From 1ea316b59d530f5f1c6ca5dd60d001bfba98121a Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Thu, 4 Oct 2018 09:26:37 -0400 Subject: [PATCH] IBM20181004-92637 Added CVE-2018-1819, CVE-2018-1604, CVE-2018-1602, CVE-2018-1603, CVE-2018-1670 --- 2018/1xxx/CVE-2018-1602.json | 115 +++++++++++++++++++++++++++++++--- 2018/1xxx/CVE-2018-1603.json | 117 ++++++++++++++++++++++++++++++++--- 2018/1xxx/CVE-2018-1604.json | 115 +++++++++++++++++++++++++++++++--- 2018/1xxx/CVE-2018-1670.json | 96 +++++++++++++++++++++++++--- 2018/1xxx/CVE-2018-1819.json | 114 +++++++++++++++++++++++++++++++--- 5 files changed, 514 insertions(+), 43 deletions(-) diff --git a/2018/1xxx/CVE-2018-1602.json b/2018/1xxx/CVE-2018-1602.json index 6c89241d84b..00186a70c44 100644 --- a/2018/1xxx/CVE-2018-1602.json +++ b/2018/1xxx/CVE-2018-1602.json @@ -1,17 +1,116 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1602", - "STATE" : "RESERVED" - }, "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", + "CVE_data_meta" : { + "ID" : "CVE-2018-1602", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2018-10-01T00:00:00" + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "E" : "H", + "RC" : "C" + }, + "BM" : { + "A" : "N", + "C" : "L", + "AC" : "L", + "PR" : "L", + "I" : "L", + "AV" : "N", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143792." + } + ] + }, + "data_type" : "CVE", + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.0" + }, + { + "version_value" : "6.0" + }, + { + "version_value" : "6.0.1" + }, + { + "version_value" : "6.0.2" + }, + { + "version_value" : "6.0.3" + }, + { + "version_value" : "6.0.4" + }, + { + "version_value" : "6.0.5" + }, + { + "version_value" : "6.0.6" + }, + { + "version_value" : "5.01" + }, + { + "version_value" : "5.02" + } + ] + }, + "product_name" : "Rational Quality Manager" + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733641", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733641", + "title" : "IBM Security Bulletin 733641 (Rational Quality Manager)", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-rqm-cve20181602-xss (143792)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143792" } ] } diff --git a/2018/1xxx/CVE-2018-1603.json b/2018/1xxx/CVE-2018-1603.json index 5c9b2244acc..35f5105c748 100644 --- a/2018/1xxx/CVE-2018-1603.json +++ b/2018/1xxx/CVE-2018-1603.json @@ -1,18 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1603", - "STATE" : "RESERVED" - }, "data_format" : "MITRE", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2018-10-01T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2018-1603", + "STATE" : "PUBLIC" + }, + "impact" : { + "cvssv3" : { + "BM" : { + "I" : "L", + "A" : "N", + "AC" : "L", + "C" : "L", + "PR" : "L", + "UI" : "R", + "AV" : "N", + "S" : "C", + "SCORE" : "5.400" + }, + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "H" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Cross-Site Scripting", + "lang" : "eng" + } + ] + } + ] + }, "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143793.", + "lang" : "eng" } ] - } + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 733641 (Rational Quality Manager)", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733641", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733641" + }, + { + "title" : "X-Force Vulnerability Report", + "name" : "ibm-rqm-cve20181603-xss (143793)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143793", + "refsource" : "XF" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.0" + }, + { + "version_value" : "6.0" + }, + { + "version_value" : "6.0.1" + }, + { + "version_value" : "6.0.2" + }, + { + "version_value" : "6.0.3" + }, + { + "version_value" : "6.0.4" + }, + { + "version_value" : "6.0.5" + }, + { + "version_value" : "6.0.6" + }, + { + "version_value" : "5.01" + }, + { + "version_value" : "5.02" + } + ] + }, + "product_name" : "Rational Quality Manager" + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, + "data_version" : "4.0" } diff --git a/2018/1xxx/CVE-2018-1604.json b/2018/1xxx/CVE-2018-1604.json index 17644745b13..6c486d91520 100644 --- a/2018/1xxx/CVE-2018-1604.json +++ b/2018/1xxx/CVE-2018-1604.json @@ -1,18 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1604", - "STATE" : "RESERVED" + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733641", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733641", + "title" : "IBM Security Bulletin 733641 (Rational Quality Manager)", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-rqm-cve20181604-xss (143794)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143794" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Rational Quality Manager", + "version" : { + "version_data" : [ + { + "version_value" : "5.0" + }, + { + "version_value" : "6.0" + }, + { + "version_value" : "6.0.1" + }, + { + "version_value" : "6.0.2" + }, + { + "version_value" : "6.0.3" + }, + { + "version_value" : "6.0.4" + }, + { + "version_value" : "6.0.5" + }, + { + "version_value" : "6.0.6" + }, + { + "version_value" : "5.01" + }, + { + "version_value" : "5.02" + } + ] + } + } + ] + } + } + ] + } }, - "data_format" : "MITRE", - "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143794." } ] - } + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ID" : "CVE-2018-1604", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-10-01T00:00:00" + }, + "impact" : { + "cvssv3" : { + "BM" : { + "I" : "L", + "A" : "N", + "C" : "L", + "AC" : "L", + "PR" : "L", + "UI" : "R", + "AV" : "N", + "S" : "C", + "SCORE" : "5.400" + }, + "TM" : { + "RL" : "O", + "E" : "H", + "RC" : "C" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "data_format" : "MITRE" } diff --git a/2018/1xxx/CVE-2018-1670.json b/2018/1xxx/CVE-2018-1670.json index 33b3a30f994..f6068c316ef 100644 --- a/2018/1xxx/CVE-2018-1670.json +++ b/2018/1xxx/CVE-2018-1670.json @@ -1,18 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1670", - "STATE" : "RESERVED" - }, "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "S" : "U", + "AV" : "N", + "SCORE" : "3.100", + "UI" : "N", + "A" : "N", + "AC" : "H", + "PR" : "L", + "C" : "L", + "I" : "N" + } + } + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2018-1670", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2018-10-02T00:00:00" + }, "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. IBM X-Force ID: 144946.", + "lang" : "eng" } ] - } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Financial Transaction Manager", + "version" : { + "version_data" : [ + { + "version_value" : "3.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 731549 (Financial Transaction Manager)", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10731549", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10731549" + }, + { + "title" : "IBM Security Bulletin 731547 (Financial Transaction Manager)", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10731547", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10731547", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-ftm-cve20181670-info-disc (144946)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144946" + } + ] + }, + "data_version" : "4.0" } diff --git a/2018/1xxx/CVE-2018-1819.json b/2018/1xxx/CVE-2018-1819.json index 8779e282827..4c3da19a9b7 100644 --- a/2018/1xxx/CVE-2018-1819.json +++ b/2018/1xxx/CVE-2018-1819.json @@ -1,18 +1,114 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1819", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 150023." } ] + }, + "data_type" : "CVE", + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10732367", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10732367", + "title" : "IBM Security Bulletin 732367 (Financial Transaction Manager)" + }, + { + "title" : "IBM Security Bulletin 732361 (Financial Transaction Manager)", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10732361", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10732361", + "refsource" : "CONFIRM" + }, + { + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10732357", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10732357", + "title" : "IBM Security Bulletin 732357 (Financial Transaction Manager)" + }, + { + "name" : "ibm-ftm-cve20181819-sql-injection (150023)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150023", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "3.0.2" + }, + { + "version_value" : "3.0.4" + }, + { + "version_value" : "3.0.6" + }, + { + "version_value" : "3.2.0" + }, + { + "version_value" : "3.2.0.0" + } + ] + }, + "product_name" : "Financial Transaction Manager" + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Data Manipulation" + } + ] + } + ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2018-10-02T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2018-1819", + "STATE" : "PUBLIC" + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "L", + "PR" : "L", + "C" : "L", + "AC" : "L", + "I" : "L", + "S" : "U", + "AV" : "N", + "SCORE" : "6.300", + "UI" : "N" + }, + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + } + } } }