ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10742741&myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10742741&myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E" + }, + { + "name" : "ibm-qradar-cve20181730-xxe(147709)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147709" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1732.json b/2018/1xxx/CVE-2018-1732.json index b9fc0172328..c986556744a 100644 --- a/2018/1xxx/CVE-2018-1732.json +++ b/2018/1xxx/CVE-2018-1732.json @@ -1,63 +1,10 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar SIEM 1.14.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 147810." - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-12-03T00:00:00", + "ID" : "CVE-2018-1732", + "STATE" : "PUBLIC" }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10736009", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10736009", - "title" : "IBM Security Bulletin 736009 (QRadar SIEM)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147810", - "name" : "ibm-qradar-cve20181732-info-disc (147810)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "N", - "AC" : "L", - "SCORE" : "5.300", - "PR" : "N", - "AV" : "N", - "UI" : "N", - "A" : "N", - "C" : "L", - "S" : "U" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "data_type" : "CVE", "affects" : { "vendor" : { "vendor_data" : [ @@ -81,10 +28,61 @@ ] } }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-12-03T00:00:00", - "ID" : "CVE-2018-1732" + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM QRadar SIEM 1.14.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 147810." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "5.300", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10736009", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10736009" + }, + { + "name" : "ibm-qradar-cve20181732-info-disc(147810)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147810" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1941.json b/2018/1xxx/CVE-2018-1941.json index e37bc3a62ed..93e3468ab8b 100644 --- a/2018/1xxx/CVE-2018-1941.json +++ b/2018/1xxx/CVE-2018-1941.json @@ -1,69 +1,10 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "H", - "A" : "H", - "S" : "U", - "I" : "H", - "AC" : "L", - "SCORE" : "8.400", - "PR" : "N", - "UI" : "N", - "AV" : "L" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } - ] - } - ] - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382." - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10743115", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10743115", - "title" : "IBM Security Bulletin 743115 (Campaign)" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-campaign-cve20181941-priv-escalation (153382)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153382", - "refsource" : "XF" - } - ] - }, "CVE_data_meta" : { - "ID" : "CVE-2018-1941", "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-12-03T00:00:00" + "DATE_PUBLIC" : "2018-12-03T00:00:00", + "ID" : "CVE-2018-1941", + "STATE" : "PUBLIC" }, - "data_type" : "CVE", "affects" : { "vendor" : { "vendor_data" : [ @@ -89,5 +30,62 @@ } ] } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "H", + "AC" : "L", + "AV" : "L", + "C" : "H", + "I" : "H", + "PR" : "N", + "S" : "U", + "SCORE" : "8.400", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10743115", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10743115" + }, + { + "name" : "ibm-campaign-cve20181941-priv-escalation(153382)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153382" + } + ] } }