diff --git a/2018/1xxx/CVE-2018-1858.json b/2018/1xxx/CVE-2018-1858.json index 96790d0b85b..a533e24fc41 100644 --- a/2018/1xxx/CVE-2018-1858.json +++ b/2018/1xxx/CVE-2018-1858.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1858", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "C" : "L", + "AV" : "N", + "S" : "U", + "I" : "N", + "UI" : "R", + "SCORE" : "4.300", + "AC" : "L", + "A" : "N", + "PR" : "N" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.0.0.0" + }, + { + "version_value" : "5.0.8.6" + } + ] + }, + "product_name" : "API Connect" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256." + } + ] + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-06-15T00:00:00", + "ID" : "CVE-2018-1858" + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 794169 (API Connect)", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10794169", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10794169" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151256", + "name" : "ibm-api-cve20181858-csrf (151256)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + } +} diff --git a/2018/2xxx/CVE-2018-2011.json b/2018/2xxx/CVE-2018-2011.json index f0b455b7892..e7b3de13198 100644 --- a/2018/2xxx/CVE-2018-2011.json +++ b/2018/2xxx/CVE-2018-2011.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-2011", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150." + } + ] + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10882932", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10882932", + "title" : "IBM Security Bulletin 882932 (API Connect)", + "refsource" : "CONFIRM" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155150", + "name" : "ibm-api-cve20182011-info-disc (155150)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + }, + "data_version" : "4.0", + "data_type" : "CVE", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-06-12T00:00:00", + "ID" : "CVE-2018-2011" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2018.1" + }, + { + "version_value" : "2018.4.1.5" + } + ] + }, + "product_name" : "API Connect" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "A" : "N", + "PR" : "N", + "AC" : "L", + "SCORE" : "5.300", + "UI" : "N", + "I" : "N", + "S" : "U", + "AV" : "N", + "C" : "L" + } + } + } +} diff --git a/2018/2xxx/CVE-2018-2013.json b/2018/2xxx/CVE-2018-2013.json index 6661147d223..a2a87b58943 100644 --- a/2018/2xxx/CVE-2018-2013.json +++ b/2018/2xxx/CVE-2018-2013.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-2013", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2018.1" + }, + { + "version_value" : "2018.4.1.5" + } + ] + }, + "product_name" : "API Connect" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "BM" : { + "I" : "N", + "AV" : "N", + "C" : "L", + "S" : "U", + "A" : "N", + "PR" : "N", + "UI" : "N", + "SCORE" : "5.300", + "AC" : "L" + }, + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + } + } + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193." + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10882924", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 882924 (API Connect)", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10882924" + }, + { + "refsource" : "XF", + "name" : "ibm-api-cve20182013-info-disc (155193)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155193" + } + ] + }, + "data_version" : "4.0", + "data_type" : "CVE", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ID" : "CVE-2018-2013", + "DATE_PUBLIC" : "2019-06-12T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + } +} diff --git a/2019/4xxx/CVE-2019-4135.json b/2019/4xxx/CVE-2019-4135.json index ce375ca1258..1c4797ea0e5 100644 --- a/2019/4xxx/CVE-2019-4135.json +++ b/2019/4xxx/CVE-2019-4135.json @@ -1,18 +1,105 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4135", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "BM" : { + "S" : "U", + "AV" : "N", + "C" : "H", + "I" : "H", + "AC" : "H", + "UI" : "N", + "SCORE" : "7.500", + "PR" : "L", + "A" : "H" + }, + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1" + }, + { + "version_value" : "9.0.3" + }, + { + "version_value" : "9.0.4" + }, + { + "version_value" : "9.0.2" + }, + { + "version_value" : "9.0.5" + }, + { + "version_value" : "9.0.6" + } + ] + }, + "product_name" : "Security Access Manager" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-06-21T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4135" + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10888379", + "title" : "IBM Security Bulletin 888379 (Security Access Manager)", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10888379", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "name" : "ibm-sam-cve20194135-priv-escalation (158331)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158331" + } + ] + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331." + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4145.json b/2019/4xxx/CVE-2019-4145.json index 5bed0d67eae..265fc3441f2 100644 --- a/2019/4xxx/CVE-2019-4145.json +++ b/2019/4xxx/CVE-2019-4145.json @@ -1,18 +1,105 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4145", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1" + }, + { + "version_value" : "9.0.3" + }, + { + "version_value" : "9.0.4" + }, + { + "version_value" : "9.0.2" + }, + { + "version_value" : "9.0.5" + }, + { + "version_value" : "9.0.6" + } + ] + }, + "product_name" : "Security Access Manager" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "BM" : { + "I" : "H", + "S" : "U", + "AV" : "L", + "C" : "H", + "PR" : "N", + "A" : "N", + "AC" : "L", + "SCORE" : "7.700", + "UI" : "N" + }, + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10888379", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 888379 (Security Access Manager)", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10888379" + }, + { + "refsource" : "XF", + "name" : "ibm-sam-cve20194145-info-disc (158400)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158400" + } + ] + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4145", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-06-21T00:00:00" + }, + "data_type" : "CVE", + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400." + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4150.json b/2019/4xxx/CVE-2019-4150.json index 78ec602ccc8..002ab08bf95 100644 --- a/2019/4xxx/CVE-2019-4150.json +++ b/2019/4xxx/CVE-2019-4150.json @@ -1,18 +1,105 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4150", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "value" : "IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510.", + "lang" : "eng" + } + ] + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10888379", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 888379 (Security Access Manager)", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10888379" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158510", + "refsource" : "XF", + "name" : "ibm-sam-cve20194150-info-disc (158510)", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-06-21T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4150" + }, + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "L", + "AV" : "N", + "S" : "U", + "I" : "N", + "SCORE" : "3.700", + "UI" : "N", + "AC" : "H", + "A" : "N", + "PR" : "N" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1" + }, + { + "version_value" : "9.0.3" + }, + { + "version_value" : "9.0.4" + }, + { + "version_value" : "9.0.2" + }, + { + "version_value" : "9.0.5" + }, + { + "version_value" : "9.0.6" + } + ] + }, + "product_name" : "Security Access Manager" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2019/4xxx/CVE-2019-4151.json b/2019/4xxx/CVE-2019-4151.json index 2f8d6a87c73..82864554b43 100644 --- a/2019/4xxx/CVE-2019-4151.json +++ b/2019/4xxx/CVE-2019-4151.json @@ -1,18 +1,105 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4151", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "value" : "IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "ID" : "CVE-2019-4151", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-06-21T00:00:00", + "STATE" : "PUBLIC" + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 888379 (Security Access Manager)", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10888379", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10888379" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158512", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-sam-cve20194151-info-disc (158512)" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "AC" : "H", + "SCORE" : "5.900", + "UI" : "N", + "PR" : "N", + "A" : "N", + "S" : "U", + "C" : "H", + "AV" : "N", + "I" : "N" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1" + }, + { + "version_value" : "9.0.3" + }, + { + "version_value" : "9.0.4" + }, + { + "version_value" : "9.0.2" + }, + { + "version_value" : "9.0.5" + }, + { + "version_value" : "9.0.6" + } + ] + }, + "product_name" : "Security Access Manager" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2019/4xxx/CVE-2019-4152.json b/2019/4xxx/CVE-2019-4152.json index 61ee672428d..d689fb842f1 100644 --- a/2019/4xxx/CVE-2019-4152.json +++ b/2019/4xxx/CVE-2019-4152.json @@ -1,18 +1,105 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4152", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1" + }, + { + "version_value" : "9.0.3" + }, + { + "version_value" : "9.0.4" + }, + { + "version_value" : "9.0.2" + }, + { + "version_value" : "9.0.5" + }, + { + "version_value" : "9.0.6" + } + ] + }, + "product_name" : "Security Access Manager" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "BM" : { + "AC" : "L", + "UI" : "N", + "SCORE" : "5.100", + "A" : "N", + "PR" : "N", + "S" : "U", + "AV" : "L", + "C" : "L", + "I" : "L" + }, + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + } + } + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515." + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-06-21T00:00:00", + "ID" : "CVE-2019-4152" + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10888379", + "title" : "IBM Security Bulletin 888379 (Security Access Manager)", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10888379" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158515", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-sam-cve20194152-session-fixation (158515)", + "refsource" : "XF" + } + ] + }, + "data_version" : "4.0" +} diff --git a/2019/4xxx/CVE-2019-4153.json b/2019/4xxx/CVE-2019-4153.json index bb1b3307b94..97f3e2920a4 100644 --- a/2019/4xxx/CVE-2019-4153.json +++ b/2019/4xxx/CVE-2019-4153.json @@ -1,18 +1,105 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4153", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "S" : "C", + "AV" : "N", + "C" : "N", + "I" : "H", + "AC" : "L", + "SCORE" : "6.800", + "UI" : "R", + "PR" : "L", + "A" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1" + }, + { + "version_value" : "9.0.3" + }, + { + "version_value" : "9.0.4" + }, + { + "version_value" : "9.0.2" + }, + { + "version_value" : "9.0.5" + }, + { + "version_value" : "9.0.6" + } + ] + }, + "product_name" : "Security Access Manager" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "value" : "IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517.", + "lang" : "eng" + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4153", + "DATE_PUBLIC" : "2019-06-21T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC" + }, + "data_type" : "CVE", + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10888379", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10888379", + "title" : "IBM Security Bulletin 888379 (Security Access Manager)" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158517", + "name" : "ibm-sam-cve20194153-open-redirect (158517)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4156.json b/2019/4xxx/CVE-2019-4156.json index c4b63ea3bf6..08c994d42ef 100644 --- a/2019/4xxx/CVE-2019-4156.json +++ b/2019/4xxx/CVE-2019-4156.json @@ -1,18 +1,105 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4156", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572." + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-06-21T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4156" + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 888379 (Security Access Manager)", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10888379", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10888379" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158572", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-sam-cve20194156-info-disc (158572)", + "refsource" : "XF" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "AC" : "H", + "UI" : "N", + "SCORE" : "5.900", + "A" : "N", + "PR" : "N", + "S" : "U", + "AV" : "N", + "C" : "H", + "I" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Security Access Manager", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1" + }, + { + "version_value" : "9.0.3" + }, + { + "version_value" : "9.0.4" + }, + { + "version_value" : "9.0.2" + }, + { + "version_value" : "9.0.5" + }, + { + "version_value" : "9.0.6" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2019/4xxx/CVE-2019-4157.json b/2019/4xxx/CVE-2019-4157.json index e48303dc0d3..0980ae516bc 100644 --- a/2019/4xxx/CVE-2019-4157.json +++ b/2019/4xxx/CVE-2019-4157.json @@ -1,18 +1,105 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4157", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "value" : "IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573.", + "lang" : "eng" + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10888379", + "title" : "IBM Security Bulletin 888379 (Security Access Manager)", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10888379" + }, + { + "name" : "ibm-sam-cve20194157-xss (158573)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158573" + } + ] + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-06-21T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4157" + }, + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Security Access Manager", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1" + }, + { + "version_value" : "9.0.3" + }, + { + "version_value" : "9.0.4" + }, + { + "version_value" : "9.0.2" + }, + { + "version_value" : "9.0.5" + }, + { + "version_value" : "9.0.6" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "H", + "RL" : "O" + }, + "BM" : { + "AC" : "L", + "SCORE" : "6.100", + "UI" : "R", + "PR" : "N", + "A" : "N", + "S" : "C", + "AV" : "N", + "C" : "L", + "I" : "L" + } + } + } +} diff --git a/2019/4xxx/CVE-2019-4158.json b/2019/4xxx/CVE-2019-4158.json index a11c3f60581..feccece90a8 100644 --- a/2019/4xxx/CVE-2019-4158.json +++ b/2019/4xxx/CVE-2019-4158.json @@ -1,18 +1,105 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4158", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "BM" : { + "PR" : "L", + "A" : "N", + "AC" : "L", + "UI" : "N", + "SCORE" : "5.400", + "I" : "L", + "S" : "U", + "AV" : "N", + "C" : "L" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Security Access Manager", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1" + }, + { + "version_value" : "9.0.3" + }, + { + "version_value" : "9.0.4" + }, + { + "version_value" : "9.0.2" + }, + { + "version_value" : "9.0.5" + }, + { + "version_value" : "9.0.6" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10888379", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10888379", + "title" : "IBM Security Bulletin 888379 (Security Access Manager)" + }, + { + "name" : "ibm-sam-cve20194158-improper-auth (158574)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158574" + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4158", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-06-21T00:00:00" + }, + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "value" : "IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.", + "lang" : "eng" + } + ] + }, + "data_format" : "MITRE" +} diff --git a/2019/4xxx/CVE-2019-4377.json b/2019/4xxx/CVE-2019-4377.json index ec29c4b32f4..cc69f605f0c 100644 --- a/2019/4xxx/CVE-2019-4377.json +++ b/2019/4xxx/CVE-2019-4377.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4377", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "I" : "N", + "AV" : "N", + "C" : "L", + "S" : "U", + "A" : "N", + "PR" : "L", + "UI" : "N", + "SCORE" : "4.300", + "AC" : "L" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "6.0.0.0" + }, + { + "version_value" : "6.0.0.1" + } + ] + }, + "product_name" : "Sterling B2B Integrator" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803." + } + ] + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-06-17T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4377", + "STATE" : "PUBLIC" + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 887853 (Sterling B2B Integrator)", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10887853", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10887853" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162083", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-sterling-cve20194377-info-disc (162083)" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4382.json b/2019/4xxx/CVE-2019-4382.json index ff3888d4f58..8cc243976d9 100644 --- a/2019/4xxx/CVE-2019-4382.json +++ b/2019/4xxx/CVE-2019-4382.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4382", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.0.0.0" + }, + { + "version_value" : "5.0.8.6" + } + ] + }, + "product_name" : "API Connect" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + }, + "BM" : { + "S" : "U", + "C" : "L", + "AV" : "N", + "I" : "N", + "AC" : "L", + "SCORE" : "5.300", + "UI" : "N", + "PR" : "N", + "A" : "N" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4382", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-06-15T00:00:00" + }, + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 886747 (API Connect)", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10886747", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10886747" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-api-cve20194382-info-disc (162162)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162162" + } + ] + }, + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162." + } + ] + }, + "data_format" : "MITRE" +}