admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20201123-115245

Browse Source 
Added CVE-2020-4854, CVE-2020-4771, CVE-2020-4783
This commit is contained in:
Scott Moore - IBM 2020-11-23 11:52:45 -05:00
parent 1ef7633b8a
commit 06a05c5c39
No known key found for this signature in database
GPG Key ID: 8E6C411D57F2D75C
3 changed files with 276 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
2020/4xxx/CVE-2020-4771.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4771",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4771",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-11-20T00:00:00"
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"SCORE" : "5.300",
"C" : "L",
"A" : "N",
"AV" : "N",
"AC" : "L",
"UI" : "N",
"PR" : "N",
"S" : "U",
"I" : "N"
}
}
},
"data_version" : "4.0",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6369101 (Spectrum Protect Operations Center)",
"name" : "https://www.ibm.com/support/pages/node/6369101",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6369101"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/188993",
"refsource" : "XF",
"name" : "ibm-spectrum-cve20204771-info-disc (188993)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Operations Center",
"version" : {
"version_data" : [
{
"version_value" : "8.1"
},
{
"version_value" : "8.1.10"
},
{
"version_value" : "7.1"
},
{
"version_value" : "7.1.11"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993."
}
]
}
}

105
2020/4xxx/CVE-2020-4783.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4783",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-11-20T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4783"
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"AV" : "N",
"AC" : "H",
"SCORE" : "5.900",
"A" : "N",
"C" : "H",
"UI" : "N",
"PR" : "N",
"I" : "N",
"S" : "U"
}
}
},
"data_version" : "4.0",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6368601 (Spectrum Protect Plus)",
"name" : "https://www.ibm.com/support/pages/node/6368601",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6368601"
},
{
"name" : "ibm-spectrum-cve20204783-info-disc (189214)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189214"
}
]
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.6"
}
]
},
"product_name" : "Spectrum Protect Plus"
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214.",
"lang" : "eng"
}
]
}
}

105
2020/4xxx/CVE-2020-4854.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4854",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Plus",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6367823",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6367823",
"title" : "IBM Security Bulletin 6367823 (Spectrum Protect Plus)"
},
{
"name" : "ibm-spectrum-cve20204854-info-disc (190454)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190454",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"UI" : "N",
"PR" : "N",
"S" : "U",
"I" : "H",
"SCORE" : "9.800",
"A" : "H",
"C" : "H",
"AC" : "L",
"AV" : "N"
}
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-11-20T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4854",
"ASSIGNER" : "psirt@us.ibm.com"
}
}