diff --git a/2021/39xxx/CVE-2021-39043.json b/2021/39xxx/CVE-2021-39043.json index 6c3dda31277..442dc8d6fd1 100644 --- a/2021/39xxx/CVE-2021-39043.json +++ b/2021/39xxx/CVE-2021-39043.json @@ -1,102 +1,102 @@ { - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6587797 (Jazz Team Server)", - "url" : "https://www.ibm.com/support/pages/node/6587797", - "name" : "https://www.ibm.com/support/pages/node/6587797", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-jazz-cve202139043-xss (214032)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/214032" - } - ] - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "L", - "SCORE" : "6.400", - "A" : "N", - "C" : "L", - "AC" : "L", - "AV" : "N", - "S" : "C", - "UI" : "N", - "PR" : "L" - }, - "TM" : { - "E" : "H", - "RL" : "O", - "RC" : "C" - } - } - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2022-05-19T00:00:00", - "ID" : "CVE-2021-39043", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214032.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "6.0.6" - }, - { - "version_value" : "6.0.6.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.0.1" - }, - { - "version_value" : "7.0.2" - } - ] - }, - "product_name" : "Jazz Team Server" - } - ] - }, - "vendor_name" : "IBM" + "title": "IBM Security Bulletin 6587797 (Jazz Team Server)", + "url": "https://www.ibm.com/support/pages/node/6587797", + "name": "https://www.ibm.com/support/pages/node/6587797", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-jazz-cve202139043-xss (214032)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214032" } - ] - } - } -} + ] + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "I": "L", + "SCORE": "6.400", + "A": "N", + "C": "L", + "AC": "L", + "AV": "N", + "S": "C", + "UI": "N", + "PR": "L" + }, + "TM": { + "E": "H", + "RL": "O", + "RC": "C" + } + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2022-05-19T00:00:00", + "ID": "CVE-2021-39043", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "description": { + "description_data": [ + { + "value": "IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214032.", + "lang": "eng" + } + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.0.6" + }, + { + "version_value": "6.0.6.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.2" + } + ] + }, + "product_name": "Jazz Team Server" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22365.json b/2022/22xxx/CVE-2022-22365.json index 741d9cc7a1b..414df65c284 100644 --- a/2022/22xxx/CVE-2022-22365.json +++ b/2022/22xxx/CVE-2022-22365.json @@ -1,99 +1,99 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - }, - "product_name" : "WebSphere Application Server" - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + }, + "product_name": "WebSphere Application Server" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_version" : "4.0", - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904." - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2022-22365", - "DATE_PUBLIC" : "2022-05-19T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "L", - "A" : "L", - "SCORE" : "5.600", - "S" : "U", - "AV" : "N", - "UI" : "N", - "C" : "L", - "AC" : "H", - "PR" : "N" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6587947 (WebSphere Application Server)", - "url" : "https://www.ibm.com/support/pages/node/6587947", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6587947" - }, - { - "name" : "ibm-websphere-cve202222365-spoofing (220904)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/220904", - "title" : "X-Force Vulnerability Report" - } - ] - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] + } + ] + }, + "data_version": "4.0", + "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904." + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2022-22365", + "DATE_PUBLIC": "2022-05-19T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "impact": { + "cvssv3": { + "BM": { + "I": "L", + "A": "L", + "SCORE": "5.600", + "S": "U", + "AV": "N", + "UI": "N", + "C": "L", + "AC": "H", + "PR": "N" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + } + } + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6587947 (WebSphere Application Server)", + "url": "https://www.ibm.com/support/pages/node/6587947", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6587947" + }, + { + "name": "ibm-websphere-cve202222365-spoofing (220904)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220904", + "title": "X-Force Vulnerability Report" + } + ] + } +} \ No newline at end of file