From 3e8596e7b6e0088497c1b05f7a469d52c99e3fce Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Wed, 20 Jan 2021 09:57:31 -0500 Subject: [PATCH] IBM20210120-95731 Added CVE-2020-4688, CVE-2020-4887, CVE-2020-4921, CVE-2020-4983 --- 2020/4xxx/CVE-2020-4688.json | 105 +++++++++++++++++++++++++++----- 2020/4xxx/CVE-2020-4887.json | 115 ++++++++++++++++++++++++++++++----- 2020/4xxx/CVE-2020-4921.json | 105 +++++++++++++++++++++++++++----- 2020/4xxx/CVE-2020-4983.json | 112 +++++++++++++++++++++++++++++----- 4 files changed, 377 insertions(+), 60 deletions(-) diff --git a/2020/4xxx/CVE-2020-4688.json b/2020/4xxx/CVE-2020-4688.json index 5fd3daa093c..071c352b731 100644 --- a/2020/4xxx/CVE-2020-4688.json +++ b/2020/4xxx/CVE-2020-4688.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4688", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability. IBM X-Force ID: 186700." + } + ] + }, + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Privileges", + "lang" : "eng" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6405952 (Security Guardium)", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/6405952", + "url" : "https://www.ibm.com/support/pages/node/6405952" + }, + { + "name" : "ibm-guardium-cve20204688-command-exec (186700)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186700" + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2020-4688", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-01-19T00:00:00" + }, + "impact" : { + "cvssv3" : { + "BM" : { + "S" : "U", + "PR" : "N", + "A" : "L", + "AC" : "L", + "AV" : "L", + "UI" : "N", + "C" : "L", + "I" : "L", + "SCORE" : "5.900" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "10.6" + }, + { + "version_value" : "11.2" + } + ] + }, + "product_name" : "Security Guardium" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2020/4xxx/CVE-2020-4887.json b/2020/4xxx/CVE-2020-4887.json index 109a5291534..e5a7f07a190 100644 --- a/2020/4xxx/CVE-2020-4887.json +++ b/2020/4xxx/CVE-2020-4887.json @@ -1,18 +1,103 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4887", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "C" : "N", + "I" : "H", + "SCORE" : "6.200", + "AC" : "L", + "AV" : "L", + "A" : "N", + "S" : "U", + "PR" : "N", + "UI" : "N" + } + } + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2021-01-19T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2020-4887", + "STATE" : "PUBLIC" + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "7.1" + }, + { + "version_value" : "7.2" + } + ] + }, + "product_name" : "AIX" + }, + { + "product_name" : "VIOS ", + "version" : { + "version_data" : [ + { + "version_value" : "3.1" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911." + } + ] + }, + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6406022 (AIX)", + "name" : "https://www.ibm.com/support/pages/node/6406022", + "url" : "https://www.ibm.com/support/pages/node/6406022" + }, + { + "name" : "ibm-aix-cve20204887-file-write (190911)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190911" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Data Manipulation" + } + ] + } + ] + } +} diff --git a/2020/4xxx/CVE-2020-4921.json b/2020/4xxx/CVE-2020-4921.json index 6187c5ba4d2..f3328ade0d8 100644 --- a/2020/4xxx/CVE-2020-4921.json +++ b/2020/4xxx/CVE-2020-4921.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4921", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191398." + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6405952", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/6405952", + "title" : "IBM Security Bulletin 6405952 (Security Guardium)" + }, + { + "name" : "ibm-guardium-cve20204921-sql-injection (191398)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191398" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Data Manipulation" + } + ] + } + ] + }, + "data_type" : "CVE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Security Guardium", + "version" : { + "version_data" : [ + { + "version_value" : "10.6" + }, + { + "version_value" : "11.2" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "BM" : { + "S" : "U", + "A" : "L", + "PR" : "L", + "AC" : "L", + "AV" : "N", + "UI" : "N", + "C" : "H", + "SCORE" : "7.600", + "I" : "L" + }, + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + } + } + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2021-01-19T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "ID" : "CVE-2020-4921" + } +} diff --git a/2020/4xxx/CVE-2020-4983.json b/2020/4xxx/CVE-2020-4983.json index 27594ac8e16..45582a10575 100644 --- a/2020/4xxx/CVE-2020-4983.json +++ b/2020/4xxx/CVE-2020-4983.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4983", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. IBM X-Force ID: 192586." + } + ] + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/6395478", + "title" : "IBM Security Bulletin 6395478 (Spectrum LSF Suite)", + "url" : "https://www.ibm.com/support/pages/node/6395478" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/192586", + "name" : "ibm-spectrum-cve20204983-code-exec (192586)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ID" : "CVE-2020-4983", + "DATE_PUBLIC" : "2021-01-13T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "H", + "SCORE" : "7.400", + "I" : "H", + "AV" : "L", + "AC" : "H", + "S" : "U", + "PR" : "N", + "A" : "H", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Spectrum LSF Suite", + "version" : { + "version_data" : [ + { + "version_value" : "10.2" + } + ] + } + }, + { + "product_name" : "Spectrum LSF", + "version" : { + "version_data" : [ + { + "version_value" : "10.1" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +}