admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-12-01 18:01:05 +00:00
parent ee5a3b6958
commit 16585e25ac
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
5 changed files with 407 additions and 362 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
2021/20xxx/CVE-2021-20400.json
View File

@ -1,93 +1,93 @@
{
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074."
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-11-30T00:00:00",
"ID" : "CVE-2021-20400",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"AC" : "H",
"I" : "N",
"SCORE" : "5.900",
"C" : "H",
"A" : "N",
"AV" : "N",
"UI" : "N",
"S" : "U"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.3"
},
{
"version_value" : "7.4"
}
]
},
"product_name" : "QRadar SIEM"
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074."
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2021-11-30T00:00:00",
"ID": "CVE-2021-20400",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"impact": {
"cvssv3": {
"BM": {
"PR": "N",
"AC": "H",
"I": "N",
"SCORE": "5.900",
"C": "H",
"A": "N",
"AV": "N",
"UI": "N",
"S": "U"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.3"
},
{
"version_value": "7.4"
}
]
},
"product_name": "QRadar SIEM"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6520488",
"url" : "https://www.ibm.com/support/pages/node/6520488",
"title" : "IBM Security Bulletin 6520488 (QRadar SIEM)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196074",
"refsource" : "XF",
"name" : "ibm-qradar-cve202120400-info-disc (196074)"
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6520488",
"url": "https://www.ibm.com/support/pages/node/6520488",
"title": "IBM Security Bulletin 6520488 (QRadar SIEM)"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196074",
"refsource": "XF",
"name": "ibm-qradar-cve202120400-info-disc (196074)"
}
]
},
"data_type": "CVE",
"data_format": "MITRE"
}

178
2021/29xxx/CVE-2021-29779.json
View File

@ -1,93 +1,93 @@
{
"data_format" : "MITRE",
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6520484",
"url" : "https://www.ibm.com/support/pages/node/6520484",
"title" : "IBM Security Bulletin 6520484 (QRadar SIEM)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/203033",
"name" : "ibm-qradar-cve202129779-info-disc (203033)",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "QRadar SIEM",
"version" : {
"version_data" : [
{
"version_value" : "7.3"
},
{
"version_value" : "7.4"
}
]
}
}
]
}
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6520484",
"url": "https://www.ibm.com/support/pages/node/6520484",
"title": "IBM Security Bulletin 6520484 (QRadar SIEM)"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203033",
"name": "ibm-qradar-cve202129779-info-disc (203033)",
"refsource": "XF"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "QRadar SIEM",
"version": {
"version_data": [
{
"version_value": "7.3"
},
{
"version_value": "7.4"
}
]
}
}
]
}
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"AC" : "H",
"I" : "N",
"PR" : "N",
"A" : "N",
"C" : "H",
"SCORE" : "5.900",
"UI" : "N",
"AV" : "N",
"S" : "U"
}
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033."
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-11-30T00:00:00",
"ID" : "CVE-2021-29779",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"AC": "H",
"I": "N",
"PR": "N",
"A": "N",
"C": "H",
"SCORE": "5.900",
"UI": "N",
"AV": "N",
"S": "U"
}
}
},
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033."
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2021-11-30T00:00:00",
"ID": "CVE-2021-29779",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
}
}

182
2021/29xxx/CVE-2021-29849.json
View File

@ -1,93 +1,93 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "QRadar SIEM",
"version" : {
"version_data" : [
{
"version_value" : "7.3"
},
{
"version_value" : "7.4"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QRadar SIEM",
"version": {
"version_data": [
{
"version_value": "7.3"
},
{
"version_value": "7.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6520476",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6520476 (QRadar SIEM)",
"url" : "https://www.ibm.com/support/pages/node/6520476"
},
{
"name" : "ibm-qradar-cve202129849-xss (205281)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/205281",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-11-30T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-29849",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205281."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "C",
"UI" : "R",
"AV" : "N",
"A" : "N",
"C" : "L",
"SCORE" : "5.400",
"I" : "L",
"AC" : "L",
"PR" : "L"
},
"TM" : {
"E" : "H",
"RL" : "O",
"RC" : "C"
}
}
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6520476",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6520476 (QRadar SIEM)",
"url": "https://www.ibm.com/support/pages/node/6520476"
},
{
"name": "ibm-qradar-cve202129849-xss (205281)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205281",
"title": "X-Force Vulnerability Report"
}
]
},
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2021-11-30T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-29849",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205281."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"S": "C",
"UI": "R",
"AV": "N",
"A": "N",
"C": "L",
"SCORE": "5.400",
"I": "L",
"AC": "L",
"PR": "L"
},
"TM": {
"E": "H",
"RL": "O",
"RC": "C"
}
}
}
}

180
2021/29xxx/CVE-2021-29863.json
View File

@ -1,93 +1,93 @@
{
"data_format" : "MITRE",
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6520490",
"title" : "IBM Security Bulletin 6520490 (QRadar SIEM)",
"name" : "https://www.ibm.com/support/pages/node/6520490",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/206087",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-qradar-cve202129863-ssrf (206087)"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.3"
},
{
"version_value" : "7.4"
}
]
},
"product_name" : "QRadar SIEM"
}
]
}
"url": "https://www.ibm.com/support/pages/node/6520490",
"title": "IBM Security Bulletin 6520490 (QRadar SIEM)",
"name": "https://www.ibm.com/support/pages/node/6520490",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206087",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-qradar-cve202129863-ssrf (206087)"
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "L",
"SCORE" : "5.400",
"A" : "N",
"PR" : "L",
"AC" : "L",
"I" : "L",
"S" : "U",
"AV" : "N",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-29863",
"DATE_PUBLIC" : "2021-11-30T00:00:00"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087."
}
]
},
"data_version" : "4.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.3"
},
{
"version_value": "7.4"
}
]
},
"product_name": "QRadar SIEM"
}
]
}
}
]
}
},
"impact": {
"cvssv3": {
"BM": {
"C": "L",
"SCORE": "5.400",
"A": "N",
"PR": "L",
"AC": "L",
"I": "L",
"S": "U",
"AV": "N",
"UI": "N"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-29863",
"DATE_PUBLIC": "2021-11-30T00:00:00"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087."
}
]
},
"data_version": "4.0"
}

51
2021/38xxx/CVE-2021-38575.json
View File

@ -4,14 +4,59 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38575",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "infosec@edk2.groups.io",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TianoCore",
"product": {
"product_data": [
{
"product_name": "EDK II",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "edk2-stable202105"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A case of CWE-124, CWE-680, and CWE-252 is occurring in NetworkPkg/IScsiDxe."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3356",
"name": "https://bugzilla.tianocore.org/show_bug.cgi?id=3356"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NetworkPkg/IScsiDxe has remotely exploitable buffer overflows."
}
]
}