admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-05-14 16:01:27 +00:00
parent 4145c2fe7d
commit 13a2ad6a0c
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
43 changed files with 1926 additions and 1611 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/2xxx/CVE-2019-2388.json
View File

@ -85,8 +85,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://docs.opsmanager.mongodb.com/current/release-notes/application/#onprem-server-4-0"
"refsource": "MISC",
"url": "https://docs.opsmanager.mongodb.com/current/release-notes/application/#onprem-server-4-0",
"name": "https://docs.opsmanager.mongodb.com/current/release-notes/application/#onprem-server-4-0"
}
]
},

50
2020/10xxx/CVE-2020-10626.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10626",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Fazecast jSerialComm, Version 2.2.2 and prior",
"version": {
"version_data": [
{
"version_value": "Fazecast jSerialComm, Version 2.2.2 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/ICSA2012601",
"url": "https://www.us-cert.gov/ics/advisories/ICSA2012601"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code."
}
]
}

18
2020/12xxx/CVE-2020-12856.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12856",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/12xxx/CVE-2020-12857.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12857",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/12xxx/CVE-2020-12858.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12858",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/12xxx/CVE-2020-12859.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12859",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/12xxx/CVE-2020-12860.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12860",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/12xxx/CVE-2020-12861.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12861",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/12xxx/CVE-2020-12862.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12862",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/12xxx/CVE-2020-12863.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12863",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/12xxx/CVE-2020-12864.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12864",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/12xxx/CVE-2020-12865.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12865",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/12xxx/CVE-2020-12866.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12866",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/12xxx/CVE-2020-12867.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12867",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

50
2020/1xxx/CVE-2020-1945.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1945",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache Ant",
"version": {
"version_data": [
{
"version_value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insecure temporary file vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E",
"url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process."
}
]
}

7
2020/1xxx/CVE-2020-1998.json
View File

@ -84,7 +84,7 @@
"description_data": [
{
"lang": "eng",
"value": "An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user.\nThis issue affects:\n\nPAN-OS 7.1 versions earlier than 7.1.26;\n\nPAN-OS 8.1 versions earlier than 8.1.13;\n\nPAN-OS 9.0 versions earlier than 9.0.6;\n\nPAN-OS 9.1 versions earlier than 9.1.1;\n\nAll versions of PAN-OS 8.0."
"value": "An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0."
}
]
},
@ -122,8 +122,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-1998"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1998",
"name": "https://security.paloaltonetworks.com/CVE-2020-1998"
}
]
},

7
2020/2xxx/CVE-2020-2001.json
View File

@ -69,7 +69,7 @@
"description_data": [
{
"lang": "eng",
"value": "An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges.\nThis issue affects:\n\nAll PAN-OS 7.1 Panorama and 8.0 Panorama versions;\n\nPAN-OS 8.1 versions earlier than 8.1.12 on Panorama;\n\nPAN-OS 9.0 versions earlier than 9.0.6 on Panorama."
"value": "An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. This issue affects: All PAN-OS 7.1 Panorama and 8.0 Panorama versions; PAN-OS 8.1 versions earlier than 8.1.12 on Panorama; PAN-OS 9.0 versions earlier than 9.0.6 on Panorama."
}
]
},
@ -107,8 +107,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2001"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2001",
"name": "https://security.paloaltonetworks.com/CVE-2020-2001"
}
]
},

7
2020/2xxx/CVE-2020-2002.json
View File

@ -74,7 +74,7 @@
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. \nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.6;\nAll version of PAN-OS 8.0.\n"
"value": "An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All version of PAN-OS 8.0."
}
]
},
@ -112,8 +112,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2002"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2002",
"name": "https://security.paloaltonetworks.com/CVE-2020-2002"
}
]
},

7
2020/2xxx/CVE-2020-2003.json
View File

@ -79,7 +79,7 @@
"description_data": [
{
"lang": "eng",
"value": "An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services.\n\nThis issue affects:\nAll versions of PAN-OS 7.1 and 8.0;\nPAN-OS 8.1 versions before 8.1.14;\nPAN-OS 9.0 versions before 9.0.7;\nPAN-OS 9.1 versions before 9.1.1."
"value": "An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions before 8.1.14; PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.1."
}
]
},
@ -117,8 +117,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2003"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2003",
"name": "https://security.paloaltonetworks.com/CVE-2020-2003"
}
]
},

7
2020/2xxx/CVE-2020-2005.json
View File

@ -80,7 +80,7 @@
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session.\nThis issue affects:\n\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.7;\nAll versions of PAN-OS 8.0."
"value": "A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; All versions of PAN-OS 8.0."
}
]
},
@ -118,8 +118,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2005"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2005",
"name": "https://security.paloaltonetworks.com/CVE-2020-2005"
}
]
},

9
2020/2xxx/CVE-2020-2013.json
View File

@ -84,7 +84,7 @@
"description_data": [
{
"lang": "eng",
"value": "A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama.\nThis issue affects:\n\nPAN-OS 7.1 versions earlier than 7.1.26;\n\nPAN-OS 8.1 versions earlier than 8.1.13;\n\nPAN-OS 9.0 versions earlier than 9.0.6;\n\nPAN-OS 9.1 versions earlier than 9.1.1;\n\nAll version of PAN-OS 8.0;"
"value": "A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All version of PAN-OS 8.0;"
}
]
},
@ -122,8 +122,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2013"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2013",
"name": "https://security.paloaltonetworks.com/CVE-2020-2013"
}
]
},
@ -149,7 +150,7 @@
"work_around": [
{
"lang": "eng",
"value": "One possible vulnerability mitigation is to shorten the length of administrator session idle timeout. This reduces the likelihood the exposed administrators session cookie is valid at time of attack."
"value": "One possible vulnerability mitigation is to shorten the length of administrator session idle timeout. This reduces the likelihood the exposed administrator\u2019s session cookie is valid at time of attack."
},
{
"lang": "eng",

7
2020/2xxx/CVE-2020-2015.json
View File

@ -89,7 +89,7 @@
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges.\n\nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.7;\nPAN-OS 9.1 versions earlier than 9.1.1;\nAll versions of PAN-OS 8.0.\n\n"
"value": "A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0."
}
]
},
@ -127,8 +127,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2015"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2015",
"name": "https://security.paloaltonetworks.com/CVE-2020-2015"
}
]
},

7
2020/2xxx/CVE-2020-2016.json
View File

@ -88,7 +88,7 @@
"description_data": [
{
"lang": "eng",
"value": "A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account.\n\nThis allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user.\nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.6;\nAll versions of PAN-OS 8.0."
"value": "A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0."
}
]
},
@ -132,8 +132,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2016"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2016",
"name": "https://security.paloaltonetworks.com/CVE-2020-2016"
}
]
},

7
2020/2xxx/CVE-2020-2017.json
View File

@ -84,7 +84,7 @@
"description_data": [
{
"lang": "eng",
"value": "A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces.\nA remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions.\n\nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.6;\nAll versions of PAN-OS 8.0."
"value": "A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0."
}
]
},
@ -122,8 +122,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2017"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2017",
"name": "https://security.paloaltonetworks.com/CVE-2020-2017"
}
]
},

7
2020/2xxx/CVE-2020-2018.json
View File

@ -74,7 +74,7 @@
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this issue. \nThis issue does not affect Panorama configured with custom certificates authentication for communication between Panorama and managed devices.\nThis issue affects:\n\nPAN-OS 7.1 versions earlier than 7.1.26;\n\nPAN-OS 8.1 versions earlier than 8.1.12;\n\nPAN-OS 9.0 versions earlier than 9.0.6;\n\nAll versions of PAN-OS 8.0."
"value": "An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue does not affect Panorama configured with custom certificates authentication for communication between Panorama and managed devices. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.12; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0."
}
]
},
@ -112,8 +112,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2018"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2018",
"name": "https://security.paloaltonetworks.com/CVE-2020-2018"
}
]
},

106
2020/4xxx/CVE-2020-4257.json
View File

@ -1,89 +1,89 @@
{
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6209081",
"url" : "https://www.ibm.com/support/pages/node/6209081"
"title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6209081",
"url": "https://www.ibm.com/support/pages/node/6209081"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175635",
"name" : "ibm-i2-cve20204257-bo (175635)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175635",
"name": "ibm-i2-cve20204257-bo (175635)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4257",
"DATE_PUBLIC" : "2020-05-13T00:00:00"
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2020-4257",
"DATE_PUBLIC": "2020-05-13T00:00:00"
},
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175635."
"lang": "eng",
"value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175635."
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "i2 Analysts Notebook",
"version" : {
"version_data" : [
"product_name": "i2 Analysts Notebook",
"version": {
"version_data": [
{
"version_value" : "9.2.1"
"version_value": "9.2.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"value" : "Gain Privileges",
"lang" : "eng"
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "7.800",
"AV" : "L",
"UI" : "R",
"S" : "U",
"C" : "H",
"PR" : "N",
"A" : "H",
"AC" : "L",
"I" : "H"
"impact": {
"cvssv3": {
"BM": {
"SCORE": "7.800",
"AV": "L",
"UI": "R",
"S": "U",
"C": "H",
"PR": "N",
"A": "H",
"AC": "L",
"I": "H"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
}

106
2020/4xxx/CVE-2020-4258.json
View File

@ -1,53 +1,53 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM" : {
"I" : "H",
"AC" : "L",
"C" : "H",
"PR" : "N",
"A" : "H",
"SCORE" : "7.800",
"AV" : "L",
"UI" : "R",
"S" : "U"
"BM": {
"I": "H",
"AC": "L",
"C": "H",
"PR": "N",
"A": "H",
"SCORE": "7.800",
"AV": "L",
"UI": "R",
"S": "U"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"value" : "Gain Privileges",
"lang" : "eng"
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "9.2.1"
"version_value": "9.2.1"
}
]
},
"product_name" : "i2 Analysts Notebook"
"product_name": "i2 Analysts Notebook"
}
]
}
@ -55,35 +55,35 @@
]
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_version": "4.0",
"description": {
"description_data": [
{
"value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175637.",
"lang" : "eng"
"value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175637.",
"lang": "eng"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4258",
"DATE_PUBLIC" : "2020-05-13T00:00:00"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2020-4258",
"DATE_PUBLIC": "2020-05-13T00:00:00"
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6209081",
"url" : "https://www.ibm.com/support/pages/node/6209081"
"title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6209081",
"url": "https://www.ibm.com/support/pages/node/6209081"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175637",
"name" : "ibm-i2-cve20204258-bo (175637)"
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175637",
"name": "ibm-i2-cve20204258-bo (175637)"
}
]
}

108
2020/4xxx/CVE-2020-4259.json
View File

@ -1,73 +1,73 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6208038 (Sterling File Gateway)",
"url" : "https://www.ibm.com/support/pages/node/6208038",
"name" : "https://www.ibm.com/support/pages/node/6208038"
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6208038 (Sterling File Gateway)",
"url": "https://www.ibm.com/support/pages/node/6208038",
"name": "https://www.ibm.com/support/pages/node/6208038"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175638",
"name" : "ibm-sterling-cve20204259-sec-bypass (175638)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175638",
"name": "ibm-sterling-cve20204259-sec-bypass (175638)",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Bypass Security"
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "6.500",
"AV" : "N",
"UI" : "N",
"S" : "U",
"C" : "N",
"PR" : "L",
"A" : "N",
"AC" : "L",
"I" : "H"
"impact": {
"cvssv3": {
"BM": {
"SCORE": "6.500",
"AV": "N",
"UI": "N",
"S": "U",
"C": "N",
"PR": "L",
"A": "N",
"AC": "L",
"I": "H"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "2.2.0.0"
"version_value": "2.2.0.0"
},
{
"version_value" : "6.0.3.1"
"version_value": "6.0.3.1"
}
]
},
"product_name" : "Sterling File Gateway"
"product_name": "Sterling File Gateway"
}
]
}
@ -75,19 +75,19 @@
]
}
},
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"value" : "IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638.",
"lang" : "eng"
"value": "IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638.",
"lang": "eng"
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2020-4259",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-05-13T00:00:00"
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4259",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-05-13T00:00:00"
}
}

106
2020/4xxx/CVE-2020-4261.json
View File

@ -1,85 +1,85 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"name" : "https://www.ibm.com/support/pages/node/6209081",
"url" : "https://www.ibm.com/support/pages/node/6209081",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)"
"name": "https://www.ibm.com/support/pages/node/6209081",
"url": "https://www.ibm.com/support/pages/node/6209081",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-i2-cve20204261-bo (175644)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175644"
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-i2-cve20204261-bo (175644)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175644"
}
]
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Gain Privileges"
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "H",
"AC" : "L",
"PR" : "N",
"C" : "H",
"A" : "H",
"SCORE" : "7.800",
"AV" : "L",
"UI" : "R",
"S" : "U"
"impact": {
"cvssv3": {
"BM": {
"I": "H",
"AC": "L",
"PR": "N",
"C": "H",
"A": "H",
"SCORE": "7.800",
"AV": "L",
"UI": "R",
"S": "U"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175644.",
"lang" : "eng"
"value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175644.",
"lang": "eng"
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2020-4261",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-05-13T00:00:00"
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4261",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-05-13T00:00:00"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "9.2.1"
"version_value": "9.2.1"
}
]
},
"product_name" : "i2 Analysts Notebook"
"product_name": "i2 Analysts Notebook"
}
]
}

106
2020/4xxx/CVE-2020-4262.json
View File

@ -1,89 +1,89 @@
{
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "H",
"PR" : "N",
"A" : "H",
"AV" : "L",
"SCORE" : "7.800",
"S" : "U",
"UI" : "R",
"I" : "H",
"AC" : "L"
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"C": "H",
"PR": "N",
"A": "H",
"AV": "L",
"SCORE": "7.800",
"S": "U",
"UI": "R",
"I": "H",
"AC": "L"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Gain Privileges"
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175645."
"lang": "eng",
"value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175645."
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4262",
"DATE_PUBLIC" : "2020-05-13T00:00:00"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2020-4262",
"DATE_PUBLIC": "2020-05-13T00:00:00"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "9.2.1"
"version_value": "9.2.1"
}
]
},
"product_name" : "i2 Analysts Notebook"
"product_name": "i2 Analysts Notebook"
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url" : "https://www.ibm.com/support/pages/node/6209081",
"name" : "https://www.ibm.com/support/pages/node/6209081",
"title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)",
"refsource" : "CONFIRM"
"url": "https://www.ibm.com/support/pages/node/6209081",
"name": "https://www.ibm.com/support/pages/node/6209081",
"title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)",
"refsource": "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175645",
"name" : "ibm-i2-cve20204262-bo (175645)"
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175645",
"name": "ibm-i2-cve20204262-bo (175645)"
}
]
}

106
2020/4xxx/CVE-2020-4263.json
View File

@ -1,53 +1,53 @@
{
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"value" : "Gain Privileges",
"lang" : "eng"
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"I" : "H",
"AV" : "L",
"SCORE" : "7.800",
"S" : "U",
"UI" : "R",
"C" : "H",
"PR" : "N",
"A" : "H"
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"I": "H",
"AV": "L",
"SCORE": "7.800",
"S": "U",
"UI": "R",
"C": "H",
"PR": "N",
"A": "H"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "9.2.1"
"version_value": "9.2.1"
}
]
},
"product_name" : "i2 Analysts Notebook"
"product_name": "i2 Analysts Notebook"
}
]
}
@ -55,35 +55,35 @@
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-05-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4263"
"CVE_data_meta": {
"DATE_PUBLIC": "2020-05-13T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2020-4263"
},
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175646.",
"lang" : "eng"
"value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175646.",
"lang": "eng"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
"data_version": "4.0",
"data_format": "MITRE",
"references": {
"reference_data": [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)",
"url" : "https://www.ibm.com/support/pages/node/6209081",
"name" : "https://www.ibm.com/support/pages/node/6209081"
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)",
"url": "https://www.ibm.com/support/pages/node/6209081",
"name": "https://www.ibm.com/support/pages/node/6209081"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-i2-cve20204263-bo (175646)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175646"
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-i2-cve20204263-bo (175646)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175646"
}
]
}

106
2020/4xxx/CVE-2020-4264.json
View File

@ -1,53 +1,53 @@
{
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"value" : "Gain Privileges",
"lang" : "eng"
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM" : {
"AC" : "L",
"I" : "H",
"S" : "U",
"UI" : "R",
"AV" : "L",
"SCORE" : "7.800",
"A" : "H",
"PR" : "N",
"C" : "H"
"BM": {
"AC": "L",
"I": "H",
"S": "U",
"UI": "R",
"AV": "L",
"SCORE": "7.800",
"A": "H",
"PR": "N",
"C": "H"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "9.2.1"
"version_value": "9.2.1"
}
]
},
"product_name" : "i2 Analysts Notebook"
"product_name": "i2 Analysts Notebook"
}
]
}
@ -55,35 +55,35 @@
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-05-13T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4264"
"CVE_data_meta": {
"DATE_PUBLIC": "2020-05-13T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4264"
},
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175647.",
"lang" : "eng"
"value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175647.",
"lang": "eng"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
"data_version": "4.0",
"data_format": "MITRE",
"references": {
"reference_data": [
{
"name" : "https://www.ibm.com/support/pages/node/6209081",
"url" : "https://www.ibm.com/support/pages/node/6209081",
"title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)",
"refsource" : "CONFIRM"
"name": "https://www.ibm.com/support/pages/node/6209081",
"url": "https://www.ibm.com/support/pages/node/6209081",
"title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)",
"refsource": "CONFIRM"
},
{
"name" : "ibm-i2-cve20204264-bo (175647)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175647",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
"name": "ibm-i2-cve20204264-bo (175647)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175647",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
}

106
2020/4xxx/CVE-2020-4265.json
View File

@ -1,90 +1,90 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"name" : "https://www.ibm.com/support/pages/node/6209081",
"url" : "https://www.ibm.com/support/pages/node/6209081",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)"
"name": "https://www.ibm.com/support/pages/node/6209081",
"url": "https://www.ibm.com/support/pages/node/6209081",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175648",
"name" : "ibm-i2-cve20204265-bo (175648)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175648",
"name": "ibm-i2-cve20204265-bo (175648)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "H",
"AC" : "L",
"PR" : "N",
"C" : "H",
"A" : "H",
"AV" : "L",
"SCORE" : "7.800",
"S" : "U",
"UI" : "R"
"impact": {
"cvssv3": {
"BM": {
"I": "H",
"AC": "L",
"PR": "N",
"C": "H",
"A": "H",
"AV": "L",
"SCORE": "7.800",
"S": "U",
"UI": "R"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Gain Privileges"
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "9.2.1"
"version_value": "9.2.1"
}
]
},
"product_name" : "i2 Analysts Notebook"
"product_name": "i2 Analysts Notebook"
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175648.",
"lang" : "eng"
"value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175648.",
"lang": "eng"
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2020-4265",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-05-13T00:00:00"
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4265",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-05-13T00:00:00"
}
}

106
2020/4xxx/CVE-2020-4266.json
View File

@ -1,89 +1,89 @@
{
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Gain Privileges"
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "H",
"AC" : "L",
"A" : "H",
"C" : "H",
"PR" : "N",
"UI" : "R",
"S" : "U",
"SCORE" : "7.800",
"AV" : "L"
"impact": {
"cvssv3": {
"BM": {
"I": "H",
"AC": "L",
"A": "H",
"C": "H",
"PR": "N",
"UI": "R",
"S": "U",
"SCORE": "7.800",
"AV": "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-05-13T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4266"
"CVE_data_meta": {
"DATE_PUBLIC": "2020-05-13T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4266"
},
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175649.",
"lang" : "eng"
"value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175649.",
"lang": "eng"
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "9.2.1"
"version_value": "9.2.1"
}
]
},
"product_name" : "i2 Analysts Notebook"
"product_name": "i2 Analysts Notebook"
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6209081",
"name" : "https://www.ibm.com/support/pages/node/6209081"
"title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6209081",
"name": "https://www.ibm.com/support/pages/node/6209081"
},
{
"name" : "ibm-i2-cve20204266-bo (175649)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175649",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
"name": "ibm-i2-cve20204266-bo (175649)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175649",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
}

106
2020/4xxx/CVE-2020-4285.json
View File

@ -1,90 +1,90 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "9.2.1"
"version_value": "9.2.1"
}
]
},
"product_name" : "i2 Analysts Notebook"
"product_name": "i2 Analysts Notebook"
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176266"
"lang": "eng",
"value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176266"
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4285",
"DATE_PUBLIC" : "2020-05-13T00:00:00"
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2020-4285",
"DATE_PUBLIC": "2020-05-13T00:00:00"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM" : {
"I" : "H",
"AC" : "L",
"A" : "H",
"PR" : "N",
"C" : "H",
"S" : "U",
"UI" : "R",
"AV" : "L",
"SCORE" : "7.800"
"BM": {
"I": "H",
"AC": "L",
"A": "H",
"PR": "N",
"C": "H",
"S": "U",
"UI": "R",
"AV": "L",
"SCORE": "7.800"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Gain Access"
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
"data_type": "CVE",
"references": {
"reference_data": [
{
"url" : "https://www.ibm.com/support/pages/node/6209081",
"name" : "https://www.ibm.com/support/pages/node/6209081",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)"
"url": "https://www.ibm.com/support/pages/node/6209081",
"name": "https://www.ibm.com/support/pages/node/6209081",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176266",
"name" : "ibm-i2-cve20204285-code-exec (176266)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176266",
"name": "ibm-i2-cve20204285-code-exec (176266)",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE"
"data_format": "MITRE"
}

106
2020/4xxx/CVE-2020-4287.json
View File

@ -1,89 +1,89 @@
{
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"value" : "Gain Access",
"lang" : "eng"
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM" : {
"I" : "H",
"AC" : "L",
"A" : "H",
"PR" : "N",
"C" : "H",
"UI" : "R",
"S" : "U",
"SCORE" : "7.800",
"AV" : "L"
"BM": {
"I": "H",
"AC": "L",
"A": "H",
"PR": "N",
"C": "H",
"UI": "R",
"S": "U",
"SCORE": "7.800",
"AV": "L"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "i2 Analysts Notebook",
"version" : {
"version_data" : [
"product_name": "i2 Analysts Notebook",
"version": {
"version_data": [
{
"version_value" : "9.2.1"
"version_value": "9.2.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176269."
"lang": "eng",
"value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176269."
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-05-13T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4287"
"CVE_data_meta": {
"DATE_PUBLIC": "2020-05-13T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4287"
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url" : "https://www.ibm.com/support/pages/node/6209081",
"name" : "https://www.ibm.com/support/pages/node/6209081",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)"
"url": "https://www.ibm.com/support/pages/node/6209081",
"name": "https://www.ibm.com/support/pages/node/6209081",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)"
},
{
"name" : "ibm-i2-cve20204287-code-exec (176269)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176269",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
"name": "ibm-i2-cve20204287-code-exec (176269)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176269",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
}

106
2020/4xxx/CVE-2020-4288.json
View File

@ -1,85 +1,85 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)",
"url" : "https://www.ibm.com/support/pages/node/6209081",
"name" : "https://www.ibm.com/support/pages/node/6209081"
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)",
"url": "https://www.ibm.com/support/pages/node/6209081",
"name": "https://www.ibm.com/support/pages/node/6209081"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-i2-cve20204288-code-exec (176270)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176270"
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-i2-cve20204288-code-exec (176270)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176270"
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM" : {
"UI" : "R",
"S" : "U",
"SCORE" : "7.800",
"AV" : "L",
"A" : "H",
"PR" : "N",
"C" : "H",
"AC" : "L",
"I" : "H"
"BM": {
"UI": "R",
"S": "U",
"SCORE": "7.800",
"AV": "L",
"A": "H",
"PR": "N",
"C": "H",
"AC": "L",
"I": "H"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"value" : "Gain Access",
"lang" : "eng"
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-05-13T00:00:00",
"ID" : "CVE-2020-4288",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
"CVE_data_meta": {
"DATE_PUBLIC": "2020-05-13T00:00:00",
"ID": "CVE-2020-4288",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176270."
"lang": "eng",
"value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176270."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "9.2.1"
"version_value": "9.2.1"
}
]
},
"product_name" : "i2 Analysts Notebook"
"product_name": "i2 Analysts Notebook"
}
]
}

108
2020/4xxx/CVE-2020-4299.json
View File

@ -1,91 +1,91 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6208041 (Sterling B2B Integrator)",
"url" : "https://www.ibm.com/support/pages/node/6208041",
"name" : "https://www.ibm.com/support/pages/node/6208041"
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6208041 (Sterling B2B Integrator)",
"url": "https://www.ibm.com/support/pages/node/6208041",
"name": "https://www.ibm.com/support/pages/node/6208041"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176606",
"name" : "ibm-sterling-cve20204299-info-disc (176606)"
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176606",
"name": "ibm-sterling-cve20204299-info-disc (176606)"
}
]
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Obtain Information"
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"UI" : "N",
"AV" : "N",
"SCORE" : "4.300",
"A" : "N",
"PR" : "L",
"C" : "L",
"AC" : "L",
"I" : "N"
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"UI": "N",
"AV": "N",
"SCORE": "4.300",
"A": "N",
"PR": "L",
"C": "L",
"AC": "L",
"I": "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4299",
"DATE_PUBLIC" : "2020-05-13T00:00:00"
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4299",
"DATE_PUBLIC": "2020-05-13T00:00:00"
},
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_version": "4.0",
"description": {
"description_data": [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606.",
"lang" : "eng"
"value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606.",
"lang": "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "5.2.0.0"
"version_value": "5.2.0.0"
},
{
"version_value" : "6.0.3.1"
"version_value": "6.0.3.1"
}
]
},
"product_name" : "Sterling B2B Integrator"
"product_name": "Sterling B2B Integrator"
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}

106
2020/4xxx/CVE-2020-4343.json
View File

@ -1,90 +1,90 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6209081",
"url" : "https://www.ibm.com/support/pages/node/6209081"
"title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6209081",
"url": "https://www.ibm.com/support/pages/node/6209081"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-i2-cve20204343-code-exec (178244)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/178244"
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-i2-cve20204343-code-exec (178244)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178244"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM" : {
"C" : "H",
"PR" : "N",
"A" : "H",
"AV" : "L",
"SCORE" : "7.800",
"S" : "U",
"UI" : "R",
"I" : "H",
"AC" : "L"
"BM": {
"C": "H",
"PR": "N",
"A": "H",
"AV": "L",
"SCORE": "7.800",
"S": "U",
"UI": "R",
"I": "H",
"AC": "L"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Gain Access"
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "9.2.1"
"version_value": "9.2.1"
}
]
},
"product_name" : "i2 Analysts Notebook"
"product_name": "i2 Analysts Notebook"
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-05-13T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4343"
"CVE_data_meta": {
"DATE_PUBLIC": "2020-05-13T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4343"
},
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 178244.",
"lang" : "eng"
"value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 178244.",
"lang": "eng"
}
]
},
"data_version" : "4.0"
"data_version": "4.0"
}

106
2020/4xxx/CVE-2020-4365.json
View File

@ -1,90 +1,90 @@
{
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.ibm.com/support/pages/node/6209099",
"url" : "https://www.ibm.com/support/pages/node/6209099",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6209099 (WebSphere Application Server)"
"name": "https://www.ibm.com/support/pages/node/6209099",
"url": "https://www.ibm.com/support/pages/node/6209099",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6209099 (WebSphere Application Server)"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/178964",
"name" : "ibm-websphere-cve20204365-ssrf (178964)"
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178964",
"name": "ibm-websphere-cve20204365-ssrf (178964)"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "WebSphere Application Server",
"version" : {
"version_data" : [
"product_name": "WebSphere Application Server",
"version": {
"version_data": [
{
"version_value" : "8.5"
"version_value": "8.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4365",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-05-13T00:00:00"
"CVE_data_meta": {
"ID": "CVE-2020-4365",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-05-13T00:00:00"
},
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"value" : "IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.",
"lang" : "eng"
"value": "IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.",
"lang": "eng"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"S" : "U",
"SCORE" : "5.300",
"AV" : "N",
"A" : "N",
"PR" : "N",
"C" : "L",
"AC" : "L",
"I" : "N"
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"S": "U",
"SCORE": "5.300",
"AV": "N",
"A": "N",
"PR": "N",
"C": "L",
"AC": "L",
"I": "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"value" : "Gain Access",
"lang" : "eng"
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"data_type" : "CVE"
"data_type": "CVE"
}

106
2020/4xxx/CVE-2020-4422.json
View File

@ -1,88 +1,88 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)",
"name" : "https://www.ibm.com/support/pages/node/6209081",
"url" : "https://www.ibm.com/support/pages/node/6209081"
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)",
"name": "https://www.ibm.com/support/pages/node/6209081",
"url": "https://www.ibm.com/support/pages/node/6209081"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-i2-cve20204422-code-exec (180167)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/180167"
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-i2-cve20204422-code-exec (180167)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180167"
}
]
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Gain Privileges"
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "H",
"AC" : "L",
"A" : "H",
"C" : "H",
"PR" : "N",
"UI" : "R",
"S" : "U",
"SCORE" : "7.800",
"AV" : "L"
"impact": {
"cvssv3": {
"BM": {
"I": "H",
"AC": "L",
"A": "H",
"C": "H",
"PR": "N",
"UI": "R",
"S": "U",
"SCORE": "7.800",
"AV": "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-05-13T00:00:00",
"ID" : "CVE-2020-4422",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
"CVE_data_meta": {
"DATE_PUBLIC": "2020-05-13T00:00:00",
"ID": "CVE-2020-4422",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 180167.",
"lang" : "eng"
"value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 180167.",
"lang": "eng"
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "9.2.1"
"version_value": "9.2.1"
}
]
},
"product_name" : "i2 Analysts Notebook"
"product_name": "i2 Analysts Notebook"
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}

106
2020/4xxx/CVE-2020-4467.json
View File

@ -1,50 +1,50 @@
{
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"value" : "Gain Access",
"lang" : "eng"
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "7.800",
"AV" : "L",
"UI" : "R",
"S" : "U",
"PR" : "N",
"C" : "H",
"A" : "H",
"AC" : "L",
"I" : "H"
"impact": {
"cvssv3": {
"BM": {
"SCORE": "7.800",
"AV": "L",
"UI": "R",
"S": "U",
"PR": "N",
"C": "H",
"A": "H",
"AC": "L",
"I": "H"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name" : "i2 Analysts Notebook",
"version" : {
"version_data" : [
"product_name": "i2 Analysts Notebook",
"version": {
"version_data": [
{
"version_value" : "9.2.1"
"version_value": "9.2.1"
}
]
}
@ -55,35 +55,35 @@
]
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181721."
"lang": "eng",
"value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181721."
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-05-13T00:00:00",
"ID" : "CVE-2020-4467",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
"CVE_data_meta": {
"DATE_PUBLIC": "2020-05-13T00:00:00",
"ID": "CVE-2020-4467",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url" : "https://www.ibm.com/support/pages/node/6209081",
"name" : "https://www.ibm.com/support/pages/node/6209081",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)"
"url": "https://www.ibm.com/support/pages/node/6209081",
"name": "https://www.ibm.com/support/pages/node/6209081",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-i2-cve20204467-code-exec (181721)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181721"
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-i2-cve20204467-code-exec (181721)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181721"
}
]
}

106
2020/4xxx/CVE-2020-4468.json
View File

@ -1,35 +1,35 @@
{
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181723."
"lang": "eng",
"value": "IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181723."
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-05-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4468"
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2020-05-13T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2020-4468"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "9.2.1"
"version_value": "9.2.1"
}
]
},
"product_name" : "i2 Analysts Notebook"
"product_name": "i2 Analysts Notebook"
}
]
}
@ -37,54 +37,54 @@
]
}
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM" : {
"I" : "H",
"AC" : "L",
"A" : "H",
"C" : "H",
"PR" : "N",
"UI" : "R",
"S" : "U",
"SCORE" : "7.800",
"AV" : "L"
"BM": {
"I": "H",
"AC": "L",
"A": "H",
"C": "H",
"PR": "N",
"UI": "R",
"S": "U",
"SCORE": "7.800",
"AV": "L"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"value" : "Gain Access",
"lang" : "eng"
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.ibm.com/support/pages/node/6209081",
"url" : "https://www.ibm.com/support/pages/node/6209081",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6209081 (i2 Analysts Notebook)"
"name": "https://www.ibm.com/support/pages/node/6209081",
"url": "https://www.ibm.com/support/pages/node/6209081",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6209081 (i2 Analysts Notebook)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181723",
"name" : "ibm-i2-cve20204468-code-exec (181723)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181723",
"name": "ibm-i2-cve20204468-code-exec (181723)",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE"
"data_format": "MITRE"
}