From 68b35a35ce72f0eeab65154f2b5bcd339941e4eb Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Tue, 2 Apr 2019 09:09:11 -0400 Subject: [PATCH] IBM20190402-9911 Added CVE-2018-1618, CVE-2018-1917, CVE-2018-1625, CVE-2018-1622, CVE-2018-1623, CVE-2019-4043, CVE-2018-1640, CVE-2018-1680, CVE-2019-4080, CVE-2018-1626, CVE-2018-1874, CVE-2019-4093, CVE-2018-1906 --- 2018/1xxx/CVE-2018-1618.json | 102 +++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1622.json | 102 +++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1623.json | 102 +++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1625.json | 102 +++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1626.json | 102 +++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1640.json | 102 +++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1680.json | 102 +++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1874.json | 105 ++++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1906.json | 108 +++++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1917.json | 108 +++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4043.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4080.json | 111 ++++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4093.json | 102 +++++++++++++++++++++++++++----- 13 files changed, 1158 insertions(+), 195 deletions(-) diff --git a/2018/1xxx/CVE-2018-1618.json b/2018/1xxx/CVE-2018-1618.json index fd4b9d90275..4d71971345d 100644 --- a/2018/1xxx/CVE-2018-1618.json +++ b/2018/1xxx/CVE-2018-1618.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1618", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "I" : "N", + "SCORE" : "7.700", + "PR" : "L", + "AC" : "L", + "S" : "C", + "C" : "H", + "UI" : "N", + "AV" : "N" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + } + } + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144343.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.1.1" + } + ] + }, + "product_name" : "Security Privileged Identity Manager" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2018-1618", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-29T00:00:00" + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)" + }, + { + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144343", + "name" : "ibm-pim-cve20181618-info-disc (144343)", + "refsource" : "XF" + } + ] + } +} diff --git a/2018/1xxx/CVE-2018-1622.json b/2018/1xxx/CVE-2018-1622.json index 6cf409a1375..d3414db9e8f 100644 --- a/2018/1xxx/CVE-2018-1622.json +++ b/2018/1xxx/CVE-2018-1622.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1622", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Security Privileged Identity Manager", + "version" : { + "version_data" : [ + { + "version_value" : "2.1.1" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144348", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-pim-cve20181622-csrf (144348)" + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-29T00:00:00", + "ID" : "CVE-2018-1622", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "I" : "L", + "SCORE" : "4.300", + "A" : "N", + "AV" : "N", + "S" : "U", + "AC" : "L", + "PR" : "N", + "UI" : "R", + "C" : "N" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "data_format" : "MITRE" +} diff --git a/2018/1xxx/CVE-2018-1623.json b/2018/1xxx/CVE-2018-1623.json index 421fbc4f581..d51211b6169 100644 --- a/2018/1xxx/CVE-2018-1623.json +++ b/2018/1xxx/CVE-2018-1623.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1623", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "AV" : "L", + "PR" : "N", + "S" : "U", + "AC" : "L", + "C" : "L", + "UI" : "N", + "I" : "N", + "SCORE" : "4.000", + "A" : "N" + } + } + }, + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408.", + "lang" : "eng" + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2018-1623", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-29T00:00:00" + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093" + }, + { + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144408", + "name" : "ibm-pim-cve20181623-info-disc (144408)", + "refsource" : "XF" + } + ] + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Security Privileged Identity Manager", + "version" : { + "version_data" : [ + { + "version_value" : "2.1.1" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2018/1xxx/CVE-2018-1625.json b/2018/1xxx/CVE-2018-1625.json index e80f7fc8f4e..fb8e4941ff6 100644 --- a/2018/1xxx/CVE-2018-1625.json +++ b/2018/1xxx/CVE-2018-1625.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1625", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "SCORE" : "4.300", + "I" : "N", + "UI" : "N", + "C" : "L", + "AC" : "L", + "S" : "U", + "PR" : "L", + "AV" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "data_format" : "MITRE", + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.1.1" + } + ] + }, + "product_name" : "Security Privileged Identity Manager" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)" + }, + { + "refsource" : "XF", + "name" : "ibm-pim-cve20181625-info-disc (144410)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144410", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-29T00:00:00", + "ID" : "CVE-2018-1625", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 144410." + } + ] + }, + "data_type" : "CVE" +} diff --git a/2018/1xxx/CVE-2018-1626.json b/2018/1xxx/CVE-2018-1626.json index 04a56d292d5..114a08f1430 100644 --- a/2018/1xxx/CVE-2018-1626.json +++ b/2018/1xxx/CVE-2018-1626.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1626", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 144411." + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093" + }, + { + "refsource" : "XF", + "name" : "ibm-pim-cve20181626-info-disc (144411)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144411", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-29T00:00:00", + "ID" : "CVE-2018-1626", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.1.1" + } + ] + }, + "product_name" : "Security Privileged Identity Manager" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "data_version" : "4.0", + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "I" : "N", + "SCORE" : "3.100", + "AC" : "H", + "S" : "U", + "PR" : "L", + "UI" : "N", + "C" : "L", + "AV" : "N" + }, + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + } + } + } +} diff --git a/2018/1xxx/CVE-2018-1640.json b/2018/1xxx/CVE-2018-1640.json index 604d0a74eb5..4dbea809925 100644 --- a/2018/1xxx/CVE-2018-1640.json +++ b/2018/1xxx/CVE-2018-1640.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1640", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "BM" : { + "UI" : "N", + "C" : "H", + "S" : "U", + "AC" : "L", + "PR" : "L", + "AV" : "N", + "A" : "H", + "SCORE" : "8.800", + "I" : "H" + }, + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + } + } + }, + "data_format" : "MITRE", + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Access", + "lang" : "eng" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.1.1" + } + ] + }, + "product_name" : "Security Privileged Identity Manager" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144580", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-pim-cve20181640-command-exec (144580)" + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2018-1640", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-29T00:00:00" + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 144580.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE" +} diff --git a/2018/1xxx/CVE-2018-1680.json b/2018/1xxx/CVE-2018-1680.json index 7f78e69b7b6..0850149b20f 100644 --- a/2018/1xxx/CVE-2018-1680.json +++ b/2018/1xxx/CVE-2018-1680.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1680", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "H", + "UI" : "N", + "PR" : "N", + "S" : "U", + "AC" : "H", + "AV" : "N", + "A" : "N", + "SCORE" : "5.900", + "I" : "N" + }, + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + } + } + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-29T00:00:00", + "ID" : "CVE-2018-1680", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "refsource" : "CONFIRM" + }, + { + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145236", + "name" : "ibm-sim-cve20181680-info-disc (145236)", + "refsource" : "XF" + } + ] + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Security Privileged Identity Manager", + "version" : { + "version_data" : [ + { + "version_value" : "2.1.1" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236.", + "lang" : "eng" + } + ] + } +} diff --git a/2018/1xxx/CVE-2018-1874.json b/2018/1xxx/CVE-2018-1874.json index 5b7a3734133..f201dca5206 100644 --- a/2018/1xxx/CVE-2018-1874.json +++ b/2018/1xxx/CVE-2018-1874.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1874", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.0.0.0" + }, + { + "version_value" : "5.0.8.5" + } + ] + }, + "product_name" : "API Connect" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-03-27T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2018-1874" + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10876994", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10876994", + "title" : "IBM Security Bulletin 876994 (API Connect)" + }, + { + "name" : "ibm-api-cve20181874-info-disc (151636)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151636" + } + ] + }, + "description" : { + "description_data" : [ + { + "value" : "IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "UI" : "N", + "C" : "H", + "AC" : "L", + "S" : "U", + "PR" : "N", + "AV" : "P", + "A" : "N", + "SCORE" : "4.600", + "I" : "N" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "data_format" : "MITRE" +} diff --git a/2018/1xxx/CVE-2018-1906.json b/2018/1xxx/CVE-2018-1906.json index 59c9788af0c..402bea8746c 100644 --- a/2018/1xxx/CVE-2018-1906.json +++ b/2018/1xxx/CVE-2018-1906.json @@ -1,18 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1906", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663.", + "lang" : "eng" + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2018-1906", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-29T00:00:00" + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872320", + "title" : "IBM Security Bulletin 872320 (InfoSphere Information Server)", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872320" + }, + { + "refsource" : "XF", + "name" : "ibm-infosphere-cve20181906-info-disc (152663)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152663", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "11.3" + }, + { + "version_value" : "11.5" + }, + { + "version_value" : "11.7" + } + ] + }, + "product_name" : "InfoSphere Information Server" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + }, + "BM" : { + "AV" : "N", + "UI" : "N", + "C" : "L", + "AC" : "L", + "S" : "U", + "PR" : "L", + "SCORE" : "4.300", + "I" : "N", + "A" : "N" + } + } + } +} diff --git a/2018/1xxx/CVE-2018-1917.json b/2018/1xxx/CVE-2018-1917.json index 73ffb176cff..f565ebf0304 100644 --- a/2018/1xxx/CVE-2018-1917.json +++ b/2018/1xxx/CVE-2018-1917.json @@ -1,18 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1917", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "11.3" + }, + { + "version_value" : "11.5" + }, + { + "version_value" : "11.7" + } + ] + }, + "product_name" : "InfoSphere Information Server" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-29T00:00:00", + "ID" : "CVE-2018-1917", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872274", + "title" : "IBM Security Bulletin 872274 (InfoSphere Information Server)", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872274" + }, + { + "refsource" : "XF", + "name" : "ibm-infosphere-cve20181917-info-disc (152784)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152784", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "AV" : "A", + "PR" : "L", + "AC" : "L", + "S" : "U", + "C" : "L", + "UI" : "N", + "I" : "N", + "SCORE" : "3.500", + "A" : "N" + } + } + }, + "data_format" : "MITRE" +} diff --git a/2019/4xxx/CVE-2019-4043.json b/2019/4xxx/CVE-2019-4043.json index e81fcc7d1d5..4d36fc48b9e 100644 --- a/2019/4xxx/CVE-2019-4043.json +++ b/2019/4xxx/CVE-2019-4043.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4043", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "BM" : { + "AV" : "N", + "PR" : "L", + "AC" : "L", + "S" : "U", + "C" : "H", + "UI" : "N", + "I" : "N", + "SCORE" : "7.100", + "A" : "L" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.2.0" + }, + { + "version_value" : "6.0.0.0" + } + ] + }, + "product_name" : "Sterling B2B Integrator" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874238", + "title" : "IBM Security Bulletin 874238 (Sterling B2B Integrator)", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874238" + }, + { + "name" : "ibm-sterling-cve20194043-xxe (156239)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/156239" + } + ] + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4043", + "DATE_PUBLIC" : "2019-03-29T00:00:00", + "STATE" : "PUBLIC" + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 156239.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE" +} diff --git a/2019/4xxx/CVE-2019-4080.json b/2019/4xxx/CVE-2019-4080.json index 333557d0f92..52862d34bc9 100644 --- a/2019/4xxx/CVE-2019-4080.json +++ b/2019/4xxx/CVE-2019-4080.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4080", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "BM" : { + "AV" : "N", + "C" : "N", + "UI" : "N", + "PR" : "L", + "AC" : "L", + "S" : "U", + "SCORE" : "6.500", + "I" : "N", + "A" : "H" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + } + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4080", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-26T00:00:00" + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10875692", + "title" : "IBM Security Bulletin 875692 (WebSphere Application Server)", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10875692" + }, + { + "refsource" : "XF", + "name" : "ibm-websphere-cve20194080-dos (157380)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157380", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Denial of Service", + "lang" : "eng" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "WebSphere Application Server", + "version" : { + "version_data" : [ + { + "version_value" : "7.0" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.5" + }, + { + "version_value" : "9.0" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "value" : "IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380.", + "lang" : "eng" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4093.json b/2019/4xxx/CVE-2019-4093.json index 2caf6b2b14c..1b16b550cd9 100644 --- a/2019/4xxx/CVE-2019-4093.json +++ b/2019/4xxx/CVE-2019-4093.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4093", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "8.1.7" + } + ] + }, + "product_name" : "Spectrum Protect" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10875518", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 0875518 (Spectrum Protect)", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10875518" + }, + { + "name" : "ibm-tsm-cve20194093-info-disc (157981)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157981" + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-14T00:00:00", + "ID" : "CVE-2019-4093", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981." + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "AV" : "L", + "PR" : "N", + "AC" : "L", + "S" : "U", + "C" : "L", + "UI" : "N", + "I" : "L", + "SCORE" : "5.100", + "A" : "N" + } + } + }, + "data_format" : "MITRE" +}