diff --git a/2017/14xxx/CVE-2017-14063.json b/2017/14xxx/CVE-2017-14063.json index 396245009d0..06596c08d68 100644 --- a/2017/14xxx/CVE-2017-14063.json +++ b/2017/14xxx/CVE-2017-14063.json @@ -136,6 +136,11 @@ "refsource": "MLIST", "name": "[tez-issues] 20201014 [jira] [Commented] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063", "url": "https://lists.apache.org/thread.html/r868875e67494a18d31e88cba2672f45c3fc6708ffdde445723004da4@%3Cissues.tez.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tez-issues] 20201020 [jira] [Updated] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063", + "url": "https://lists.apache.org/thread.html/r4ebb9596d890f3528630492bd78237b3eef06f093bac238a0da9b630@%3Cissues.tez.apache.org%3E" } ] } diff --git a/2019/4xxx/CVE-2019-4680.json b/2019/4xxx/CVE-2019-4680.json index e3303c6c1ce..90ed66536f3 100644 --- a/2019/4xxx/CVE-2019-4680.json +++ b/2019/4xxx/CVE-2019-4680.json @@ -1,93 +1,93 @@ { - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6349515", - "name" : "https://www.ibm.com/support/pages/node/6349515", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6349515 (Sterling B2B Integrator)" - }, - { - "name" : "ibm-sterling-cve20194680-sql-injection (171733)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/171733" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Sterling B2B Integrator", - "version" : { - "version_data" : [ - { - "version_value" : "5.2.0.0" - }, - { - "version_value" : "6.0.2.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "url": "https://www.ibm.com/support/pages/node/6349515", + "name": "https://www.ibm.com/support/pages/node/6349515", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6349515 (Sterling B2B Integrator)" + }, + { + "name": "ibm-sterling-cve20194680-sql-injection (171733)", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171733" } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "L", - "C" : "L", - "PR" : "L", - "UI" : "N", - "S" : "U", - "I" : "L", - "AC" : "L", - "SCORE" : "6.300", - "AV" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "data_type" : "CVE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2019-4680", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-10-19T00:00:00" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171733." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Data Manipulation", - "lang" : "eng" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_value": "5.2.0.0" + }, + { + "version_value": "6.0.2.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_format" : "MITRE" -} + } + }, + "impact": { + "cvssv3": { + "BM": { + "A": "L", + "C": "L", + "PR": "L", + "UI": "N", + "S": "U", + "I": "L", + "AC": "L", + "SCORE": "6.300", + "AV": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "data_type": "CVE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-4680", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-10-19T00:00:00" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171733." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Data Manipulation", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16242.json b/2020/16xxx/CVE-2020-16242.json index ee3e3b8ef4e..9d08940625a 100644 --- a/2020/16xxx/CVE-2020-16242.json +++ b/2020/16xxx/CVE-2020-16242.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "The affected product is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts." + "value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts." } ] }, diff --git a/2020/16xxx/CVE-2020-16246.json b/2020/16xxx/CVE-2020-16246.json index a7381a3571d..1bc1477a197 100644 --- a/2020/16xxx/CVE-2020-16246.json +++ b/2020/16xxx/CVE-2020-16246.json @@ -1,18 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2020-09-22T16:00:00.000Z", "ID": "CVE-2020-16246", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "GE Reason S20 Ethernet Switch" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reason S20 Ethernet Switch", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "S2020", + "version_value": "07A06" + }, + { + "version_affected": "<=", + "version_name": "S2024", + "version_value": "07A06" + } + ] + } + } + ] + }, + "vendor_name": "General Electric" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02" + } + ] + }, + "source": { + "advisory": "icsa-20-266-02", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27345.json b/2020/27xxx/CVE-2020-27345.json new file mode 100644 index 00000000000..e6a729cfaa3 --- /dev/null +++ b/2020/27xxx/CVE-2020-27345.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27345", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4491.json b/2020/4xxx/CVE-2020-4491.json index 72721f5a8dd..46dd79c2321 100644 --- a/2020/4xxx/CVE-2020-4491.json +++ b/2020/4xxx/CVE-2020-4491.json @@ -1,99 +1,99 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "4.2.0.0" - }, - { - "version_value" : "5.0.0.0" - }, - { - "version_value" : "5.0.5" - }, - { - "version_value" : "4.2.3.22" - } - ] - }, - "product_name" : "Spectrum Scale" - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "I" : "N", - "S" : "U", - "UI" : "N", - "PR" : "N", - "AV" : "L", - "AC" : "L", - "SCORE" : "4.000", - "A" : "L", - "C" : "N" - } - } - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6349465 (Spectrum Scale)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6349465", - "url" : "https://www.ibm.com/support/pages/node/6349465" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181991", - "name" : "ibm-spectrum-cve20204491-dos (181991)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "4.2.0.0" + }, + { + "version_value": "5.0.0.0" + }, + { + "version_value": "5.0.5" + }, + { + "version_value": "4.2.3.22" + } + ] + }, + "product_name": "Spectrum Scale" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991." - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2020-4491", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-10-19T00:00:00" - } -} + } + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "I": "N", + "S": "U", + "UI": "N", + "PR": "N", + "AV": "L", + "AC": "L", + "SCORE": "4.000", + "A": "L", + "C": "N" + } + } + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6349465 (Spectrum Scale)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6349465", + "url": "https://www.ibm.com/support/pages/node/6349465" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181991", + "name": "ibm-spectrum-cve20204491-dos (181991)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991." + } + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-4491", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-10-19T00:00:00" + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4564.json b/2020/4xxx/CVE-2020-4564.json index 959d56b08c6..34810e2072f 100644 --- a/2020/4xxx/CVE-2020-4564.json +++ b/2020/4xxx/CVE-2020-4564.json @@ -1,112 +1,112 @@ { - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } - ] - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-10-19T00:00:00", - "ID" : "CVE-2020-4564" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183933.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Sterling B2B Integrator", - "version" : { - "version_data" : [ - { - "version_value" : "5.2.0.0" - }, - { - "version_value" : "6.0.3.1" - } - ] - } - }, - { - "product_name" : "Sterling File Gateway", - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0.0" - }, - { - "version_value" : "6.0.3.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] } - ] - } - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "H", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "C" : "L", - "A" : "N", - "AV" : "N", - "AC" : "L", - "SCORE" : "5.400", - "S" : "C", - "I" : "L", - "PR" : "L", - "UI" : "R" - } - } - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6349539 (Sterling File Gateway)", - "name" : "https://www.ibm.com/support/pages/node/6349539", - "url" : "https://www.ibm.com/support/pages/node/6349539" - }, - { - "title" : "IBM Security Bulletin 6349533 (Sterling B2B Integrator)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6349533", - "url" : "https://www.ibm.com/support/pages/node/6349533" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/183933", - "name" : "ibm-sterling-cve20204564-xss (183933)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - } -} + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-10-19T00:00:00", + "ID": "CVE-2020-4564" + }, + "description": { + "description_data": [ + { + "value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183933.", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_value": "5.2.0.0" + }, + { + "version_value": "6.0.3.1" + } + ] + } + }, + { + "product_name": "Sterling File Gateway", + "version": { + "version_data": [ + { + "version_value": "2.2.0.0" + }, + { + "version_value": "6.0.3.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "impact": { + "cvssv3": { + "TM": { + "E": "H", + "RL": "O", + "RC": "C" + }, + "BM": { + "C": "L", + "A": "N", + "AV": "N", + "AC": "L", + "SCORE": "5.400", + "S": "C", + "I": "L", + "PR": "L", + "UI": "R" + } + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6349539 (Sterling File Gateway)", + "name": "https://www.ibm.com/support/pages/node/6349539", + "url": "https://www.ibm.com/support/pages/node/6349539" + }, + { + "title": "IBM Security Bulletin 6349533 (Sterling B2B Integrator)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6349533", + "url": "https://www.ibm.com/support/pages/node/6349533" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183933", + "name": "ibm-sterling-cve20204564-xss (183933)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4748.json b/2020/4xxx/CVE-2020-4748.json index 3b938d3e710..67582bf6c41 100644 --- a/2020/4xxx/CVE-2020-4748.json +++ b/2020/4xxx/CVE-2020-4748.json @@ -1,93 +1,93 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2020-4748", - "DATE_PUBLIC" : "2020-10-19T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6349449 (Spectrum Scale)", - "name" : "https://www.ibm.com/support/pages/node/6349449", - "url" : "https://www.ibm.com/support/pages/node/6349449" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/188517", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-spectrum-cve20204748-xss (188517)" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "5.0.0" - }, - { - "version_value" : "5.0.5.2" - } - ] - }, - "product_name" : "Spectrum Scale" - } - ] - }, - "vendor_name" : "IBM" + "value": "IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.", + "lang": "eng" } - ] - } - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "UI" : "R", - "PR" : "N", - "I" : "L", - "S" : "C", - "SCORE" : "6.100", - "AC" : "L", - "AV" : "N", - "A" : "N", - "C" : "L" - } - } - } -} + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-4748", + "DATE_PUBLIC": "2020-10-19T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6349449 (Spectrum Scale)", + "name": "https://www.ibm.com/support/pages/node/6349449", + "url": "https://www.ibm.com/support/pages/node/6349449" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188517", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-spectrum-cve20204748-xss (188517)" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "5.0.0" + }, + { + "version_value": "5.0.5.2" + } + ] + }, + "product_name": "Spectrum Scale" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "impact": { + "cvssv3": { + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + }, + "BM": { + "UI": "R", + "PR": "N", + "I": "L", + "S": "C", + "SCORE": "6.100", + "AC": "L", + "AV": "N", + "A": "N", + "C": "L" + } + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4749.json b/2020/4xxx/CVE-2020-4749.json index 99101cc73db..2c6b4c8d52d 100644 --- a/2020/4xxx/CVE-2020-4749.json +++ b/2020/4xxx/CVE-2020-4749.json @@ -1,93 +1,93 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188518.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2020-4749", - "DATE_PUBLIC" : "2020-10-19T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6349449", - "name" : "https://www.ibm.com/support/pages/node/6349449", - "title" : "IBM Security Bulletin 6349449 (Spectrum Scale)", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/188518", - "name" : "ibm-spectrum-cve20204749-info-disc (188518)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "L", - "A" : "N", - "AV" : "N", - "SCORE" : "4.300", - "AC" : "L", - "S" : "U", - "I" : "N", - "PR" : "N", - "UI" : "R" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "5.0.0" - }, - { - "version_value" : "5.0.5.2" - } - ] - }, - "product_name" : "Spectrum Scale" - } - ] - }, - "vendor_name" : "IBM" + "value": "IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188518.", + "lang": "eng" } - ] - } - } -} + ] + }, + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-4749", + "DATE_PUBLIC": "2020-10-19T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6349449", + "name": "https://www.ibm.com/support/pages/node/6349449", + "title": "IBM Security Bulletin 6349449 (Spectrum Scale)", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188518", + "name": "ibm-spectrum-cve20204749-info-disc (188518)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "C": "L", + "A": "N", + "AV": "N", + "SCORE": "4.300", + "AC": "L", + "S": "U", + "I": "N", + "PR": "N", + "UI": "R" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "5.0.0" + }, + { + "version_value": "5.0.5.2" + } + ] + }, + "product_name": "Spectrum Scale" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4755.json b/2020/4xxx/CVE-2020-4755.json index a260d7f4fa8..3f897f7e328 100644 --- a/2020/4xxx/CVE-2020-4755.json +++ b/2020/4xxx/CVE-2020-4755.json @@ -1,93 +1,93 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Spectrum Scale", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.0" - }, - { - "version_value" : "5.0.5.2" - } - ] - } - } - ] - } - } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "C" : "L", - "S" : "C", - "I" : "L", - "PR" : "L", - "UI" : "R", - "AV" : "N", - "SCORE" : "5.400", - "AC" : "L" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "H" - } - } - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6349449", - "name" : "https://www.ibm.com/support/pages/node/6349449", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6349449 (Spectrum Scale)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/188595", - "name" : "ibm-spectrum-cve20204755-xss (188595)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Spectrum Scale", + "version": { + "version_data": [ + { + "version_value": "5.0.0" + }, + { + "version_value": "5.0.5.2" + } + ] + } + } + ] + } + } ] - } - ] - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595." - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-10-19T00:00:00", - "ID" : "CVE-2020-4755" - }, - "data_version" : "4.0" -} + } + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "C": "L", + "S": "C", + "I": "L", + "PR": "L", + "UI": "R", + "AV": "N", + "SCORE": "5.400", + "AC": "L" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "H" + } + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6349449", + "name": "https://www.ibm.com/support/pages/node/6349449", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6349449 (Spectrum Scale)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188595", + "name": "ibm-spectrum-cve20204755-xss (188595)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595." + } + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-10-19T00:00:00", + "ID": "CVE-2020-4755" + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4756.json b/2020/4xxx/CVE-2020-4756.json index 7ef47cd4d34..3225acb3244 100644 --- a/2020/4xxx/CVE-2020-4756.json +++ b/2020/4xxx/CVE-2020-4756.json @@ -1,118 +1,118 @@ { - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } - ] - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-10-19T00:00:00", - "ID" : "CVE-2020-4756" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "6.0.0" - }, - { - "version_value" : "6.0.1.0" - } - ] - }, - "product_name" : "Elastic Storage Server" - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "4.2.0.0" - }, - { - "version_value" : "5.0.0.0" - }, - { - "version_value" : "4.2.3.23" - }, - { - "version_value" : "5.0.5.2" - } - ] - }, - "product_name" : "Spectrum Scale" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "H", - "C" : "N", - "PR" : "N", - "UI" : "N", - "S" : "U", - "I" : "N", - "AC" : "L", - "SCORE" : "6.200", - "AV" : "L" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6349469 (Spectrum Scale)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6349469", - "url" : "https://www.ibm.com/support/pages/node/6349469" - }, - { - "title" : "IBM Security Bulletin 6349475 (Elastic Storage Server)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6349475", - "url" : "https://www.ibm.com/support/pages/node/6349475" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-spectrum-cve20204756-dos (188599)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/188599" - } - ] - } -} + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-10-19T00:00:00", + "ID": "CVE-2020-4756" + }, + "description": { + "description_data": [ + { + "value": "IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599.", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.0.0" + }, + { + "version_value": "6.0.1.0" + } + ] + }, + "product_name": "Elastic Storage Server" + }, + { + "version": { + "version_data": [ + { + "version_value": "4.2.0.0" + }, + { + "version_value": "5.0.0.0" + }, + { + "version_value": "4.2.3.23" + }, + { + "version_value": "5.0.5.2" + } + ] + }, + "product_name": "Spectrum Scale" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "C": "N", + "PR": "N", + "UI": "N", + "S": "U", + "I": "N", + "AC": "L", + "SCORE": "6.200", + "AV": "L" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + } + } + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6349469 (Spectrum Scale)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6349469", + "url": "https://www.ibm.com/support/pages/node/6349469" + }, + { + "title": "IBM Security Bulletin 6349475 (Elastic Storage Server)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6349475", + "url": "https://www.ibm.com/support/pages/node/6349475" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-spectrum-cve20204756-dos (188599)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188599" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7069.json b/2020/7xxx/CVE-2020-7069.json index 0b453351d8c..9a870be62d5 100644 --- a/2020/7xxx/CVE-2020-7069.json +++ b/2020/7xxx/CVE-2020-7069.json @@ -115,6 +115,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20201016-0001/", "url": "https://security.netapp.com/advisory/ntap-20201016-0001/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1703", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html" } ] }, diff --git a/2020/7xxx/CVE-2020-7070.json b/2020/7xxx/CVE-2020-7070.json index cd66e87e447..865ad36caa8 100644 --- a/2020/7xxx/CVE-2020-7070.json +++ b/2020/7xxx/CVE-2020-7070.json @@ -130,6 +130,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20201016-0001/", "url": "https://security.netapp.com/advisory/ntap-20201016-0001/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1703", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html" } ] },