admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20211112-101758

Browse Source 
Added CVE-2021-38972, CVE-2021-38985, CVE-2021-38973, CVE-2020-4140, CVE-2020-4146
This commit is contained in:
Scott Moore - IBM 2021-11-12 10:17:58 -05:00
parent b0e1d6de83
commit 128c05a366
No known key found for this signature in database
GPG Key ID: 8E6C411D57F2D75C
5 changed files with 507 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
2020/4xxx/CVE-2020-4140.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4140",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security SiteProtector System",
"version" : {
"version_data" : [
{
"version_value" : "3.1.1"
}
]
}
}
]
}
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"UI" : "R",
"SCORE" : "5.400",
"AV" : "N",
"C" : "L",
"S" : "C",
"I" : "L",
"AC" : "L",
"PR" : "L"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6515054",
"title" : "IBM Security Bulletin 6515054 (Security SiteProtector System)",
"name" : "https://www.ibm.com/support/pages/node/6515054",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"name" : "ibm-siteprotector-cve20204140-xss (174052)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/174052"
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-11-10T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4140"
}
}

102
2020/4xxx/CVE-2020-4146.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4146",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"ID" : "CVE-2020-4146",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-11-10T00:00:00",
"STATE" : "PUBLIC"
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6515056",
"title" : "IBM Security Bulletin 6515056 (Security SiteProtector System)",
"name" : "https://www.ibm.com/support/pages/node/6515056",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/174129",
"name" : "ibm-siteprotector-cve20204146-info-disc (174129)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing 'HttpOnly' flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AV" : "N",
"SCORE" : "4.000",
"UI" : "N",
"C" : "L",
"S" : "C",
"AC" : "H",
"I" : "N",
"PR" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security SiteProtector System",
"version" : {
"version_data" : [
{
"version_value" : "3.1.1"
}
]
}
}
]
}
}
]
}
}
]
}
}
}

126
2021/38xxx/CVE-2021-38972.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38972",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"A" : "N",
"AV" : "N",
"SCORE" : "4.300",
"UI" : "N",
"C" : "N",
"S" : "U",
"AC" : "L",
"I" : "L",
"PR" : "L"
}
}
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
},
{
"version_value" : "4.1.0"
}
]
}
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2021-38972",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-11-11T00:00:00"
},
"data_type" : "CVE",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6515530",
"title" : "IBM Security Bulletin 6515530 (Security Key Lifecycle Manager)",
"url" : "https://www.ibm.com/support/pages/node/6515530"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve202138972-input-validation (212775)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212775",
"refsource" : "XF"
}
]
}
}

126
2021/38xxx/CVE-2021-38973.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38973",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "2.400",
"UI" : "R",
"AV" : "N",
"A" : "N",
"C" : "N",
"S" : "U",
"I" : "L",
"AC" : "L",
"PR" : "H"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
},
{
"version_value" : "4.1.0"
}
]
}
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-11-11T00:00:00",
"ID" : "CVE-2021-38973"
},
"data_type" : "CVE",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6515528",
"title" : "IBM Security Bulletin 6515528 (Security Key Lifecycle Manager)",
"url" : "https://www.ibm.com/support/pages/node/6515528",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve202138973-input-validation (212778)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212778"
}
]
}
}

126
2021/38xxx/CVE-2021-38985.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38985",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
},
{
"version_value" : "4.1.0"
}
]
},
"product_name" : "Security Key Lifecycle Manager"
}
]
}
}
]
}
}
]
}
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "N",
"S" : "U",
"A" : "N",
"SCORE" : "4.300",
"UI" : "N",
"AV" : "N",
"PR" : "L",
"I" : "L",
"AC" : "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6515526",
"name" : "https://www.ibm.com/support/pages/node/6515526",
"title" : "IBM Security Bulletin 6515526 (Security Key Lifecycle Manager)"
},
{
"refsource" : "XF",
"name" : "ibm-tivoli-cve202138985-input-validation (212799)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212799"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2021-38985",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-11-11T00:00:00",
"STATE" : "PUBLIC"
}
}