diff --git a/2020/4xxx/CVE-2020-4140.json b/2020/4xxx/CVE-2020-4140.json index 464afa9184d..2465cf548d1 100644 --- a/2020/4xxx/CVE-2020-4140.json +++ b/2020/4xxx/CVE-2020-4140.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4140", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Security SiteProtector System", + "version" : { + "version_data" : [ + { + "version_value" : "3.1.1" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "UI" : "R", + "SCORE" : "5.400", + "AV" : "N", + "C" : "L", + "S" : "C", + "I" : "L", + "AC" : "L", + "PR" : "L" + }, + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + } + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052.", + "lang" : "eng" + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6515054", + "title" : "IBM Security Bulletin 6515054 (Security SiteProtector System)", + "name" : "https://www.ibm.com/support/pages/node/6515054", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "name" : "ibm-siteprotector-cve20204140-xss (174052)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/174052" + } + ] + }, + "data_type" : "CVE", + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-11-10T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2020-4140" + } +} diff --git a/2020/4xxx/CVE-2020-4146.json b/2020/4xxx/CVE-2020-4146.json index 307308dd5ba..1da83788a9b 100644 --- a/2020/4xxx/CVE-2020-4146.json +++ b/2020/4xxx/CVE-2020-4146.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4146", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta" : { + "ID" : "CVE-2020-4146", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-11-10T00:00:00", + "STATE" : "PUBLIC" + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6515056", + "title" : "IBM Security Bulletin 6515056 (Security SiteProtector System)", + "name" : "https://www.ibm.com/support/pages/node/6515056", + "refsource" : "CONFIRM" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/174129", + "name" : "ibm-siteprotector-cve20204146-info-disc (174129)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing 'HttpOnly' flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129.", + "lang" : "eng" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AV" : "N", + "SCORE" : "4.000", + "UI" : "N", + "C" : "L", + "S" : "C", + "AC" : "H", + "I" : "N", + "PR" : "N" + }, + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + } + } + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Security SiteProtector System", + "version" : { + "version_data" : [ + { + "version_value" : "3.1.1" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2021/38xxx/CVE-2021-38972.json b/2021/38xxx/CVE-2021-38972.json index 36bfa4b18fd..11b433c1163 100644 --- a/2021/38xxx/CVE-2021-38972.json +++ b/2021/38xxx/CVE-2021-38972.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-38972", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "A" : "N", + "AV" : "N", + "SCORE" : "4.300", + "UI" : "N", + "C" : "N", + "S" : "U", + "AC" : "L", + "I" : "L", + "PR" : "L" + } + } + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Security Key Lifecycle Manager", + "version" : { + "version_data" : [ + { + "version_value" : "3.0" + }, + { + "version_value" : "3.0.1" + }, + { + "version_value" : "4.0" + }, + { + "version_value" : "3.0.0.4" + }, + { + "version_value" : "3.0.1.5" + }, + { + "version_value" : "4.0.0.3" + }, + { + "version_value" : "4.1.0.1" + }, + { + "version_value" : "4.1.1" + }, + { + "version_value" : "4.1.0" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2021-38972", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-11-11T00:00:00" + }, + "data_type" : "CVE", + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Access", + "lang" : "eng" + } + ] + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly." + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/6515530", + "title" : "IBM Security Bulletin 6515530 (Security Key Lifecycle Manager)", + "url" : "https://www.ibm.com/support/pages/node/6515530" + }, + { + "title" : "X-Force Vulnerability Report", + "name" : "ibm-tivoli-cve202138972-input-validation (212775)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212775", + "refsource" : "XF" + } + ] + } +} diff --git a/2021/38xxx/CVE-2021-38973.json b/2021/38xxx/CVE-2021-38973.json index fd7d0c057b6..9ad8720e34f 100644 --- a/2021/38xxx/CVE-2021-38973.json +++ b/2021/38xxx/CVE-2021-38973.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-38973", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "BM" : { + "SCORE" : "2.400", + "UI" : "R", + "AV" : "N", + "A" : "N", + "C" : "N", + "S" : "U", + "I" : "L", + "AC" : "L", + "PR" : "H" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + } + } + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Security Key Lifecycle Manager", + "version" : { + "version_data" : [ + { + "version_value" : "3.0" + }, + { + "version_value" : "3.0.1" + }, + { + "version_value" : "4.0" + }, + { + "version_value" : "3.0.0.4" + }, + { + "version_value" : "3.0.1.5" + }, + { + "version_value" : "4.0.0.3" + }, + { + "version_value" : "4.1.0.1" + }, + { + "version_value" : "4.1.1" + }, + { + "version_value" : "4.1.0" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-11-11T00:00:00", + "ID" : "CVE-2021-38973" + }, + "data_type" : "CVE", + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.", + "lang" : "eng" + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/6515528", + "title" : "IBM Security Bulletin 6515528 (Security Key Lifecycle Manager)", + "url" : "https://www.ibm.com/support/pages/node/6515528", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-tivoli-cve202138973-input-validation (212778)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212778" + } + ] + } +} diff --git a/2021/38xxx/CVE-2021-38985.json b/2021/38xxx/CVE-2021-38985.json index d281b88e482..2f2bf912b04 100644 --- a/2021/38xxx/CVE-2021-38985.json +++ b/2021/38xxx/CVE-2021-38985.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-38985", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "3.0" + }, + { + "version_value" : "3.0.1" + }, + { + "version_value" : "4.0" + }, + { + "version_value" : "3.0.0.4" + }, + { + "version_value" : "3.0.1.5" + }, + { + "version_value" : "4.0.0.3" + }, + { + "version_value" : "4.1.0.1" + }, + { + "version_value" : "4.1.1" + }, + { + "version_value" : "4.1.0" + } + ] + }, + "product_name" : "Security Key Lifecycle Manager" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "N", + "S" : "U", + "A" : "N", + "SCORE" : "4.300", + "UI" : "N", + "AV" : "N", + "PR" : "L", + "I" : "L", + "AC" : "L" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Access", + "lang" : "eng" + } + ] + } + ] + }, + "data_type" : "CVE", + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly." + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/6515526", + "name" : "https://www.ibm.com/support/pages/node/6515526", + "title" : "IBM Security Bulletin 6515526 (Security Key Lifecycle Manager)" + }, + { + "refsource" : "XF", + "name" : "ibm-tivoli-cve202138985-input-validation (212799)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212799" + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2021-38985", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-11-11T00:00:00", + "STATE" : "PUBLIC" + } +}