diff --git a/2017/11xxx/CVE-2017-11747.json b/2017/11xxx/CVE-2017-11747.json index b3bc07d84d0..976928f5526 100644 --- a/2017/11xxx/CVE-2017-11747.json +++ b/2017/11xxx/CVE-2017-11747.json @@ -56,6 +56,11 @@ "name": "https://github.com/tinyproxy/tinyproxy/issues/106", "refsource": "MISC", "url": "https://github.com/tinyproxy/tinyproxy/issues/106" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200331 [SECURITY] [DLA 2163-1] tinyproxy security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00037.html" } ] } diff --git a/2019/14xxx/CVE-2019-14879.json b/2019/14xxx/CVE-2019-14879.json index 5d92f548a56..99750d627d7 100644 --- a/2019/14xxx/CVE-2019-14879.json +++ b/2019/14xxx/CVE-2019-14879.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-14879", - "ASSIGNER": "darunesh@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -18,13 +19,13 @@ "version": { "version_data": [ { - "version_value": "3.7.3" + "version_value": "3.7.x before 3.7.3" }, { - "version_value": "3.6.7" + "version_value": "3.6.x before 3.6.7" }, { - "version_value": "3.5.9" + "version_value": "3.5.x before 3.5.9" } ] } @@ -60,7 +61,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilites were not being revoked (where applicable)." + "value": "A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable)." } ] }, @@ -74,4 +75,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11421.json b/2020/11xxx/CVE-2020-11421.json new file mode 100644 index 00000000000..719fd9a13fc --- /dev/null +++ b/2020/11xxx/CVE-2020-11421.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11421", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11422.json b/2020/11xxx/CVE-2020-11422.json new file mode 100644 index 00000000000..0f63620d71d --- /dev/null +++ b/2020/11xxx/CVE-2020-11422.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11422", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11423.json b/2020/11xxx/CVE-2020-11423.json new file mode 100644 index 00000000000..5c155e3f90e --- /dev/null +++ b/2020/11xxx/CVE-2020-11423.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11423", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11424.json b/2020/11xxx/CVE-2020-11424.json new file mode 100644 index 00000000000..8fac89ef204 --- /dev/null +++ b/2020/11xxx/CVE-2020-11424.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11424", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11425.json b/2020/11xxx/CVE-2020-11425.json new file mode 100644 index 00000000000..3ba31e05efd --- /dev/null +++ b/2020/11xxx/CVE-2020-11425.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11425", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11426.json b/2020/11xxx/CVE-2020-11426.json new file mode 100644 index 00000000000..4f15d82b89c --- /dev/null +++ b/2020/11xxx/CVE-2020-11426.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11426", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11427.json b/2020/11xxx/CVE-2020-11427.json new file mode 100644 index 00000000000..7f47bbaaa1f --- /dev/null +++ b/2020/11xxx/CVE-2020-11427.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11427", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11428.json b/2020/11xxx/CVE-2020-11428.json new file mode 100644 index 00000000000..a6f7e195f57 --- /dev/null +++ b/2020/11xxx/CVE-2020-11428.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11428", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11429.json b/2020/11xxx/CVE-2020-11429.json new file mode 100644 index 00000000000..31b5078414a --- /dev/null +++ b/2020/11xxx/CVE-2020-11429.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11429", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11430.json b/2020/11xxx/CVE-2020-11430.json new file mode 100644 index 00000000000..3fce7fd5ebb --- /dev/null +++ b/2020/11xxx/CVE-2020-11430.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11430", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4206.json b/2020/4xxx/CVE-2020-4206.json index 8fa4f7156f4..b4281e5f2d3 100644 --- a/2020/4xxx/CVE-2020-4206.json +++ b/2020/4xxx/CVE-2020-4206.json @@ -1,93 +1,93 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input. IBM X-Force ID: 174966.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6114130", - "title" : "IBM Security Bulletin 6114130 (Spectrum Protect Plus)", - "name" : "https://www.ibm.com/support/pages/node/6114130" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-spectrum-cve20204206-code-exec (174966)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/174966", - "refsource" : "XF" - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4206", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-03-30T00:00:00" - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Spectrum Protect Plus", - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.5" - } - ] - } - } - ] - } + "value": "IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input. IBM X-Force ID: 174966.", + "lang": "eng" } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "I" : "H", - "UI" : "N", - "AC" : "H", - "C" : "H", - "PR" : "L", - "A" : "H", - "AV" : "N", - "SCORE" : "7.500" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6114130", + "title": "IBM Security Bulletin 6114130 (Spectrum Protect Plus)", + "name": "https://www.ibm.com/support/pages/node/6114130" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-spectrum-cve20204206-code-exec (174966)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174966", + "refsource": "XF" + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4206", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-03-30T00:00:00" + }, + "data_format": "MITRE", + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Spectrum Protect Plus", + "version": { + "version_data": [ + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.5" + } + ] + } + } + ] + } + } ] - } - ] - } -} + } + }, + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "I": "H", + "UI": "N", + "AC": "H", + "C": "H", + "PR": "L", + "A": "H", + "AV": "N", + "SCORE": "7.500" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4208.json b/2020/4xxx/CVE-2020-4208.json index 2b05e3cc82c..0674824d8f6 100644 --- a/2020/4xxx/CVE-2020-4208.json +++ b/2020/4xxx/CVE-2020-4208.json @@ -1,93 +1,93 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "A" : "N", - "AV" : "N", - "PR" : "N", - "C" : "H", - "AC" : "L", - "SCORE" : "7.500", - "S" : "U", - "I" : "N", - "UI" : "N" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-03-30T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4208" - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6114130", - "name" : "https://www.ibm.com/support/pages/node/6114130", - "title" : "IBM Security Bulletin 6114130 (Spectrum Protect Plus)" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-spectrum-cve20204208-info-disc (174975)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/174975" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.5" - } - ] - }, - "product_name" : "Spectrum Protect Plus" - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "A": "N", + "AV": "N", + "PR": "N", + "C": "H", + "AC": "L", + "SCORE": "7.500", + "S": "U", + "I": "N", + "UI": "N" } - ] - } - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-03-30T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4208" + }, + "data_format": "MITRE", + "data_version": "4.0", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6114130", + "name": "https://www.ibm.com/support/pages/node/6114130", + "title": "IBM Security Bulletin 6114130 (Spectrum Protect Plus)" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-spectrum-cve20204208-info-disc (174975)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174975" + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975.", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.5" + } + ] + }, + "product_name": "Spectrum Protect Plus" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4214.json b/2020/4xxx/CVE-2020-4214.json index 158a9f37af4..7745e82905c 100644 --- a/2020/4xxx/CVE-2020-4214.json +++ b/2020/4xxx/CVE-2020-4214.json @@ -1,93 +1,93 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6114130", - "name" : "https://www.ibm.com/support/pages/node/6114130", - "title" : "IBM Security Bulletin 6114130 (Spectrum Protect Plus)" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-spectrum-cve20204214-data-manipulation (175026)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175026" - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-03-30T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4214" - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.5" - } - ] - }, - "product_name" : "Spectrum Protect Plus" - } - ] - }, - "vendor_name" : "IBM" + "value": "IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026.", + "lang": "eng" } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "UI" : "N", - "I" : "H", - "PR" : "N", - "A" : "N", - "AV" : "N", - "AC" : "L", - "C" : "N", - "SCORE" : "7.500" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Data Manipulation" - } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6114130", + "name": "https://www.ibm.com/support/pages/node/6114130", + "title": "IBM Security Bulletin 6114130 (Spectrum Protect Plus)" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-spectrum-cve20204214-data-manipulation (175026)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175026" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-03-30T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4214" + }, + "data_format": "MITRE", + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.5" + } + ] + }, + "product_name": "Spectrum Protect Plus" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - } -} + } + }, + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "UI": "N", + "I": "H", + "PR": "N", + "A": "N", + "AV": "N", + "AC": "L", + "C": "N", + "SCORE": "7.500" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Data Manipulation" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4235.json b/2020/4xxx/CVE-2020-4235.json index 1755f26763c..21f6b3c270a 100644 --- a/2020/4xxx/CVE-2020-4235.json +++ b/2020/4xxx/CVE-2020-4235.json @@ -1,93 +1,93 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tivoli Netcool Impact", - "version" : { - "version_data" : [ - { - "version_value" : "7.1.0" - }, - { - "version_value" : "7.1.0.17" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175408." - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6128931", - "title" : "IBM Security Bulletin 6128931 (Tivoli Netcool Impact)", - "url" : "https://www.ibm.com/support/pages/node/6128931" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175408", - "name" : "ibm-tivoli-cve20204235-xss (175408)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4235", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-03-30T00:00:00" - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tivoli Netcool Impact", + "version": { + "version_data": [ + { + "version_value": "7.1.0" + }, + { + "version_value": "7.1.0.17" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "UI" : "R", - "I" : "L", - "S" : "C", - "SCORE" : "5.400", - "C" : "L", - "AC" : "L", - "PR" : "L", - "A" : "N", - "AV" : "N" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - } -} + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175408." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6128931", + "title": "IBM Security Bulletin 6128931 (Tivoli Netcool Impact)", + "url": "https://www.ibm.com/support/pages/node/6128931" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175408", + "name": "ibm-tivoli-cve20204235-xss (175408)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "data_version": "4.0", + "data_format": "MITRE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4235", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-03-30T00:00:00" + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "UI": "R", + "I": "L", + "S": "C", + "SCORE": "5.400", + "C": "L", + "AC": "L", + "PR": "L", + "A": "N", + "AV": "N" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4236.json b/2020/4xxx/CVE-2020-4236.json index 695a2bd3454..c0273cb71b9 100644 --- a/2020/4xxx/CVE-2020-4236.json +++ b/2020/4xxx/CVE-2020-4236.json @@ -1,93 +1,93 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "UI" : "N", - "I" : "N", - "PR" : "L", - "A" : "H", - "AV" : "N", - "AC" : "L", - "C" : "N", - "SCORE" : "6.500" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } - ] - } - ] - }, - "data_type" : "CVE", - "data_format" : "MITRE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-03-30T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4236", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an authenticated user to cause a denial of service due to improper content parsing in the project management module. IBM X-Force ID: 175409.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6128937", - "name" : "https://www.ibm.com/support/pages/node/6128937", - "title" : "IBM Security Bulletin 6128937 (Tivoli Netcool Impact)" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-tivoli-cve20204236-dos (175409)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175409", - "refsource" : "XF" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.1.0" - }, - { - "version_value" : "7.1.0.17" - } - ] - }, - "product_name" : "Tivoli Netcool Impact" - } - ] - } + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "UI": "N", + "I": "N", + "PR": "L", + "A": "H", + "AV": "N", + "AC": "L", + "C": "N", + "SCORE": "6.500" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" } - ] - } - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "DATE_PUBLIC": "2020-03-30T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2020-4236", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "value": "IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an authenticated user to cause a denial of service due to improper content parsing in the project management module. IBM X-Force ID: 175409.", + "lang": "eng" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6128937", + "name": "https://www.ibm.com/support/pages/node/6128937", + "title": "IBM Security Bulletin 6128937 (Tivoli Netcool Impact)" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-tivoli-cve20204236-dos (175409)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175409", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.1.0" + }, + { + "version_value": "7.1.0.17" + } + ] + }, + "product_name": "Tivoli Netcool Impact" + } + ] + } + } + ] + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4237.json b/2020/4xxx/CVE-2020-4237.json index 012f846fba4..642e01d2a3b 100644 --- a/2020/4xxx/CVE-2020-4237.json +++ b/2020/4xxx/CVE-2020-4237.json @@ -1,93 +1,93 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.1.0" - }, - { - "version_value" : "7.1.0.17" - } - ] - }, - "product_name" : "Tivoli Netcool Impact" - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175410.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6128943 (Tivoli Netcool Impact)", - "name" : "https://www.ibm.com/support/pages/node/6128943", - "url" : "https://www.ibm.com/support/pages/node/6128943" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175410", - "name" : "ibm-tivoli-cve20204237-csrf (175410)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-03-30T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4237" - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.1.0" + }, + { + "version_value": "7.1.0.17" + } + ] + }, + "product_name": "Tivoli Netcool Impact" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "UI" : "R", - "I" : "L", - "S" : "U", - "SCORE" : "4.300", - "AV" : "N", - "A" : "N", - "PR" : "N", - "C" : "N", - "AC" : "L" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - } -} + } + }, + "description": { + "description_data": [ + { + "value": "IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175410.", + "lang": "eng" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6128943 (Tivoli Netcool Impact)", + "name": "https://www.ibm.com/support/pages/node/6128943", + "url": "https://www.ibm.com/support/pages/node/6128943" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175410", + "name": "ibm-tivoli-cve20204237-csrf (175410)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_version": "4.0", + "data_format": "MITRE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-03-30T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4237" + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "UI": "R", + "I": "L", + "S": "U", + "SCORE": "4.300", + "AV": "N", + "A": "N", + "PR": "N", + "C": "N", + "AC": "L" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4238.json b/2020/4xxx/CVE-2020-4238.json index efebd68d16a..d507117f611 100644 --- a/2020/4xxx/CVE-2020-4238.json +++ b/2020/4xxx/CVE-2020-4238.json @@ -1,93 +1,93 @@ { - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2020-4238", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-03-30T00:00:00", - "STATE" : "PUBLIC" - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6128949 (Tivoli Netcool Impact)", - "name" : "https://www.ibm.com/support/pages/node/6128949", - "url" : "https://www.ibm.com/support/pages/node/6128949", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "name" : "ibm-tivoli-cve20204238-csrf (175411)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175411" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175411.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-4238", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-03-30T00:00:00", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Tivoli Netcool Impact", - "version" : { - "version_data" : [ - { - "version_value" : "7.1.0" - }, - { - "version_value" : "7.1.0.17" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "title": "IBM Security Bulletin 6128949 (Tivoli Netcool Impact)", + "name": "https://www.ibm.com/support/pages/node/6128949", + "url": "https://www.ibm.com/support/pages/node/6128949", + "refsource": "CONFIRM" + }, + { + "refsource": "XF", + "name": "ibm-tivoli-cve20204238-csrf (175411)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175411" } - ] - } - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "AC" : "L", - "C" : "N", - "PR" : "N", - "A" : "N", - "AV" : "N", - "SCORE" : "4.300", - "S" : "U", - "UI" : "R", - "I" : "L" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175411.", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tivoli Netcool Impact", + "version": { + "version_data": [ + { + "version_value": "7.1.0" + }, + { + "version_value": "7.1.0.17" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_type" : "CVE" -} + } + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "AC": "L", + "C": "N", + "PR": "N", + "A": "N", + "AV": "N", + "SCORE": "4.300", + "S": "U", + "UI": "R", + "I": "L" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4239.json b/2020/4xxx/CVE-2020-4239.json index 67cc9f30f66..450a425857f 100644 --- a/2020/4xxx/CVE-2020-4239.json +++ b/2020/4xxx/CVE-2020-4239.json @@ -1,93 +1,93 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "S" : "U", - "I" : "N", - "UI" : "N", - "C" : "L", - "AC" : "L", - "A" : "N", - "PR" : "N", - "AV" : "N", - "SCORE" : "5.300" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Tivoli Netcool Impact", - "version" : { - "version_data" : [ - { - "version_value" : "7.1.0" - }, - { - "version_value" : "7.1.0.17" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] } - ] - } - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-03-30T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4239" - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6128955", - "name" : "https://www.ibm.com/support/pages/node/6128955", - "title" : "IBM Security Bulletin 6128955 (Tivoli Netcool Impact)", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-tivoli-cve20204239-info-disc (175412)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175412", - "refsource" : "XF" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175412.", - "lang" : "eng" - } - ] - } -} + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "S": "U", + "I": "N", + "UI": "N", + "C": "L", + "AC": "L", + "A": "N", + "PR": "N", + "AV": "N", + "SCORE": "5.300" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tivoli Netcool Impact", + "version": { + "version_data": [ + { + "version_value": "7.1.0" + }, + { + "version_value": "7.1.0.17" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_version": "4.0", + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-03-30T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4239" + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6128955", + "name": "https://www.ibm.com/support/pages/node/6128955", + "title": "IBM Security Bulletin 6128955 (Tivoli Netcool Impact)", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-tivoli-cve20204239-info-disc (175412)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175412", + "refsource": "XF" + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175412.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4240.json b/2020/4xxx/CVE-2020-4240.json index e9f2fc1d9a5..378b3bfbbed 100644 --- a/2020/4xxx/CVE-2020-4240.json +++ b/2020/4xxx/CVE-2020-4240.json @@ -1,93 +1,93 @@ { - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "I" : "L", - "UI" : "N", - "S" : "U", - "SCORE" : "4.800", - "AC" : "H", - "C" : "N", - "A" : "L", - "AV" : "N", - "PR" : "N" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Spectrum Protect Plus", - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.5" - } - ] - } - } - ] - } + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6116488", - "name" : "https://www.ibm.com/support/pages/node/6116488", - "title" : "IBM Security Bulletin 6116488 (Spectrum Protect Plus)" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175417", - "name" : "ibm-spectrum-cve20204240-file-write (175417)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4240", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-03-30T00:00:00" - } -} + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "I": "L", + "UI": "N", + "S": "U", + "SCORE": "4.800", + "AC": "H", + "C": "N", + "A": "L", + "AV": "N", + "PR": "N" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Spectrum Protect Plus", + "version": { + "version_data": [ + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.5" + } + ] + } + } + ] + } + } + ] + } + }, + "description": { + "description_data": [ + { + "value": "IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417.", + "lang": "eng" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6116488", + "name": "https://www.ibm.com/support/pages/node/6116488", + "title": "IBM Security Bulletin 6116488 (Spectrum Protect Plus)" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175417", + "name": "ibm-spectrum-cve20204240-file-write (175417)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_version": "4.0", + "data_format": "MITRE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4240", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-03-30T00:00:00" + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4241.json b/2020/4xxx/CVE-2020-4241.json index 37bf11f765c..9773c5b4084 100644 --- a/2020/4xxx/CVE-2020-4241.json +++ b/2020/4xxx/CVE-2020-4241.json @@ -1,93 +1,93 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "UI" : "N", - "I" : "H", - "S" : "U", - "SCORE" : "7.500", - "A" : "H", - "AV" : "N", - "PR" : "L", - "AC" : "H", - "C" : "H" - } - } - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418." - } - ] - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6114130 (Spectrum Protect Plus)", - "name" : "https://www.ibm.com/support/pages/node/6114130", - "url" : "https://www.ibm.com/support/pages/node/6114130", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175418", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-spectrum-cve20204241-command-exec (175418)", - "refsource" : "XF" - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2020-4241", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-03-30T00:00:00", - "STATE" : "PUBLIC" - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.5" - } - ] - }, - "product_name" : "Spectrum Protect Plus" - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "UI": "N", + "I": "H", + "S": "U", + "SCORE": "7.500", + "A": "H", + "AV": "N", + "PR": "L", + "AC": "H", + "C": "H" } - ] - } - } -} + } + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418." + } + ] + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6114130 (Spectrum Protect Plus)", + "name": "https://www.ibm.com/support/pages/node/6114130", + "url": "https://www.ibm.com/support/pages/node/6114130", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175418", + "title": "X-Force Vulnerability Report", + "name": "ibm-spectrum-cve20204241-command-exec (175418)", + "refsource": "XF" + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2020-4241", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-03-30T00:00:00", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.5" + } + ] + }, + "product_name": "Spectrum Protect Plus" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4242.json b/2020/4xxx/CVE-2020-4242.json index 9d8144fbed9..78076096a92 100644 --- a/2020/4xxx/CVE-2020-4242.json +++ b/2020/4xxx/CVE-2020-4242.json @@ -1,93 +1,93 @@ { - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6114130", - "name" : "https://www.ibm.com/support/pages/node/6114130", - "title" : "IBM Security Bulletin 6114130 (Spectrum Protect Plus)" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-spectrum-cve20204242-command-injection (175419)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175419", - "refsource" : "XF" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419.", - "lang" : "eng" - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2020-4242", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-03-30T00:00:00", - "STATE" : "PUBLIC" - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.5" - } - ] - }, - "product_name" : "Spectrum Protect Plus" - } - ] - } + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6114130", + "name": "https://www.ibm.com/support/pages/node/6114130", + "title": "IBM Security Bulletin 6114130 (Spectrum Protect Plus)" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-spectrum-cve20204242-command-injection (175419)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175419", + "refsource": "XF" } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "SCORE" : "8.800", - "A" : "H", - "AV" : "N", - "PR" : "L", - "AC" : "L", - "C" : "H", - "UI" : "N", - "I" : "H", - "S" : "U" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419.", + "lang": "eng" + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2020-4242", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-03-30T00:00:00", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.5" + } + ] + }, + "product_name": "Spectrum Protect Plus" + } + ] + } + } ] - } - ] - } -} + } + }, + "impact": { + "cvssv3": { + "BM": { + "SCORE": "8.800", + "A": "H", + "AV": "N", + "PR": "L", + "AC": "L", + "C": "H", + "UI": "N", + "I": "H", + "S": "U" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + } + } + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5255.json b/2020/5xxx/CVE-2020-5255.json index 080a5fcf3f3..d204029eae7 100644 --- a/2020/5xxx/CVE-2020-5255.json +++ b/2020/5xxx/CVE-2020-5255.json @@ -9,6 +9,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "symfony", "product": { "product_data": [ { @@ -16,14 +17,16 @@ "version": { "version_data": [ { - "version_value": "< 4.4" + "version_value": ">= 4.4.0 and < 4.4.7" + }, + { + "version_value": ">= 5.0.0 and < 5.0.7" } ] } } ] - }, - "vendor_name": "symfony" + } } ] } @@ -35,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "In Symfony before version 4.4, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in version 4.4." + "value": "In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7." } ] }, @@ -78,6 +81,11 @@ "name": "https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6", "refsource": "MISC", "url": "https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6" + }, + { + "refsource": "MISC", + "name": "https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header", + "url": "https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header" } ] }, diff --git a/2020/6xxx/CVE-2020-6008.json b/2020/6xxx/CVE-2020-6008.json index c7189a05a9c..208902c27cf 100644 --- a/2020/6xxx/CVE-2020-6008.json +++ b/2020/6xxx/CVE-2020-6008.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6008", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@checkpoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "LifterLMS Wordpress Plugin", + "version": { + "version_data": [ + { + "version_value": "< 3.37.15" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434: Unrestricted Upload of File with Dangerous Type" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://wordpress.org/plugins/lifterlms/#developers", + "url": "https://wordpress.org/plugins/lifterlms/#developers" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution" } ] }