diff --git a/2019/2xxx/CVE-2019-2388.json b/2019/2xxx/CVE-2019-2388.json index bd53378dd61..b3be084ef42 100644 --- a/2019/2xxx/CVE-2019-2388.json +++ b/2019/2xxx/CVE-2019-2388.json @@ -85,8 +85,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://docs.opsmanager.mongodb.com/current/release-notes/application/#onprem-server-4-0" + "refsource": "MISC", + "url": "https://docs.opsmanager.mongodb.com/current/release-notes/application/#onprem-server-4-0", + "name": "https://docs.opsmanager.mongodb.com/current/release-notes/application/#onprem-server-4-0" } ] }, diff --git a/2020/10xxx/CVE-2020-10626.json b/2020/10xxx/CVE-2020-10626.json index 5300747bbd6..091c4c84aee 100644 --- a/2020/10xxx/CVE-2020-10626.json +++ b/2020/10xxx/CVE-2020-10626.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10626", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fazecast jSerialComm, Version 2.2.2 and prior", + "version": { + "version_data": [ + { + "version_value": "Fazecast jSerialComm, Version 2.2.2 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/ICSA2012601", + "url": "https://www.us-cert.gov/ics/advisories/ICSA2012601" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code." } ] } diff --git a/2020/12xxx/CVE-2020-12856.json b/2020/12xxx/CVE-2020-12856.json new file mode 100644 index 00000000000..aaf271fc777 --- /dev/null +++ b/2020/12xxx/CVE-2020-12856.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12856", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12857.json b/2020/12xxx/CVE-2020-12857.json new file mode 100644 index 00000000000..6ef61e94b29 --- /dev/null +++ b/2020/12xxx/CVE-2020-12857.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12857", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12858.json b/2020/12xxx/CVE-2020-12858.json new file mode 100644 index 00000000000..b59bbacc77f --- /dev/null +++ b/2020/12xxx/CVE-2020-12858.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12858", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12859.json b/2020/12xxx/CVE-2020-12859.json new file mode 100644 index 00000000000..01d621e80e3 --- /dev/null +++ b/2020/12xxx/CVE-2020-12859.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12859", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12860.json b/2020/12xxx/CVE-2020-12860.json new file mode 100644 index 00000000000..7163cfb0f96 --- /dev/null +++ b/2020/12xxx/CVE-2020-12860.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12860", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12861.json b/2020/12xxx/CVE-2020-12861.json new file mode 100644 index 00000000000..4a124dbc697 --- /dev/null +++ b/2020/12xxx/CVE-2020-12861.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12861", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12862.json b/2020/12xxx/CVE-2020-12862.json new file mode 100644 index 00000000000..be2c55266bb --- /dev/null +++ b/2020/12xxx/CVE-2020-12862.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12862", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12863.json b/2020/12xxx/CVE-2020-12863.json new file mode 100644 index 00000000000..cc5386abebd --- /dev/null +++ b/2020/12xxx/CVE-2020-12863.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12863", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12864.json b/2020/12xxx/CVE-2020-12864.json new file mode 100644 index 00000000000..6cb1fcfbd62 --- /dev/null +++ b/2020/12xxx/CVE-2020-12864.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12864", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12865.json b/2020/12xxx/CVE-2020-12865.json new file mode 100644 index 00000000000..b6553a5729e --- /dev/null +++ b/2020/12xxx/CVE-2020-12865.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12865", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12866.json b/2020/12xxx/CVE-2020-12866.json new file mode 100644 index 00000000000..21e24b5498f --- /dev/null +++ b/2020/12xxx/CVE-2020-12866.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12866", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12867.json b/2020/12xxx/CVE-2020-12867.json new file mode 100644 index 00000000000..c5b780f4965 --- /dev/null +++ b/2020/12xxx/CVE-2020-12867.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12867", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1945.json b/2020/1xxx/CVE-2020-1945.json index 45d18c9c22c..29a5583e452 100644 --- a/2020/1xxx/CVE-2020-1945.json +++ b/2020/1xxx/CVE-2020-1945.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1945", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache Ant", + "version": { + "version_data": [ + { + "version_value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "insecure temporary file vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process." } ] } diff --git a/2020/1xxx/CVE-2020-1998.json b/2020/1xxx/CVE-2020-1998.json index 7c5500b62c2..8c154404d27 100644 --- a/2020/1xxx/CVE-2020-1998.json +++ b/2020/1xxx/CVE-2020-1998.json @@ -84,7 +84,7 @@ "description_data": [ { "lang": "eng", - "value": "An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user.\nThis issue affects:\n\nPAN-OS 7.1 versions earlier than 7.1.26;\n\nPAN-OS 8.1 versions earlier than 8.1.13;\n\nPAN-OS 9.0 versions earlier than 9.0.6;\n\nPAN-OS 9.1 versions earlier than 9.1.1;\n\nAll versions of PAN-OS 8.0." + "value": "An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0." } ] }, @@ -122,8 +122,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://security.paloaltonetworks.com/CVE-2020-1998" + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2020-1998", + "name": "https://security.paloaltonetworks.com/CVE-2020-1998" } ] }, diff --git a/2020/2xxx/CVE-2020-2001.json b/2020/2xxx/CVE-2020-2001.json index a5472afbd02..9412fce0417 100644 --- a/2020/2xxx/CVE-2020-2001.json +++ b/2020/2xxx/CVE-2020-2001.json @@ -69,7 +69,7 @@ "description_data": [ { "lang": "eng", - "value": "An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges.\nThis issue affects:\n\nAll PAN-OS 7.1 Panorama and 8.0 Panorama versions;\n\nPAN-OS 8.1 versions earlier than 8.1.12 on Panorama;\n\nPAN-OS 9.0 versions earlier than 9.0.6 on Panorama." + "value": "An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. This issue affects: All PAN-OS 7.1 Panorama and 8.0 Panorama versions; PAN-OS 8.1 versions earlier than 8.1.12 on Panorama; PAN-OS 9.0 versions earlier than 9.0.6 on Panorama." } ] }, @@ -107,8 +107,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://security.paloaltonetworks.com/CVE-2020-2001" + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2020-2001", + "name": "https://security.paloaltonetworks.com/CVE-2020-2001" } ] }, diff --git a/2020/2xxx/CVE-2020-2002.json b/2020/2xxx/CVE-2020-2002.json index ff8c585506d..d96c26e96a3 100644 --- a/2020/2xxx/CVE-2020-2002.json +++ b/2020/2xxx/CVE-2020-2002.json @@ -74,7 +74,7 @@ "description_data": [ { "lang": "eng", - "value": "An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. \nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.6;\nAll version of PAN-OS 8.0.\n" + "value": "An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All version of PAN-OS 8.0." } ] }, @@ -112,8 +112,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://security.paloaltonetworks.com/CVE-2020-2002" + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2020-2002", + "name": "https://security.paloaltonetworks.com/CVE-2020-2002" } ] }, diff --git a/2020/2xxx/CVE-2020-2003.json b/2020/2xxx/CVE-2020-2003.json index 00f54178f2d..9dae9cc5e8e 100644 --- a/2020/2xxx/CVE-2020-2003.json +++ b/2020/2xxx/CVE-2020-2003.json @@ -79,7 +79,7 @@ "description_data": [ { "lang": "eng", - "value": "An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services.\n\nThis issue affects:\nAll versions of PAN-OS 7.1 and 8.0;\nPAN-OS 8.1 versions before 8.1.14;\nPAN-OS 9.0 versions before 9.0.7;\nPAN-OS 9.1 versions before 9.1.1." + "value": "An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions before 8.1.14; PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.1." } ] }, @@ -117,8 +117,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://security.paloaltonetworks.com/CVE-2020-2003" + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2020-2003", + "name": "https://security.paloaltonetworks.com/CVE-2020-2003" } ] }, diff --git a/2020/2xxx/CVE-2020-2005.json b/2020/2xxx/CVE-2020-2005.json index 821b371a4ca..7e4837a7b01 100644 --- a/2020/2xxx/CVE-2020-2005.json +++ b/2020/2xxx/CVE-2020-2005.json @@ -80,7 +80,7 @@ "description_data": [ { "lang": "eng", - "value": "A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session.\nThis issue affects:\n\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.7;\nAll versions of PAN-OS 8.0." + "value": "A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; All versions of PAN-OS 8.0." } ] }, @@ -118,8 +118,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://security.paloaltonetworks.com/CVE-2020-2005" + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2020-2005", + "name": "https://security.paloaltonetworks.com/CVE-2020-2005" } ] }, diff --git a/2020/2xxx/CVE-2020-2013.json b/2020/2xxx/CVE-2020-2013.json index 240498e8413..978a47f259a 100644 --- a/2020/2xxx/CVE-2020-2013.json +++ b/2020/2xxx/CVE-2020-2013.json @@ -84,7 +84,7 @@ "description_data": [ { "lang": "eng", - "value": "A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama.\nThis issue affects:\n\nPAN-OS 7.1 versions earlier than 7.1.26;\n\nPAN-OS 8.1 versions earlier than 8.1.13;\n\nPAN-OS 9.0 versions earlier than 9.0.6;\n\nPAN-OS 9.1 versions earlier than 9.1.1;\n\nAll version of PAN-OS 8.0;" + "value": "A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All version of PAN-OS 8.0;" } ] }, @@ -122,8 +122,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://security.paloaltonetworks.com/CVE-2020-2013" + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2020-2013", + "name": "https://security.paloaltonetworks.com/CVE-2020-2013" } ] }, @@ -149,7 +150,7 @@ "work_around": [ { "lang": "eng", - "value": "One possible vulnerability mitigation is to shorten the length of administrator session idle timeout. This reduces the likelihood the exposed administrator’s session cookie is valid at time of attack." + "value": "One possible vulnerability mitigation is to shorten the length of administrator session idle timeout. This reduces the likelihood the exposed administrator\u2019s session cookie is valid at time of attack." }, { "lang": "eng", diff --git a/2020/2xxx/CVE-2020-2015.json b/2020/2xxx/CVE-2020-2015.json index 23d71946c25..f6c0f0fbe88 100644 --- a/2020/2xxx/CVE-2020-2015.json +++ b/2020/2xxx/CVE-2020-2015.json @@ -89,7 +89,7 @@ "description_data": [ { "lang": "eng", - "value": "A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges.\n\nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.7;\nPAN-OS 9.1 versions earlier than 9.1.1;\nAll versions of PAN-OS 8.0.\n\n" + "value": "A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0." } ] }, @@ -127,8 +127,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://security.paloaltonetworks.com/CVE-2020-2015" + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2020-2015", + "name": "https://security.paloaltonetworks.com/CVE-2020-2015" } ] }, diff --git a/2020/2xxx/CVE-2020-2016.json b/2020/2xxx/CVE-2020-2016.json index a47225fb201..f23a2a8a868 100644 --- a/2020/2xxx/CVE-2020-2016.json +++ b/2020/2xxx/CVE-2020-2016.json @@ -88,7 +88,7 @@ "description_data": [ { "lang": "eng", - "value": "A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account.\n\nThis allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user.\nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.6;\nAll versions of PAN-OS 8.0." + "value": "A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0." } ] }, @@ -132,8 +132,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://security.paloaltonetworks.com/CVE-2020-2016" + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2020-2016", + "name": "https://security.paloaltonetworks.com/CVE-2020-2016" } ] }, diff --git a/2020/2xxx/CVE-2020-2017.json b/2020/2xxx/CVE-2020-2017.json index 9cee3a34e9e..d9e5b05833c 100644 --- a/2020/2xxx/CVE-2020-2017.json +++ b/2020/2xxx/CVE-2020-2017.json @@ -84,7 +84,7 @@ "description_data": [ { "lang": "eng", - "value": "A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces.\nA remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions.\n\nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.6;\nAll versions of PAN-OS 8.0." + "value": "A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0." } ] }, @@ -122,8 +122,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://security.paloaltonetworks.com/CVE-2020-2017" + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2020-2017", + "name": "https://security.paloaltonetworks.com/CVE-2020-2017" } ] }, diff --git a/2020/2xxx/CVE-2020-2018.json b/2020/2xxx/CVE-2020-2018.json index 321bc380981..8b6963133f3 100644 --- a/2020/2xxx/CVE-2020-2018.json +++ b/2020/2xxx/CVE-2020-2018.json @@ -74,7 +74,7 @@ "description_data": [ { "lang": "eng", - "value": "An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this issue. \nThis issue does not affect Panorama configured with custom certificates authentication for communication between Panorama and managed devices.\nThis issue affects:\n\nPAN-OS 7.1 versions earlier than 7.1.26;\n\nPAN-OS 8.1 versions earlier than 8.1.12;\n\nPAN-OS 9.0 versions earlier than 9.0.6;\n\nAll versions of PAN-OS 8.0." + "value": "An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue does not affect Panorama configured with custom certificates authentication for communication between Panorama and managed devices. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.12; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0." } ] }, @@ -112,8 +112,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://security.paloaltonetworks.com/CVE-2020-2018" + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2020-2018", + "name": "https://security.paloaltonetworks.com/CVE-2020-2018" } ] }, diff --git a/2020/4xxx/CVE-2020-4257.json b/2020/4xxx/CVE-2020-4257.json index 8b911f1f196..12edaba2be4 100644 --- a/2020/4xxx/CVE-2020-4257.json +++ b/2020/4xxx/CVE-2020-4257.json @@ -1,90 +1,90 @@ { - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6209081", - "url" : "https://www.ibm.com/support/pages/node/6209081" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175635", - "name" : "ibm-i2-cve20204257-bo (175635)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4257", - "DATE_PUBLIC" : "2020-05-13T00:00:00" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175635." - } - ] - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "i2 Analysts Notebook", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6209081", + "url": "https://www.ibm.com/support/pages/node/6209081" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175635", + "name": "ibm-i2-cve20204257-bo (175635)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" } - ] - } - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } + ] + }, + "data_format": "MITRE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4257", + "DATE_PUBLIC": "2020-05-13T00:00:00" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175635." + } + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "i2 Analysts Notebook", + "version": { + "version_data": [ + { + "version_value": "9.2.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "SCORE" : "7.800", - "AV" : "L", - "UI" : "R", - "S" : "U", - "C" : "H", - "PR" : "N", - "A" : "H", - "AC" : "L", - "I" : "H" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - } -} + } + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "SCORE": "7.800", + "AV": "L", + "UI": "R", + "S": "U", + "C": "H", + "PR": "N", + "A": "H", + "AC": "L", + "I": "H" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + } + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4258.json b/2020/4xxx/CVE-2020-4258.json index e341620d122..0158325de77 100644 --- a/2020/4xxx/CVE-2020-4258.json +++ b/2020/4xxx/CVE-2020-4258.json @@ -1,90 +1,90 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "I" : "H", - "AC" : "L", - "C" : "H", - "PR" : "N", - "A" : "H", - "SCORE" : "7.800", - "AV" : "L", - "UI" : "R", - "S" : "U" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } - ] - } - ] - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - } - ] - }, - "product_name" : "i2 Analysts Notebook" - } - ] - } + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "I": "H", + "AC": "L", + "C": "H", + "PR": "N", + "A": "H", + "SCORE": "7.800", + "AV": "L", + "UI": "R", + "S": "U" } - ] - } - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175637.", - "lang" : "eng" - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4258", - "DATE_PUBLIC" : "2020-05-13T00:00:00" - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6209081", - "url" : "https://www.ibm.com/support/pages/node/6209081" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175637", - "name" : "ibm-i2-cve20204258-bo (175637)" - } - ] - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "9.2.1" + } + ] + }, + "product_name": "i2 Analysts Notebook" + } + ] + } + } + ] + } + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175637.", + "lang": "eng" + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4258", + "DATE_PUBLIC": "2020-05-13T00:00:00" + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6209081", + "url": "https://www.ibm.com/support/pages/node/6209081" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175637", + "name": "ibm-i2-cve20204258-bo (175637)" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4259.json b/2020/4xxx/CVE-2020-4259.json index bdafa8ff990..f03a010c0f3 100644 --- a/2020/4xxx/CVE-2020-4259.json +++ b/2020/4xxx/CVE-2020-4259.json @@ -1,93 +1,93 @@ { - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6208038 (Sterling File Gateway)", - "url" : "https://www.ibm.com/support/pages/node/6208038", - "name" : "https://www.ibm.com/support/pages/node/6208038" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175638", - "name" : "ibm-sterling-cve20204259-sec-bypass (175638)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Bypass Security" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "SCORE" : "6.500", - "AV" : "N", - "UI" : "N", - "S" : "U", - "C" : "N", - "PR" : "L", - "A" : "N", - "AC" : "L", - "I" : "H" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0.0" - }, - { - "version_value" : "6.0.3.1" - } - ] - }, - "product_name" : "Sterling File Gateway" - } - ] - } + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6208038 (Sterling File Gateway)", + "url": "https://www.ibm.com/support/pages/node/6208038", + "name": "https://www.ibm.com/support/pages/node/6208038" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175638", + "name": "ibm-sterling-cve20204259-sec-bypass (175638)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2020-4259", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-05-13T00:00:00" - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Bypass Security" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "SCORE": "6.500", + "AV": "N", + "UI": "N", + "S": "U", + "C": "N", + "PR": "L", + "A": "N", + "AC": "L", + "I": "H" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.2.0.0" + }, + { + "version_value": "6.0.3.1" + } + ] + }, + "product_name": "Sterling File Gateway" + } + ] + } + } + ] + } + }, + "description": { + "description_data": [ + { + "value": "IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638.", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-4259", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-05-13T00:00:00" + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4261.json b/2020/4xxx/CVE-2020-4261.json index 2cd5cede534..c62f33ea314 100644 --- a/2020/4xxx/CVE-2020-4261.json +++ b/2020/4xxx/CVE-2020-4261.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6209081", - "url" : "https://www.ibm.com/support/pages/node/6209081", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-i2-cve20204261-bo (175644)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175644" - } - ] - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "H", - "AC" : "L", - "PR" : "N", - "C" : "H", - "A" : "H", - "SCORE" : "7.800", - "AV" : "L", - "UI" : "R", - "S" : "U" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175644.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2020-4261", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-05-13T00:00:00" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - } - ] - }, - "product_name" : "i2 Analysts Notebook" - } - ] - } + "name": "https://www.ibm.com/support/pages/node/6209081", + "url": "https://www.ibm.com/support/pages/node/6209081", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-i2-cve20204261-bo (175644)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175644" } - ] - } - } -} + ] + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "I": "H", + "AC": "L", + "PR": "N", + "C": "H", + "A": "H", + "SCORE": "7.800", + "AV": "L", + "UI": "R", + "S": "U" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + } + } + }, + "description": { + "description_data": [ + { + "value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175644.", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-4261", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-05-13T00:00:00" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "9.2.1" + } + ] + }, + "product_name": "i2 Analysts Notebook" + } + ] + } + } + ] + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4262.json b/2020/4xxx/CVE-2020-4262.json index f1734749edd..6d61519d41f 100644 --- a/2020/4xxx/CVE-2020-4262.json +++ b/2020/4xxx/CVE-2020-4262.json @@ -1,90 +1,90 @@ { - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "H", - "PR" : "N", - "A" : "H", - "AV" : "L", - "SCORE" : "7.800", - "S" : "U", - "UI" : "R", - "I" : "H", - "AC" : "L" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } - ] - } - ] - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175645." - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4262", - "DATE_PUBLIC" : "2020-05-13T00:00:00" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - } - ] - }, - "product_name" : "i2 Analysts Notebook" - } - ] - }, - "vendor_name" : "IBM" + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "C": "H", + "PR": "N", + "A": "H", + "AV": "L", + "SCORE": "7.800", + "S": "U", + "UI": "R", + "I": "H", + "AC": "L" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" } - ] - } - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6209081", - "name" : "https://www.ibm.com/support/pages/node/6209081", - "title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175645", - "name" : "ibm-i2-cve20204262-bo (175645)" - } - ] - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175645." + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4262", + "DATE_PUBLIC": "2020-05-13T00:00:00" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "9.2.1" + } + ] + }, + "product_name": "i2 Analysts Notebook" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6209081", + "name": "https://www.ibm.com/support/pages/node/6209081", + "title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175645", + "name": "ibm-i2-cve20204262-bo (175645)" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4263.json b/2020/4xxx/CVE-2020-4263.json index e12047fae3d..c01a6e091fc 100644 --- a/2020/4xxx/CVE-2020-4263.json +++ b/2020/4xxx/CVE-2020-4263.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "I" : "H", - "AV" : "L", - "SCORE" : "7.800", - "S" : "U", - "UI" : "R", - "C" : "H", - "PR" : "N", - "A" : "H" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - } - ] - }, - "product_name" : "i2 Analysts Notebook" - } - ] - } + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] } - ] - } - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-05-13T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4263" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175646.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)", - "url" : "https://www.ibm.com/support/pages/node/6209081", - "name" : "https://www.ibm.com/support/pages/node/6209081" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-i2-cve20204263-bo (175646)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175646" - } - ] - } -} + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AC": "L", + "I": "H", + "AV": "L", + "SCORE": "7.800", + "S": "U", + "UI": "R", + "C": "H", + "PR": "N", + "A": "H" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "9.2.1" + } + ] + }, + "product_name": "i2 Analysts Notebook" + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-05-13T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4263" + }, + "description": { + "description_data": [ + { + "value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175646.", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)", + "url": "https://www.ibm.com/support/pages/node/6209081", + "name": "https://www.ibm.com/support/pages/node/6209081" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-i2-cve20204263-bo (175646)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175646" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4264.json b/2020/4xxx/CVE-2020-4264.json index 0f79fd11ad5..47d36ee6aef 100644 --- a/2020/4xxx/CVE-2020-4264.json +++ b/2020/4xxx/CVE-2020-4264.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "AC" : "L", - "I" : "H", - "S" : "U", - "UI" : "R", - "AV" : "L", - "SCORE" : "7.800", - "A" : "H", - "PR" : "N", - "C" : "H" - } - } - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - } - ] - }, - "product_name" : "i2 Analysts Notebook" - } - ] - } + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] } - ] - } - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-05-13T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4264" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175647.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6209081", - "url" : "https://www.ibm.com/support/pages/node/6209081", - "title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)", - "refsource" : "CONFIRM" - }, - { - "name" : "ibm-i2-cve20204264-bo (175647)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175647", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - } -} + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "AC": "L", + "I": "H", + "S": "U", + "UI": "R", + "AV": "L", + "SCORE": "7.800", + "A": "H", + "PR": "N", + "C": "H" + } + } + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "9.2.1" + } + ] + }, + "product_name": "i2 Analysts Notebook" + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-05-13T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4264" + }, + "description": { + "description_data": [ + { + "value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175647.", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6209081", + "url": "https://www.ibm.com/support/pages/node/6209081", + "title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)", + "refsource": "CONFIRM" + }, + { + "name": "ibm-i2-cve20204264-bo (175647)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175647", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4265.json b/2020/4xxx/CVE-2020-4265.json index ce71fe6c68e..0833a3fa1b8 100644 --- a/2020/4xxx/CVE-2020-4265.json +++ b/2020/4xxx/CVE-2020-4265.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6209081", - "url" : "https://www.ibm.com/support/pages/node/6209081", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175648", - "name" : "ibm-i2-cve20204265-bo (175648)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "H", - "AC" : "L", - "PR" : "N", - "C" : "H", - "A" : "H", - "AV" : "L", - "SCORE" : "7.800", - "S" : "U", - "UI" : "R" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } - ] - } - ] - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - } - ] - }, - "product_name" : "i2 Analysts Notebook" - } - ] - }, - "vendor_name" : "IBM" + "name": "https://www.ibm.com/support/pages/node/6209081", + "url": "https://www.ibm.com/support/pages/node/6209081", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175648", + "name": "ibm-i2-cve20204265-bo (175648)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175648.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2020-4265", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-05-13T00:00:00" - } -} + ] + }, + "impact": { + "cvssv3": { + "BM": { + "I": "H", + "AC": "L", + "PR": "N", + "C": "H", + "A": "H", + "AV": "L", + "SCORE": "7.800", + "S": "U", + "UI": "R" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "9.2.1" + } + ] + }, + "product_name": "i2 Analysts Notebook" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "description": { + "description_data": [ + { + "value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175648.", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-4265", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-05-13T00:00:00" + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4266.json b/2020/4xxx/CVE-2020-4266.json index ca9ebe2228b..02d7e9975da 100644 --- a/2020/4xxx/CVE-2020-4266.json +++ b/2020/4xxx/CVE-2020-4266.json @@ -1,90 +1,90 @@ { - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "H", - "AC" : "L", - "A" : "H", - "C" : "H", - "PR" : "N", - "UI" : "R", - "S" : "U", - "SCORE" : "7.800", - "AV" : "L" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-05-13T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4266" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175649.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - } - ] - }, - "product_name" : "i2 Analysts Notebook" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] } - ] - } - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6209081", - "name" : "https://www.ibm.com/support/pages/node/6209081" - }, - { - "name" : "ibm-i2-cve20204266-bo (175649)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175649", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - } -} + ] + }, + "impact": { + "cvssv3": { + "BM": { + "I": "H", + "AC": "L", + "A": "H", + "C": "H", + "PR": "N", + "UI": "R", + "S": "U", + "SCORE": "7.800", + "AV": "L" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-05-13T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4266" + }, + "description": { + "description_data": [ + { + "value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175649.", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "9.2.1" + } + ] + }, + "product_name": "i2 Analysts Notebook" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6209081", + "name": "https://www.ibm.com/support/pages/node/6209081" + }, + { + "name": "ibm-i2-cve20204266-bo (175649)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175649", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4285.json b/2020/4xxx/CVE-2020-4285.json index ec3885cf226..3db60ea39e6 100644 --- a/2020/4xxx/CVE-2020-4285.json +++ b/2020/4xxx/CVE-2020-4285.json @@ -1,90 +1,90 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - } - ] - }, - "product_name" : "i2 Analysts Notebook" - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176266" - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4285", - "DATE_PUBLIC" : "2020-05-13T00:00:00" - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "I" : "H", - "AC" : "L", - "A" : "H", - "PR" : "N", - "C" : "H", - "S" : "U", - "UI" : "R", - "AV" : "L", - "SCORE" : "7.800" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "9.2.1" + } + ] + }, + "product_name": "i2 Analysts Notebook" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6209081", - "name" : "https://www.ibm.com/support/pages/node/6209081", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176266", - "name" : "ibm-i2-cve20204285-code-exec (176266)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_format" : "MITRE" -} + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176266" + } + ] + }, + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4285", + "DATE_PUBLIC": "2020-05-13T00:00:00" + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "I": "H", + "AC": "L", + "A": "H", + "PR": "N", + "C": "H", + "S": "U", + "UI": "R", + "AV": "L", + "SCORE": "7.800" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6209081", + "name": "https://www.ibm.com/support/pages/node/6209081", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176266", + "name": "ibm-i2-cve20204285-code-exec (176266)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4287.json b/2020/4xxx/CVE-2020-4287.json index 8e3ec05aad2..cf1ee943b3b 100644 --- a/2020/4xxx/CVE-2020-4287.json +++ b/2020/4xxx/CVE-2020-4287.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "I" : "H", - "AC" : "L", - "A" : "H", - "PR" : "N", - "C" : "H", - "UI" : "R", - "S" : "U", - "SCORE" : "7.800", - "AV" : "L" - } - } - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "i2 Analysts Notebook", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] } - ] - } - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176269." - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-05-13T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4287" - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6209081", - "name" : "https://www.ibm.com/support/pages/node/6209081", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)" - }, - { - "name" : "ibm-i2-cve20204287-code-exec (176269)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176269", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - } -} + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "I": "H", + "AC": "L", + "A": "H", + "PR": "N", + "C": "H", + "UI": "R", + "S": "U", + "SCORE": "7.800", + "AV": "L" + } + } + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "i2 Analysts Notebook", + "version": { + "version_data": [ + { + "version_value": "9.2.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176269." + } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-05-13T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4287" + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6209081", + "name": "https://www.ibm.com/support/pages/node/6209081", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)" + }, + { + "name": "ibm-i2-cve20204287-code-exec (176269)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176269", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4288.json b/2020/4xxx/CVE-2020-4288.json index 6d7d90778a9..a9bd7801e85 100644 --- a/2020/4xxx/CVE-2020-4288.json +++ b/2020/4xxx/CVE-2020-4288.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)", - "url" : "https://www.ibm.com/support/pages/node/6209081", - "name" : "https://www.ibm.com/support/pages/node/6209081" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-i2-cve20204288-code-exec (176270)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176270" - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "UI" : "R", - "S" : "U", - "SCORE" : "7.800", - "AV" : "L", - "A" : "H", - "PR" : "N", - "C" : "H", - "AC" : "L", - "I" : "H" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } - ] - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-05-13T00:00:00", - "ID" : "CVE-2020-4288", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176270." - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - } - ] - }, - "product_name" : "i2 Analysts Notebook" - } - ] - } + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)", + "url": "https://www.ibm.com/support/pages/node/6209081", + "name": "https://www.ibm.com/support/pages/node/6209081" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-i2-cve20204288-code-exec (176270)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176270" } - ] - } - } -} + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "UI": "R", + "S": "U", + "SCORE": "7.800", + "AV": "L", + "A": "H", + "PR": "N", + "C": "H", + "AC": "L", + "I": "H" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-05-13T00:00:00", + "ID": "CVE-2020-4288", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176270." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "9.2.1" + } + ] + }, + "product_name": "i2 Analysts Notebook" + } + ] + } + } + ] + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4299.json b/2020/4xxx/CVE-2020-4299.json index ccdcd14b9d9..02c752948e6 100644 --- a/2020/4xxx/CVE-2020-4299.json +++ b/2020/4xxx/CVE-2020-4299.json @@ -1,93 +1,93 @@ { - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6208041 (Sterling B2B Integrator)", - "url" : "https://www.ibm.com/support/pages/node/6208041", - "name" : "https://www.ibm.com/support/pages/node/6208041" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176606", - "name" : "ibm-sterling-cve20204299-info-disc (176606)" - } - ] - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "UI" : "N", - "AV" : "N", - "SCORE" : "4.300", - "A" : "N", - "PR" : "L", - "C" : "L", - "AC" : "L", - "I" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4299", - "DATE_PUBLIC" : "2020-05-13T00:00:00" - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "5.2.0.0" - }, - { - "version_value" : "6.0.3.1" - } - ] - }, - "product_name" : "Sterling B2B Integrator" - } - ] - }, - "vendor_name" : "IBM" + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6208041 (Sterling B2B Integrator)", + "url": "https://www.ibm.com/support/pages/node/6208041", + "name": "https://www.ibm.com/support/pages/node/6208041" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176606", + "name": "ibm-sterling-cve20204299-info-disc (176606)" } - ] - } - } -} + ] + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "UI": "N", + "AV": "N", + "SCORE": "4.300", + "A": "N", + "PR": "L", + "C": "L", + "AC": "L", + "I": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4299", + "DATE_PUBLIC": "2020-05-13T00:00:00" + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606.", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "5.2.0.0" + }, + { + "version_value": "6.0.3.1" + } + ] + }, + "product_name": "Sterling B2B Integrator" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4343.json b/2020/4xxx/CVE-2020-4343.json index 4fb0181588f..c81a07bdd10 100644 --- a/2020/4xxx/CVE-2020-4343.json +++ b/2020/4xxx/CVE-2020-4343.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6209081", - "url" : "https://www.ibm.com/support/pages/node/6209081" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-i2-cve20204343-code-exec (178244)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/178244" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "C" : "H", - "PR" : "N", - "A" : "H", - "AV" : "L", - "SCORE" : "7.800", - "S" : "U", - "UI" : "R", - "I" : "H", - "AC" : "L" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - } - ] - }, - "product_name" : "i2 Analysts Notebook" - } - ] - }, - "vendor_name" : "IBM" + "title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6209081", + "url": "https://www.ibm.com/support/pages/node/6209081" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-i2-cve20204343-code-exec (178244)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178244" } - ] - } - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-05-13T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4343" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 178244.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0" -} + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "C": "H", + "PR": "N", + "A": "H", + "AV": "L", + "SCORE": "7.800", + "S": "U", + "UI": "R", + "I": "H", + "AC": "L" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "9.2.1" + } + ] + }, + "product_name": "i2 Analysts Notebook" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-05-13T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4343" + }, + "description": { + "description_data": [ + { + "value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 178244.", + "lang": "eng" + } + ] + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4365.json b/2020/4xxx/CVE-2020-4365.json index 25d7e5dd2c0..dc3e97df56e 100644 --- a/2020/4xxx/CVE-2020-4365.json +++ b/2020/4xxx/CVE-2020-4365.json @@ -1,90 +1,90 @@ { - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6209099", - "url" : "https://www.ibm.com/support/pages/node/6209099", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6209099 (WebSphere Application Server)" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/178964", - "name" : "ibm-websphere-cve20204365-ssrf (178964)" - } - ] - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Application Server", - "version" : { - "version_data" : [ - { - "version_value" : "8.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "name": "https://www.ibm.com/support/pages/node/6209099", + "url": "https://www.ibm.com/support/pages/node/6209099", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6209099 (WebSphere Application Server)" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178964", + "name": "ibm-websphere-cve20204365-ssrf (178964)" } - ] - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2020-4365", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-05-13T00:00:00" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "UI" : "N", - "S" : "U", - "SCORE" : "5.300", - "AV" : "N", - "A" : "N", - "PR" : "N", - "C" : "L", - "AC" : "L", - "I" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } + ] + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Application Server", + "version": { + "version_data": [ + { + "version_value": "8.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_type" : "CVE" -} + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-4365", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-05-13T00:00:00" + }, + "description": { + "description_data": [ + { + "value": "IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "UI": "N", + "S": "U", + "SCORE": "5.300", + "AV": "N", + "A": "N", + "PR": "N", + "C": "L", + "AC": "L", + "I": "N" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4422.json b/2020/4xxx/CVE-2020-4422.json index 2eb97b5869b..474bf8d93fe 100644 --- a/2020/4xxx/CVE-2020-4422.json +++ b/2020/4xxx/CVE-2020-4422.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)", - "name" : "https://www.ibm.com/support/pages/node/6209081", - "url" : "https://www.ibm.com/support/pages/node/6209081" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-i2-cve20204422-code-exec (180167)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/180167" - } - ] - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "H", - "AC" : "L", - "A" : "H", - "C" : "H", - "PR" : "N", - "UI" : "R", - "S" : "U", - "SCORE" : "7.800", - "AV" : "L" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-05-13T00:00:00", - "ID" : "CVE-2020-4422", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 180167.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - } - ] - }, - "product_name" : "i2 Analysts Notebook" - } - ] - }, - "vendor_name" : "IBM" + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)", + "name": "https://www.ibm.com/support/pages/node/6209081", + "url": "https://www.ibm.com/support/pages/node/6209081" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-i2-cve20204422-code-exec (180167)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180167" } - ] - } - } -} + ] + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "I": "H", + "AC": "L", + "A": "H", + "C": "H", + "PR": "N", + "UI": "R", + "S": "U", + "SCORE": "7.800", + "AV": "L" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-05-13T00:00:00", + "ID": "CVE-2020-4422", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "description": { + "description_data": [ + { + "value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 180167.", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "9.2.1" + } + ] + }, + "product_name": "i2 Analysts Notebook" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4467.json b/2020/4xxx/CVE-2020-4467.json index ad4b0a9e564..eae1373ec1f 100644 --- a/2020/4xxx/CVE-2020-4467.json +++ b/2020/4xxx/CVE-2020-4467.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "SCORE" : "7.800", - "AV" : "L", - "UI" : "R", - "S" : "U", - "PR" : "N", - "C" : "H", - "A" : "H", - "AC" : "L", - "I" : "H" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "i2 Analysts Notebook", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - } - ] - } - } - ] - } + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] } - ] - } - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181721." - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-05-13T00:00:00", - "ID" : "CVE-2020-4467", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6209081", - "name" : "https://www.ibm.com/support/pages/node/6209081", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-i2-cve20204467-code-exec (181721)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181721" - } - ] - } -} + ] + }, + "impact": { + "cvssv3": { + "BM": { + "SCORE": "7.800", + "AV": "L", + "UI": "R", + "S": "U", + "PR": "N", + "C": "H", + "A": "H", + "AC": "L", + "I": "H" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "i2 Analysts Notebook", + "version": { + "version_data": [ + { + "version_value": "9.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181721." + } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-05-13T00:00:00", + "ID": "CVE-2020-4467", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6209081", + "name": "https://www.ibm.com/support/pages/node/6209081", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-i2-cve20204467-code-exec (181721)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181721" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4468.json b/2020/4xxx/CVE-2020-4468.json index 4f815eefe5f..1873b86a978 100644 --- a/2020/4xxx/CVE-2020-4468.json +++ b/2020/4xxx/CVE-2020-4468.json @@ -1,90 +1,90 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181723." - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-05-13T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4468" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - } - ] - }, - "product_name" : "i2 Analysts Notebook" - } - ] - } + "lang": "eng", + "value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181723." } - ] - } - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "I" : "H", - "AC" : "L", - "A" : "H", - "C" : "H", - "PR" : "N", - "UI" : "R", - "S" : "U", - "SCORE" : "7.800", - "AV" : "L" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } + ] + }, + "data_version": "4.0", + "CVE_data_meta": { + "DATE_PUBLIC": "2020-05-13T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4468" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "9.2.1" + } + ] + }, + "product_name": "i2 Analysts Notebook" + } + ] + } + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6209081", - "url" : "https://www.ibm.com/support/pages/node/6209081", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181723", - "name" : "ibm-i2-cve20204468-code-exec (181723)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_format" : "MITRE" -} + } + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "I": "H", + "AC": "L", + "A": "H", + "C": "H", + "PR": "N", + "UI": "R", + "S": "U", + "SCORE": "7.800", + "AV": "L" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6209081", + "url": "https://www.ibm.com/support/pages/node/6209081", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181723", + "name": "ibm-i2-cve20204468-code-exec (181723)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_format": "MITRE" +} \ No newline at end of file