admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-06-24 15:01:31 +00:00
parent e47d2c5f72
commit 1471fd961a
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
17 changed files with 1056 additions and 583 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2020/13xxx/CVE-2020-13443.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13443",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://expressionengine.com/blog",
"refsource": "MISC",
"name": "https://expressionengine.com/blog"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/mariuszpoplwski/51604d8a6d7d78fffdf590c25e844e09",
"url": "https://gist.github.com/mariuszpoplwski/51604d8a6d7d78fffdf590c25e844e09"
}
]
}

56
2020/13xxx/CVE-2020-13483.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13483",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gist.github.com/mariuszpoplwski/ca6258cf00c723184ebd2228ba81f558",
"url": "https://gist.github.com/mariuszpoplwski/ca6258cf00c723184ebd2228ba81f558"
}
]
}

56
2020/13xxx/CVE-2020-13484.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13484",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name=\"og:image\" content=\"' followed by an intranet URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gist.github.com/mariuszpoplwski/f261a4bc06adde5c78760559db9d63bd",
"url": "https://gist.github.com/mariuszpoplwski/f261a4bc06adde5c78760559db9d63bd"
}
]
}

66
2020/13xxx/CVE-2020-13700.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13700",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/airesvsg/acf-to-rest-api",
"refsource": "MISC",
"name": "https://github.com/airesvsg/acf-to-rest-api"
},
{
"url": "https://wordpress.org/plugins/acf-to-rest-api/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/acf-to-rest-api/#developers"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5",
"url": "https://gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5"
}
]
}

56
2020/14xxx/CVE-2020-14014.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14014",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-14014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Navigate CMS 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.sean-wright.com/navigate-cms/",
"refsource": "MISC",
"name": "https://blog.sean-wright.com/navigate-cms/"
}
]
}

56
2020/14xxx/CVE-2020-14015.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14015",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-14015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no activation code is supplied. The system will allow an unauthorized user to continue setting a password, even though no activation code was supplied, setting the password for the most recently created user in the system (the user with the highest user id)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.sean-wright.com/navigate-cms/",
"refsource": "MISC",
"name": "https://blog.sean-wright.com/navigate-cms/"
}
]
}

56
2020/14xxx/CVE-2020-14016.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14016",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-14016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message when the provided username or email address does not match a user in the system. This can be used to enumerate users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.sean-wright.com/navigate-cms/",
"refsource": "MISC",
"name": "https://blog.sean-wright.com/navigate-cms/"
}
]
}

56
2020/14xxx/CVE-2020-14017.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14017",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-14017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view the contents of this file to discover details about a session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.sean-wright.com/navigate-cms/",
"refsource": "MISC",
"name": "https://blog.sean-wright.com/navigate-cms/"
}
]
}

56
2020/14xxx/CVE-2020-14018.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14018",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-14018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the E-Mail field; however, on the View user page the XSS is triggered via either the User field or the E-Mail field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.sean-wright.com/navigate-cms/",
"refsource": "MISC",
"name": "https://blog.sean-wright.com/navigate-cms/"
}
]
}

56
2020/15xxx/CVE-2020-15015.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15015",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XSS via an SVG document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gist.github.com/chppppp/9b003d8416e6d3a89d2873a58af2a95f",
"url": "https://gist.github.com/chppppp/9b003d8416e6d3a89d2873a58af2a95f"
}
]
}

18
2020/15xxx/CVE-2020-15023.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15023",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

174
2020/4xxx/CVE-2020-4322.json
View File

@ -1,90 +1,90 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "N",
"S" : "U",
"AV" : "N",
"A" : "N",
"AC" : "L",
"PR" : "N",
"SCORE" : "4.300",
"UI" : "R",
"I" : "L"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.7"
}
]
},
"product_name" : "Security Secret Server"
}
]
}
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4322",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-06-22T00:00:00",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6237266 (Security Secret Server)",
"name" : "https://www.ibm.com/support/pages/node/6237266",
"url" : "https://www.ibm.com/support/pages/node/6237266",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/177511",
"name" : "ibm-sss-cve20204322-clickjacking (177511)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 177511.",
"lang" : "eng"
}
]
}
}
]
},
"impact": {
"cvssv3": {
"BM": {
"C": "N",
"S": "U",
"AV": "N",
"A": "N",
"AC": "L",
"PR": "N",
"SCORE": "4.300",
"UI": "R",
"I": "L"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.7"
}
]
},
"product_name": "Security Secret Server"
}
]
}
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2020-4322",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-06-22T00:00:00",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6237266 (Security Secret Server)",
"name": "https://www.ibm.com/support/pages/node/6237266",
"url": "https://www.ibm.com/support/pages/node/6237266",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177511",
"name": "ibm-sss-cve20204322-clickjacking (177511)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 177511.",
"lang": "eng"
}
]
}
}

176
2020/4xxx/CVE-2020-4323.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4323",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-06-22T00:00:00"
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.7"
}
]
},
"product_name" : "Security Secret Server"
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
},
"BM" : {
"PR" : "N",
"SCORE" : "6.100",
"UI" : "R",
"I" : "L",
"A" : "N",
"AC" : "L",
"C" : "L",
"S" : "C",
"AV" : "N"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4323",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-06-22T00:00:00"
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.7"
}
]
},
"product_name": "Security Secret Server"
}
]
}
}
]
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177514.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6237286 (Security Secret Server)",
"name" : "https://www.ibm.com/support/pages/node/6237286",
"url" : "https://www.ibm.com/support/pages/node/6237286",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/177514",
"name" : "ibm-sss-cve20204323-xss (177514)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
}
}
}
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "H",
"RL": "O"
},
"BM": {
"PR": "N",
"SCORE": "6.100",
"UI": "R",
"I": "L",
"A": "N",
"AC": "L",
"C": "L",
"S": "C",
"AV": "N"
}
}
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177514.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6237286 (Security Secret Server)",
"name": "https://www.ibm.com/support/pages/node/6237286",
"url": "https://www.ibm.com/support/pages/node/6237286",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177514",
"name": "ibm-sss-cve20204323-xss (177514)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
}
}

176
2020/4xxx/CVE-2020-4327.json
View File

@ -1,90 +1,90 @@
{
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"A" : "N",
"AV" : "N",
"S" : "U",
"C" : "L",
"I" : "N",
"UI" : "N",
"SCORE" : "2.700",
"PR" : "H"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4327",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-06-22T00:00:00"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Secret Server",
"version" : {
"version_data" : [
{
"version_value" : "10.7"
}
]
}
}
]
}
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"A": "N",
"AV": "N",
"S": "U",
"C": "L",
"I": "N",
"UI": "N",
"SCORE": "2.700",
"PR": "H"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
]
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6237260",
"name" : "https://www.ibm.com/support/pages/node/6237260",
"title" : "IBM Security Bulletin 6237260 (Security Secret Server)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/177599",
"name" : "ibm-sss-cve20204327-info-disc (177599)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599.",
"lang" : "eng"
}
]
},
"data_version" : "4.0"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4327",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-06-22T00:00:00"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Secret Server",
"version": {
"version_data": [
{
"version_value": "10.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6237260",
"name": "https://www.ibm.com/support/pages/node/6237260",
"title": "IBM Security Bulletin 6237260 (Security Secret Server)"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177599",
"name": "ibm-sss-cve20204327-info-disc (177599)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"description": {
"description_data": [
{
"value": "IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599.",
"lang": "eng"
}
]
},
"data_version": "4.0"
}

176
2020/4xxx/CVE-2020-4341.json
View File

@ -1,90 +1,90 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Secret Server",
"version" : {
"version_data" : [
{
"version_value" : "10.7"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4341",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-06-22T00:00:00"
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Secret Server",
"version": {
"version_data": [
{
"version_value": "10.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"A" : "N",
"C" : "L",
"AV" : "N",
"S" : "U",
"SCORE" : "2.700",
"PR" : "H",
"I" : "N",
"UI" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181."
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6237084",
"title" : "IBM Security Bulletin 6237084 (Security Secret Server)",
"url" : "https://www.ibm.com/support/pages/node/6237084",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-sss-cve20204341-info-disc (178181)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/178181",
"refsource" : "XF"
}
]
}
}
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4341",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-06-22T00:00:00"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"A": "N",
"C": "L",
"AV": "N",
"S": "U",
"SCORE": "2.700",
"PR": "H",
"I": "N",
"UI": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181."
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6237084",
"title": "IBM Security Bulletin 6237084 (Security Secret Server)",
"url": "https://www.ibm.com/support/pages/node/6237084",
"refsource": "CONFIRM"
},
{
"name": "ibm-sss-cve20204341-info-disc (178181)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178181",
"refsource": "XF"
}
]
}
}

172
2020/4xxx/CVE-2020-4342.json
View File

@ -1,90 +1,90 @@
{
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. IBM X-Force ID: 178182."
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6237276",
"title" : "IBM Security Bulletin 6237276 (Security Secret Server)",
"name" : "https://www.ibm.com/support/pages/node/6237276"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/178182",
"name" : "ibm-sss-cve20204342-info-disc (178182)",
"title" : "X-Force Vulnerability Report"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.7"
}
]
},
"product_name" : "Security Secret Server"
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. IBM X-Force ID: 178182."
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-06-22T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4342",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6237276",
"title": "IBM Security Bulletin 6237276 (Security Secret Server)",
"name": "https://www.ibm.com/support/pages/node/6237276"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178182",
"name": "ibm-sss-cve20204342-info-disc (178182)",
"title": "X-Force Vulnerability Report"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.7"
}
]
},
"product_name": "Security Secret Server"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"PR" : "N",
"SCORE" : "5.300",
"UI" : "N",
"I" : "N",
"C" : "L",
"S" : "U",
"AV" : "N",
"A" : "N",
"AC" : "L"
}
}
},
"data_type" : "CVE"
}
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2020-06-22T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2020-4342",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"PR": "N",
"SCORE": "5.300",
"UI": "N",
"I": "N",
"C": "L",
"S": "U",
"AV": "N",
"A": "N",
"AC": "L"
}
}
},
"data_type": "CVE"
}

172
2020/4xxx/CVE-2020-4413.json
View File

@ -1,90 +1,90 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 179988."
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6237292",
"name" : "https://www.ibm.com/support/pages/node/6237292",
"title" : "IBM Security Bulletin 6237292 (Security Secret Server)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/179988",
"name" : "ibm-sss-cve20204413-info-disc (179988)",
"title" : "X-Force Vulnerability Report"
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-06-22T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4413",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Secret Server",
"version" : {
"version_data" : [
{
"version_value" : "10.7"
}
]
}
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 179988."
}
]
}
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"AV" : "N",
"S" : "U",
"C" : "H",
"AC" : "H",
"A" : "N",
"I" : "N",
"UI" : "N",
"SCORE" : "5.900",
"PR" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6237292",
"name": "https://www.ibm.com/support/pages/node/6237292",
"title": "IBM Security Bulletin 6237292 (Security Secret Server)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179988",
"name": "ibm-sss-cve20204413-info-disc (179988)",
"title": "X-Force Vulnerability Report"
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2020-06-22T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2020-4413",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Secret Server",
"version": {
"version_data": [
{
"version_value": "10.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
}
}
}
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"AV": "N",
"S": "U",
"C": "H",
"AC": "H",
"A": "N",
"I": "N",
"UI": "N",
"SCORE": "5.900",
"PR": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
}