admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20190205-122450

Browse Source 
Added CVE-2017-1200, CVE-2017-1198, CVE-2017-1177, CVE-2017-1202
This commit is contained in:
Scott Moore - IBM 2019-02-05 12:24:50 -05:00
parent 42404e5bff
commit 20b8a62de4
No known key found for this signature in database
GPG Key ID: 95B9EA1B824C2926
4 changed files with 331 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
2017/1xxx/CVE-2017-1177.json
View File

@ -1,17 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1177",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123429."
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1177",
"DATE_PUBLIC" : "2018-10-30T00:00:00"
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "L",
"PR" : "N",
"A" : "N",
"I" : "N",
"S" : "U",
"UI" : "N",
"SCORE" : "5.300",
"AC" : "L",
"AV" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BigFix Compliance",
"version" : {
"version_data" : [
{
"version_value" : "1.7"
},
{
"version_value" : "1.9.91"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581",
"title" : "IBM Security Bulletin 0737581",
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581"
},
{
"name" : "ibm-bigfix-cve20171177-info-disc (123429)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123429",
"title" : "X-Force Vulnerability Report"
}
]
}

87
2017/1xxx/CVE-2017-1198.json
View File

@ -1,17 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1198",
"STATE" : "RESERVED"
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "BigFix Compliance",
"version" : {
"version_data" : [
{
"version_value" : "1.7"
},
{
"version_value" : "1.9.91"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1198",
"DATE_PUBLIC" : "2018-10-30T00:00:00"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"A" : "N",
"I" : "N",
"PR" : "N",
"C" : "L",
"AC" : "H",
"AV" : "N",
"SCORE" : "3.700",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 0737581",
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581",
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123673",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-bigfix-cve20171198-info-disc (123673)"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123673."
}
]
}

91
2017/1xxx/CVE-2017-1200.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1200",
"STATE" : "RESERVED"
"references" : {
"reference_data" : [
{
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581",
"title" : "IBM Security Bulletin 0737581",
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-bigfix-cve20171200-info-disc (123675)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123675"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "BigFix Compliance",
"version" : {
"version_data" : [
{
"version_value" : "1.7"
},
{
"version_value" : "1.9.91"
}
]
}
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"SCORE" : "3.700",
"AV" : "N",
"AC" : "H",
"C" : "L",
"PR" : "N",
"I" : "N",
"A" : "N",
"S" : "U"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-10-30T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1200",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675."
}
]
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE"
}

95
2017/1xxx/CVE-2017-1202.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1202",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 123677.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 0737581",
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581",
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-bigfix-cve20171202-html-injection (123677)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123677",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"S" : "C",
"A" : "N",
"I" : "L",
"C" : "L",
"PR" : "L",
"AC" : "L",
"AV" : "N",
"SCORE" : "5.400",
"UI" : "R"
}
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-10-30T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1202"
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.7"
},
{
"version_value" : "1.9.91"
}
]
},
"product_name" : "BigFix Compliance"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
}