From 110472cfe469b5b346b0ce374381c437ead8a086 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 3 Mar 2024 13:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/43xxx/CVE-2023-43054.json | 83 +++++++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47742.json | 96 ++++++++++++++++++++++++++++++++-- 2024/22xxx/CVE-2024-22355.json | 96 ++++++++++++++++++++++++++++++++-- 3 files changed, 263 insertions(+), 12 deletions(-) diff --git a/2023/43xxx/CVE-2023-43054.json b/2023/43xxx/CVE-2023-43054.json index 19060508064..4e5fba219a8 100644 --- a/2023/43xxx/CVE-2023-43054.json +++ b/2023/43xxx/CVE-2023-43054.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-43054", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267459." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Engineering Test Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.0.2, 7.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7122399", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7122399" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267459", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267459" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47742.json b/2023/47xxx/CVE-2023-47742.json index ecee85ff413..9cacf5ad978 100644 --- a/2023/47xxx/CVE-2023-47742.json +++ b/2023/47xxx/CVE-2023-47742.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47742", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not correctly enforcing all aspects of certificate validation in some circumstances. IBM X-Force ID: 272533." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-300 Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + "cweId": "CWE-300" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "QRadar Suite Products", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.10.12.0", + "version_value": "1.10.18.0" + } + ] + } + }, + { + "product_name": "Cloud Pak for Security", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.10.0.0", + "version_value": "1.10.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7129328", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7129328" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272533", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272533" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/22xxx/CVE-2024-22355.json b/2024/22xxx/CVE-2024-22355.json index 8d080a6f333..db9ca80d022 100644 --- a/2024/22xxx/CVE-2024-22355.json +++ b/2024/22xxx/CVE-2024-22355.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22355", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-521 Weak Password Requirements", + "cweId": "CWE-521" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "QRadar Suite Products", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.10.12.0", + "version_value": "1.10.18.0" + } + ] + } + }, + { + "product_name": "Cloud Pak for Security", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.10.0.0", + "version_value": "1.10.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7129328", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7129328" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280781", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280781" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] }