From 1de6391bf0cf405e987c9bc1c5da89aeecd58c8b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 28 Aug 2020 15:01:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/18xxx/CVE-2019-18392.json | 18 ++++ 2019/19xxx/CVE-2019-19499.json | 56 ++++++++-- 2019/4xxx/CVE-2019-4533.json | 174 +++++++++++++++---------------- 2019/4xxx/CVE-2019-4579.json | 174 +++++++++++++++---------------- 2020/4xxx/CVE-2020-4559.json | 180 ++++++++++++++++----------------- 2020/4xxx/CVE-2020-4591.json | 180 ++++++++++++++++----------------- 2020/9xxx/CVE-2020-9298.json | 50 ++++++++- 7 files changed, 469 insertions(+), 363 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18392.json diff --git a/2019/18xxx/CVE-2019-18392.json b/2019/18xxx/CVE-2019-18392.json new file mode 100644 index 00000000000..4f551dcc4f4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18392.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18392", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19499.json b/2019/19xxx/CVE-2019-19499.json index 7cf59e25efe..bf46e60e7cd 100644 --- a/2019/19xxx/CVE-2019-19499.json +++ b/2019/19xxx/CVE-2019-19499.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19499", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19499", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://swarm.ptsecurity.com/grafana-6-4-3-arbitrary-file-read/", + "url": "https://swarm.ptsecurity.com/grafana-6-4-3-arbitrary-file-read/" } ] } diff --git a/2019/4xxx/CVE-2019-4533.json b/2019/4xxx/CVE-2019-4533.json index 482657b114a..07d997dc75b 100644 --- a/2019/4xxx/CVE-2019-4533.json +++ b/2019/4xxx/CVE-2019-4533.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-08-27T00:00:00", - "ID" : "CVE-2019-4533", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6323645", - "title" : "IBM Security Bulletin 6323645 (Resilient SOAR)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6323645" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-resilient-cve20194533-dos (165589)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/165589" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "I" : "N", - "PR" : "L", - "AV" : "N", - "C" : "N", - "S" : "U", - "AC" : "L", - "A" : "L", - "SCORE" : "4.300", - "UI" : "N" - } - } - }, - "data_type" : "CVE", - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "DATE_PUBLIC": "2020-08-27T00:00:00", + "ID": "CVE-2019-4533", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "38" - } - ] - }, - "product_name" : "Resilient SOAR" - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589." } - ] - } - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6323645", + "title": "IBM Security Bulletin 6323645 (Resilient SOAR)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6323645" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-resilient-cve20194533-dos (165589)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165589" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "I": "N", + "PR": "L", + "AV": "N", + "C": "N", + "S": "U", + "AC": "L", + "A": "L", + "SCORE": "4.300", + "UI": "N" + } + } + }, + "data_type": "CVE", + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "38" + } + ] + }, + "product_name": "Resilient SOAR" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4579.json b/2019/4xxx/CVE-2019-4579.json index becd5a9beb8..bb990859520 100644 --- a/2019/4xxx/CVE-2019-4579.json +++ b/2019/4xxx/CVE-2019-4579.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6323783", - "title" : "IBM Security Bulletin 6323783 (Resilient SOAR)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6323783" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/167236", - "refsource" : "XF", - "name" : "ibm-resilient-cve20194579-input-validation (167236)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-08-27T00:00:00", - "ID" : "CVE-2019-4579", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Resilient SOAR", - "version" : { - "version_data" : [ - { - "version_value" : "38" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "L", - "PR" : "L", - "AV" : "N", - "S" : "U", - "C" : "N", - "AC" : "L", - "A" : "N", - "SCORE" : "4.300", - "UI" : "N" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "data_type" : "CVE", - "data_format" : "MITRE" -} + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6323783", + "title": "IBM Security Bulletin 6323783 (Resilient SOAR)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6323783" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167236", + "refsource": "XF", + "name": "ibm-resilient-cve20194579-input-validation (167236)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-08-27T00:00:00", + "ID": "CVE-2019-4579", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "value": "IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236.", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Resilient SOAR", + "version": { + "version_data": [ + { + "version_value": "38" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "impact": { + "cvssv3": { + "BM": { + "I": "L", + "PR": "L", + "AV": "N", + "S": "U", + "C": "N", + "AC": "L", + "A": "N", + "SCORE": "4.300", + "UI": "N" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } + }, + "data_type": "CVE", + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4559.json b/2020/4xxx/CVE-2020-4559.json index 83db55325e1..68dfd34ffbb 100644 --- a/2020/4xxx/CVE-2020-4559.json +++ b/2020/4xxx/CVE-2020-4559.json @@ -1,93 +1,93 @@ { - "data_version" : "4.0", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4559", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-08-27T00:00:00" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613." - } - ] - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6323757 (Spectrum Protect)", - "name" : "https://www.ibm.com/support/pages/node/6323757", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6323757" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/183613", - "refsource" : "XF", - "name" : "ibm-spectrum-cve20204559-dos (183613)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Denial of Service", - "lang" : "eng" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "SCORE" : "5.900", - "I" : "N", - "PR" : "N", - "AV" : "N", - "C" : "N", - "S" : "U", - "AC" : "H", - "A" : "H", - "UI" : "N" - } - } - }, - "data_type" : "CVE", - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4559", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-08-27T00:00:00" + }, + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.1" - }, - { - "version_value" : "8.1" - } - ] - }, - "product_name" : "Spectrum Protect" - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613." } - ] - } - } -} + ] + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6323757 (Spectrum Protect)", + "name": "https://www.ibm.com/support/pages/node/6323757", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6323757" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183613", + "refsource": "XF", + "name": "ibm-spectrum-cve20204559-dos (183613)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Denial of Service", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "SCORE": "5.900", + "I": "N", + "PR": "N", + "AV": "N", + "C": "N", + "S": "U", + "AC": "H", + "A": "H", + "UI": "N" + } + } + }, + "data_type": "CVE", + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.1" + }, + { + "version_value": "8.1" + } + ] + }, + "product_name": "Spectrum Protect" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4591.json b/2020/4xxx/CVE-2020-4591.json index 5cd9f7ebcd0..64fc8c3d7f1 100644 --- a/2020/4xxx/CVE-2020-4591.json +++ b/2020/4xxx/CVE-2020-4591.json @@ -1,93 +1,93 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6323765", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6323765 (Spectrum Protect Server)", - "name" : "https://www.ibm.com/support/pages/node/6323765" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184746", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-spectrum-cve20204591-info-disc (184746)" - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4591", - "DATE_PUBLIC" : "2020-08-27T00:00:00" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746." - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "8.1.0.000" - }, - { - "version_value" : "8.1.10.000" - } - ] - }, - "product_name" : "Spectrum Protect Server" - } - ] - } + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] } - ] - } - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "A" : "N", - "AC" : "H", - "C" : "L", - "S" : "U", - "AV" : "L", - "I" : "N", - "PR" : "N", - "SCORE" : "2.900", - "UI" : "N" - } - } - }, - "data_format" : "MITRE" -} + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6323765", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6323765 (Spectrum Protect Server)", + "name": "https://www.ibm.com/support/pages/node/6323765" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184746", + "title": "X-Force Vulnerability Report", + "name": "ibm-spectrum-cve20204591-info-disc (184746)" + } + ] + }, + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4591", + "DATE_PUBLIC": "2020-08-27T00:00:00" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "8.1.0.000" + }, + { + "version_value": "8.1.10.000" + } + ] + }, + "product_name": "Spectrum Protect Server" + } + ] + } + } + ] + } + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "A": "N", + "AC": "H", + "C": "L", + "S": "U", + "AV": "L", + "I": "N", + "PR": "N", + "SCORE": "2.900", + "UI": "N" + } + } + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9298.json b/2020/9xxx/CVE-2020-9298.json index 66c1bd2cd60..f5eacc0b38b 100644 --- a/2020/9xxx/CVE-2020-9298.json +++ b/2020/9xxx/CVE-2020-9298.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9298", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-report@netflix.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Netflix Orca Spinnaker", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version v8.7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-Side Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-003.md", + "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-003.md" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure." } ] }