admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-12-13 11:07:30 -05:00
parent 51c29b88af
commit 0567561420
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
25 changed files with 709 additions and 723 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
2017/1xxx/CVE-2017-1268.json
View File

@ -1,68 +1,9 @@
{
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1268"
},
"data_format" : "MITRE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10737077",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10737077",
"title" : "IBM Security Bulletin 737077 (Security Guardium)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124743",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-guardium-cve20171268-info-disc (124743)"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"AC" : "H",
"I" : "N",
"UI" : "N",
"A" : "N",
"C" : "H",
"AV" : "L",
"SCORE" : "5.900",
"S" : "C"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743."
}
]
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2017-1268",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
@ -71,6 +12,7 @@
"product" : {
"product_data" : [
{
"product_name" : "Security Guardium",
"version" : {
"version_data" : [
{
@ -80,8 +22,7 @@
"version_value" : "10.5"
}
]
},
"product_name" : "Security Guardium"
}
}
]
},
@ -89,5 +30,62 @@
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "L",
"C" : "H",
"I" : "N",
"PR" : "N",
"S" : "C",
"SCORE" : "5.900",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10737077",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10737077"
},
{
"name" : "ibm-guardium-cve20171268-info-disc(124743)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124743"
}
]
}
}

2
2018/13xxx/CVE-2018-13804.json
View File

@ -71,6 +71,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-886615.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-886615.pdf"
}
]

2
2018/13xxx/CVE-2018-13811.json
View File

@ -53,6 +53,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-621493.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-621493.pdf"
}
]

4
2018/13xxx/CVE-2018-13812.json
View File

@ -52,7 +52,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). A directory traversal vulnerability could allow to download arbitrary files from the device. The security vulnerability could be exploited by an attacker with network access to the integrated web server. No user interaction and no authenitcation is required to exploit the vulnerability. The vulnerability impacts the confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known."
"value" : "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). A directory traversal vulnerability could allow to download arbitrary files from the device. The security vulnerability could be exploited by an attacker with network access to the integrated web server. No user interaction and no authentication is required to exploit the vulnerability. The vulnerability impacts the confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
@ -71,6 +71,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdf"
}
]

4
2018/13xxx/CVE-2018-13813.json
View File

@ -52,7 +52,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
"value" : "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
@ -71,6 +71,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdf"
}
]

4
2018/13xxx/CVE-2018-13814.json
View File

@ -52,7 +52,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V14), SIMATIC WinCC Runtime Advanced (All versions < V14), SIMATIC WinCC Runtime Professional (All versions < V14), SIMATIC WinCC (TIA Portal) (All versions < V14), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server (port 80/tcp and port 443/tcp) of the affected devices could allow an attacker to inject HTTP headers. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
"value" : "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V14), SIMATIC WinCC Runtime Advanced (All versions < V14), SIMATIC WinCC Runtime Professional (All versions < V14), SIMATIC WinCC (TIA Portal) (All versions < V14), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server (port 80/tcp and port 443/tcp) of the affected devices could allow an attacker to inject HTTP headers. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
@ -71,6 +71,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdf"
}
]

2
2018/13xxx/CVE-2018-13815.json
View File

@ -56,6 +56,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf"
}
]

2
2018/16xxx/CVE-2018-16555.json
View File

@ -62,6 +62,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-242982.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-242982.pdf"
}
]

2
2018/16xxx/CVE-2018-16556.json
View File

@ -65,6 +65,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
}
]

2
2018/16xxx/CVE-2018-16557.json
View File

@ -65,6 +65,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
}
]

52
2018/1xxx/CVE-2018-1653.json
View File

@ -1,12 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2018-1653",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager Appliance",
"version" : {
"version_data" : [
{
@ -25,44 +31,46 @@
"version_value" : "9.0.5.0"
}
]
},
"product_name" : "Security Access Manager Appliance"
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726."
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "L",
"UI" : "R",
"A" : "N",
"C" : "L",
"PR" : "L",
"AC" : "L",
"SCORE" : "5.400",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"AV" : "N"
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"RC" : "C",
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
@ -78,25 +86,15 @@
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144726",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sam-cve20181653-xss (144726)",
"refsource" : "XF"
"name" : "ibm-sam-cve20181653-xss(144726)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144726"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1653",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC"
}
}

54
2018/1xxx/CVE-2018-1665.json
View File

@ -1,9 +1,14 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2018-1665",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -44,37 +49,40 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891."
"value" : "IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891."
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"SCORE" : "5.900",
"S" : "U",
"PR" : "N",
"AC" : "H",
"I" : "N",
"UI" : "N",
"A" : "N",
"C" : "H"
"AC" : "H",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.900",
"UI" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
"RC" : "C",
"RL" : "O"
}
}
},
@ -93,25 +101,15 @@
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 744195 (DataPower Gateway)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744195",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10744195",
"refsource" : "CONFIRM"
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744195"
},
{
"name" : "ibm-websphere-cve20181665-info-disc (144891)",
"name" : "ibm-websphere-cve20181665-info-disc(144891)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144891",
"title" : "X-Force Vulnerability Report"
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144891"
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2018-1665",
"ASSIGNER" : "psirt@us.ibm.com"
}
}

78
2018/1xxx/CVE-2018-1667.json
View File

@ -1,38 +1,14 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144893.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
},
"BM" : {
"SCORE" : "5.400",
"S" : "C",
"AV" : "N",
"A" : "N",
"UI" : "R",
"I" : "L",
"C" : "L",
"PR" : "L",
"AC" : "L"
}
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2018-1667",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -73,18 +49,42 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1667",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC"
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144893."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
@ -101,15 +101,13 @@
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10744209",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10744209",
"title" : "IBM Security Bulletin 744209 (DataPower Gateways)"
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10744209"
},
{
"name" : "ibm-websphere-cve20181667-xss (144893)",
"name" : "ibm-websphere-cve20181667-xss(144893)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144893"
}
]

56
2018/1xxx/CVE-2018-1740.json
View File

@ -1,12 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2018-1740",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager Appliance",
"version" : {
"version_data" : [
{
@ -25,44 +31,46 @@
"version_value" : "9.0.5.0"
}
]
},
"product_name" : "Security Access Manager Appliance"
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148419."
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148419."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
},
"BM" : {
"PR" : "L",
"AC" : "L",
"I" : "L",
"A" : "N",
"UI" : "R",
"C" : "L",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"S" : "C"
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
@ -80,23 +88,13 @@
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148419",
"name" : "ibm-sam-cve20181740-xss(148419)",
"refsource" : "XF",
"name" : "ibm-sam-cve20181740-xss (148419)"
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148419"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1740"
}
}

100
2018/1xxx/CVE-2018-1803.json
View File

@ -1,48 +1,18 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149702",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sam-cve20181803-clickjacking (149702)",
"refsource" : "XF"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2018-1803",
"ASSIGNER" : "psirt@us.ibm.com"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager Appliance",
"version" : {
"version_data" : [
{
@ -61,42 +31,70 @@
"version_value" : "9.0.5.0"
}
]
},
"product_name" : "Security Access Manager Appliance"
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702."
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "N",
"S" : "C",
"SCORE" : "6.100",
"UI" : "R"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"PR" : "N",
"AC" : "L",
"A" : "N",
"UI" : "R",
"I" : "L",
"C" : "L",
"AV" : "N",
"S" : "C",
"SCORE" : "6.100"
"RC" : "C",
"RL" : "O"
}
}
},
"data_type" : "CVE"
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name" : "ibm-sam-cve20181803-clickjacking(149702)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149702"
}
]
}
}

86
2018/1xxx/CVE-2018-1804.json
View File

@ -1,9 +1,14 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2018-1804",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -29,55 +34,42 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"S" : "U",
"SCORE" : "3.700",
"AV" : "N",
"C" : "L",
"I" : "N",
"UI" : "N",
"A" : "N",
"PR" : "N",
"AC" : "H"
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703."
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703."
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)",
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "3.700",
"UI" : "N"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149703",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-sam-cve20181804-info-disc (149703)"
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
@ -91,12 +83,18 @@
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1804",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"data_format" : "MITRE"
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name" : "ibm-sam-cve20181804-info-disc(149703)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149703"
}
]
}
}

88
2018/1xxx/CVE-2018-1805.json
View File

@ -1,9 +1,14 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2018-1805",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -29,55 +34,42 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"C" : "L",
"UI" : "N",
"A" : "N",
"I" : "N",
"PR" : "L",
"AC" : "L",
"SCORE" : "4.300",
"S" : "U",
"AV" : "N"
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 149704.",
"lang" : "eng"
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 149704."
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)"
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "4.300",
"UI" : "N"
},
{
"name" : "ibm-sam-cve20181805-info-disc (149704)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149704",
"title" : "X-Force Vulnerability Report"
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
@ -91,12 +83,18 @@
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1805"
},
"data_version" : "4.0",
"data_format" : "MITRE"
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name" : "ibm-sam-cve20181805-info-disc(149704)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149704"
}
]
}
}

130
2018/1xxx/CVE-2018-1813.json
View File

@ -1,77 +1,18 @@
{
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1813"
},
"data_version" : "4.0",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150017",
"refsource" : "XF",
"name" : "ibm-sam-cve20181813-input-validation (150017)"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "N",
"UI" : "N",
"A" : "N",
"I" : "L",
"AC" : "L",
"PR" : "L",
"S" : "U",
"SCORE" : "4.300",
"AV" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 150017.",
"lang" : "eng"
}
]
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2018-1813",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager Appliance",
"version" : {
"version_data" : [
{
@ -90,13 +31,70 @@
"version_value" : "9.0.5.0"
}
]
},
"product_name" : "Security Access Manager Appliance"
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 150017."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "N",
"I" : "L",
"PR" : "L",
"S" : "U",
"SCORE" : "4.300",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name" : "ibm-sam-cve20181813-input-validation(150017)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150017"
}
]
}
}

100
2018/1xxx/CVE-2018-1814.json
View File

@ -1,38 +1,14 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"UI" : "N",
"I" : "N",
"C" : "H",
"PR" : "N",
"AC" : "H",
"SCORE" : "5.900",
"S" : "U",
"AV" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018."
}
]
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2018-1814",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -58,45 +34,67 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2018-1814",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2018-12-11T00:00:00"
},
"data_version" : "4.0",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150018",
"name" : "ibm-sam-cve20181814-info-disc (150018)",
"refsource" : "XF"
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.900",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name" : "ibm-sam-cve20181814-info-disc(150018)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150018"
}
]
}
}

82
2018/1xxx/CVE-2018-1815.json
View File

@ -1,4 +1,10 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2018-1815",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
@ -34,50 +40,36 @@
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "L",
"A" : "N",
"UI" : "R",
"C" : "L",
"AC" : "L",
"PR" : "N",
"S" : "C",
"SCORE" : "6.100",
"AV" : "N"
},
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150019."
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150019."
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM"
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "N",
"S" : "C",
"SCORE" : "6.100",
"UI" : "R"
},
{
"name" : "ibm-sam-cve20181815-xss (150019)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150019",
"title" : "X-Force Vulnerability Report"
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
@ -91,12 +83,18 @@
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1815",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"data_format" : "MITRE"
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name" : "ibm-sam-cve20181815-xss(150019)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150019"
}
]
}
}

132
2018/1xxx/CVE-2018-1817.json
View File

@ -1,19 +1,74 @@
{
"data_version" : "4.0",
"data_format" : "MITRE",
"CVE_data_meta" : {
"ID" : "CVE-2018-1817",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2018-12-11T00:00:00"
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2018-1817",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Guardium",
"version" : {
"version_data" : [
{
"version_value" : "10"
},
{
"version_value" : "10.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "N",
"S" : "C",
"SCORE" : "6.100",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
@ -24,70 +79,13 @@
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10737069",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 737069 (Security Guardium)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10737069"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150021",
"name" : "ibm-guardium-cve20181817-xss (150021)",
"refsource" : "XF"
"name" : "ibm-guardium-cve20181817-xss(150021)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150021"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "H"
},
"BM" : {
"PR" : "N",
"AC" : "L",
"C" : "L",
"UI" : "R",
"A" : "N",
"I" : "L",
"AV" : "N",
"SCORE" : "6.100",
"S" : "C"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10"
},
{
"version_value" : "10.5"
}
]
},
"product_name" : "Security Guardium"
}
]
}
}
]
}
}
}

104
2018/1xxx/CVE-2018-1818.json
View File

@ -1,40 +1,10 @@
{
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10737073",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 737073 (Security Guardium)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10737073"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150022",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-guardium-cve20181818-info-disc (150022)"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1818",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2018-1818",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -61,32 +31,60 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "C",
"SCORE" : "5.900",
"AV" : "L",
"I" : "N",
"UI" : "N",
"A" : "N",
"C" : "H",
"PR" : "N",
"AC" : "H"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 150022.",
"lang" : "eng"
"lang" : "eng",
"value" : "IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 150022."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "L",
"C" : "H",
"I" : "N",
"PR" : "N",
"S" : "C",
"SCORE" : "5.900",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10737073",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10737073"
},
{
"name" : "ibm-guardium-cve20181818-info-disc(150022)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150022"
}
]
}

96
2018/1xxx/CVE-2018-1821.json
View File

@ -1,32 +1,9 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"C" : "H",
"A" : "L",
"UI" : "N",
"I" : "N",
"PR" : "L",
"AC" : "L",
"SCORE" : "7.100",
"S" : "U",
"AV" : "N"
}
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170."
}
]
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-12T00:00:00",
"ID" : "CVE-2018-1821",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
@ -63,40 +40,61 @@
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-12-12T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1821"
},
"data_version" : "4.0",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"title" : "IBM Security Bulletin 744149 (Operational Decision Management)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10744149",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10744149"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150170",
"name" : "ibm-websphere-cve20181821-xxe (150170)",
"refsource" : "XF"
"lang" : "eng",
"value" : "IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "L",
"AC" : "L",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "7.100",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10744149",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10744149"
},
{
"name" : "ibm-websphere-cve20181821-xxe(150170)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150170"
}
]
}
}

56
2018/1xxx/CVE-2018-1886.json
View File

@ -1,4 +1,10 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2018-1886",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
@ -6,6 +12,7 @@
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager Appliance",
"version" : {
"version_data" : [
{
@ -24,8 +31,7 @@
"version_value" : "9.0.5.0"
}
]
},
"product_name" : "Security Access Manager Appliance"
}
}
]
},
@ -34,32 +40,34 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021."
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021."
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"SCORE" : "5.300",
"S" : "U",
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "N",
"A" : "N",
"UI" : "N",
"AC" : "L",
"PR" : "N"
"PR" : "N",
"S" : "U",
"SCORE" : "5.300",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
@ -68,8 +76,8 @@
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
@ -78,25 +86,15 @@
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name" : "ibm-sam-cve20181886-info-disc(152021)",
"refsource" : "XF",
"name" : "ibm-sam-cve20181886-info-disc (152021)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152021"
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1886"
}
}

68
2018/1xxx/CVE-2018-1887.json
View File

@ -1,12 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2018-1887",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager Appliance",
"version" : {
"version_data" : [
{
@ -25,51 +31,53 @@
"version_value" : "9.0.5.0"
}
]
},
"product_name" : "Security Access Manager Appliance"
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078.",
"lang" : "eng"
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"SCORE" : "5.900",
"S" : "C",
"AV" : "L",
"I" : "N",
"UI" : "N",
"A" : "N",
"AC" : "H",
"AV" : "L",
"C" : "H",
"I" : "N",
"PR" : "N",
"AC" : "H"
"S" : "C",
"SCORE" : "5.900",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
@ -78,25 +86,15 @@
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM"
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152078",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sam-cve20181887-info-disc (152078)",
"refsource" : "XF"
"name" : "ibm-sam-cve20181887-info-disc(152078)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152078"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1887",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC"
}
}