IBM20220126-123726

Added CVE-2021-29838, CVE-2021-29845, CVE-2021-29846
2025-07-29 05:56:59 +00:00 · 2022-01-26 12:37:26 -05:00 · 2022-01-26 12:37:26 -05:00 · 12d814a0b6
commit 12d814a0b6
parent 8c2be6b533
3 changed files with 261 additions and 45 deletions
--- a/2021/29xxx/CVE-2021-29838.json
+++ b/2021/29xxx/CVE-2021-29838.json
@ -1,18 +1,90 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-29838",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "vendor_name" : "IBM",
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "Security Guardium Insights",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "3.0"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               }
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "CVE_data_meta" : {
+      "STATE" : "PUBLIC",
+      "ID" : "CVE-2021-29838",
+      "ASSIGNER" : "psirt@us.ibm.com",
+      "DATE_PUBLIC" : "2022-01-25T00:00:00"
+   },
+   "data_type" : "CVE",
+   "impact" : {
+      "cvssv3" : {
+         "BM" : {
+            "AV" : "N",
+            "UI" : "N",
+            "PR" : "N",
+            "I" : "N",
+            "SCORE" : "5.900",
+            "S" : "U",
+            "AC" : "H",
+            "C" : "H",
+            "A" : "N"
+         },
+         "TM" : {
+            "RL" : "O",
+            "RC" : "C",
+            "E" : "U"
+         }
+      }
+   },
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "value" : "Obtain Information",
+                  "lang" : "eng"
+               }
+            ]
+         }
+      ]
+   },
+   "data_version" : "4.0",
+   "references" : {
+      "reference_data" : [
+         {
+            "title" : "IBM Security Bulletin 6550866 (Security Guardium)",
+            "refsource" : "CONFIRM",
+            "name" : "https://www.ibm.com/support/pages/node/6550866",
+            "url" : "https://www.ibm.com/support/pages/node/6550866"
+         },
+         {
+            "name" : "ibm-guardium-cve202129838-info-disc (205026)",
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/205026",
+            "refsource" : "XF",
+            "title" : "X-Force Vulnerability Report"
+         }
+      ]
+   },
+   "data_format" : "MITRE"
+}
--- a/2021/29xxx/CVE-2021-29845.json
+++ b/2021/29xxx/CVE-2021-29845.json
@ -1,18 +1,90 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-29845",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "https://www.ibm.com/support/pages/node/6550866",
+            "name" : "https://www.ibm.com/support/pages/node/6550866",
+            "refsource" : "CONFIRM",
+            "title" : "IBM Security Bulletin 6550866 (Security Guardium)"
+         },
+         {
+            "title" : "X-Force Vulnerability Report",
+            "name" : "ibm-guardium-cve202129845-sec-bypass (205255)",
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/205255",
+            "refsource" : "XF"
+         }
+      ]
+   },
+   "data_version" : "4.0",
+   "data_format" : "MITRE",
+   "impact" : {
+      "cvssv3" : {
+         "BM" : {
+            "AV" : "N",
+            "PR" : "L",
+            "UI" : "N",
+            "SCORE" : "4.300",
+            "I" : "L",
+            "AC" : "L",
+            "S" : "U",
+            "A" : "N",
+            "C" : "N"
+         },
+         "TM" : {
+            "E" : "U",
+            "RL" : "O",
+            "RC" : "C"
+         }
+      }
+   },
+   "data_type" : "CVE",
+   "CVE_data_meta" : {
+      "DATE_PUBLIC" : "2022-01-25T00:00:00",
+      "ASSIGNER" : "psirt@us.ibm.com",
+      "STATE" : "PUBLIC",
+      "ID" : "CVE-2021-29845"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "Security Guardium Insights",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "3.0"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "IBM"
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "Bypass Security"
+               }
+            ]
+         }
+      ]
+   },
+   "description" : {
+      "description_data" : [
+         {
+            "value" : "IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation.  IBM X-Force ID:  205255.",
+            "lang" : "eng"
+         }
+      ]
+   }
+}
--- a/2021/29xxx/CVE-2021-29846.json
+++ b/2021/29xxx/CVE-2021-29846.json
@ -1,18 +1,90 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-29846",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
+   "data_format" : "MITRE",
+   "data_version" : "4.0",
+   "references" : {
+      "reference_data" : [
+         {
+            "refsource" : "CONFIRM",
+            "url" : "https://www.ibm.com/support/pages/node/6550866",
+            "name" : "https://www.ibm.com/support/pages/node/6550866",
+            "title" : "IBM Security Bulletin 6550866 (Security Guardium)"
+         },
+         {
+            "title" : "X-Force Vulnerability Report",
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/205256",
+            "name" : "ibm-guardium-cve202129846-info-disc (205256)",
+            "refsource" : "XF"
+         }
+      ]
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "vendor_name" : "IBM",
+               "product" : {
+                  "product_data" : [
+                     {
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "3.0"
+                              }
+                           ]
+                        },
+                        "product_name" : "Security Guardium Insights"
+                     }
+                  ]
+               }
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "impact" : {
+      "cvssv3" : {
+         "BM" : {
+            "SCORE" : "2.200",
+            "I" : "N",
+            "A" : "N",
+            "C" : "L",
+            "AC" : "H",
+            "S" : "U",
+            "UI" : "N",
+            "PR" : "H",
+            "AV" : "N"
+         },
+         "TM" : {
+            "E" : "U",
+            "RC" : "C",
+            "RL" : "O"
+         }
+      }
+   },
+   "CVE_data_meta" : {
+      "DATE_PUBLIC" : "2022-01-25T00:00:00",
+      "ASSIGNER" : "psirt@us.ibm.com",
+      "STATE" : "PUBLIC",
+      "ID" : "CVE-2021-29846"
+   },
+   "data_type" : "CVE",
+   "description" : {
+      "description_data" : [
+         {
+            "value" : "IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.  IBM X-Force ID:  205256.",
+            "lang" : "eng"
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "value" : "Obtain Information",
+                  "lang" : "eng"
+               }
+            ]
+         }
+      ]
+   }
+}