From 23e5aa2e9bd86bc9c7d566a56d1be9f2b71e69ab Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Thu, 23 Sep 2021 12:02:13 -0400 Subject: [PATCH] IBM20210923-12213 Added CVE-2020-4690, CVE-2020-4805, CVE-2021-38863, CVE-2020-4803, CVE-2020-4809, CVE-2021-20377, CVE-2021-29800 --- 2020/4xxx/CVE-2020-4690.json | 102 ++++++++++++++++++++++++++++----- 2020/4xxx/CVE-2020-4803.json | 102 ++++++++++++++++++++++++++++----- 2020/4xxx/CVE-2020-4805.json | 102 ++++++++++++++++++++++++++++----- 2020/4xxx/CVE-2020-4809.json | 102 ++++++++++++++++++++++++++++----- 2021/20xxx/CVE-2021-20377.json | 102 ++++++++++++++++++++++++++++----- 2021/29xxx/CVE-2021-29800.json | 102 ++++++++++++++++++++++++++++----- 2021/38xxx/CVE-2021-38863.json | 102 ++++++++++++++++++++++++++++----- 7 files changed, 609 insertions(+), 105 deletions(-) diff --git a/2020/4xxx/CVE-2020-4690.json b/2020/4xxx/CVE-2020-4690.json index 5d4086a0e58..dd4697986a8 100644 --- a/2020/4xxx/CVE-2020-4690.json +++ b/2020/4xxx/CVE-2020-4690.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4690", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_version" : "4.0", + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6491125 (Security Guardium)", + "name" : "https://www.ibm.com/support/pages/node/6491125", + "url" : "https://www.ibm.com/support/pages/node/6491125", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186697", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-guardium-cve20204690-info-disc (186697)" + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "11.3" + } + ] + }, + "product_name" : "Security Guardium" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "AV" : "N", + "A" : "N", + "C" : "H", + "PR" : "N", + "AC" : "L", + "S" : "U", + "UI" : "N", + "SCORE" : "7.500", + "I" : "N" + } + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.", + "lang" : "eng" + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2020-4690", + "DATE_PUBLIC" : "2021-09-21T00:00:00" + } +} diff --git a/2020/4xxx/CVE-2020-4803.json b/2020/4xxx/CVE-2020-4803.json index 76209f5c242..7a521c84322 100644 --- a/2020/4xxx/CVE-2020-4803.json +++ b/2020/4xxx/CVE-2020-4803.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4803", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535." + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "UI" : "N", + "S" : "U", + "I" : "N", + "SCORE" : "4.000", + "PR" : "N", + "AC" : "L", + "C" : "L", + "A" : "N", + "AV" : "L" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Edge", + "version" : { + "version_data" : [ + { + "version_value" : "4.2" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-09-22T00:00:00", + "ID" : "CVE-2020-4803" + }, + "data_type" : "CVE", + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6491625 (Edge)", + "name" : "https://www.ibm.com/support/pages/node/6491625", + "url" : "https://www.ibm.com/support/pages/node/6491625" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189535", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-edge-cve20204803-info-disc (189535)", + "refsource" : "XF" + } + ] + }, + "data_format" : "MITRE" +} diff --git a/2020/4xxx/CVE-2020-4805.json b/2020/4xxx/CVE-2020-4805.json index 3da97ea8886..1233ec693c8 100644 --- a/2020/4xxx/CVE-2020-4805.json +++ b/2020/4xxx/CVE-2020-4805.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4805", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_version" : "4.0", + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/6491633", + "title" : "IBM Security Bulletin 6491633 (Edge)", + "url" : "https://www.ibm.com/support/pages/node/6491633", + "refsource" : "CONFIRM" + }, + { + "name" : "ibm-edge-cve20204805-info-disc (189539)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189539", + "refsource" : "XF" + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539." + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + }, + "BM" : { + "A" : "N", + "C" : "L", + "AV" : "L", + "AC" : "L", + "PR" : "N", + "I" : "N", + "SCORE" : "4.000", + "UI" : "N", + "S" : "U" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "4.2" + } + ] + }, + "product_name" : "Edge" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2020-4805", + "DATE_PUBLIC" : "2021-09-22T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com" + } +} diff --git a/2020/4xxx/CVE-2020-4809.json b/2020/4xxx/CVE-2020-4809.json index 2599e69dc5a..5423dbfc61e 100644 --- a/2020/4xxx/CVE-2020-4809.json +++ b/2020/4xxx/CVE-2020-4809.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4809", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/6491631", + "title" : "IBM Security Bulletin 6491631 (Edge)", + "name" : "https://www.ibm.com/support/pages/node/6491631" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189633", + "name" : "ibm-edge-cve20204809-info-disc (189633)", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_format" : "MITRE", + "data_version" : "4.0", + "data_type" : "CVE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2021-09-22T00:00:00", + "ID" : "CVE-2020-4809" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Edge", + "version" : { + "version_data" : [ + { + "version_value" : "4.2" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "UI" : "N", + "S" : "U", + "SCORE" : "4.000", + "I" : "N", + "A" : "N", + "C" : "L", + "AV" : "L", + "PR" : "N", + "AC" : "L" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + } +} diff --git a/2021/20xxx/CVE-2021-20377.json b/2021/20xxx/CVE-2021-20377.json index 96864d4e479..48188842c9c 100644 --- a/2021/20xxx/CVE-2021-20377.json +++ b/2021/20xxx/CVE-2021-20377.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-20377", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta" : { + "DATE_PUBLIC" : "2021-09-21T00:00:00", + "ID" : "CVE-2021-20377", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "11.3" + } + ] + }, + "product_name" : "Security Guardium" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.", + "lang" : "eng" + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "AV" : "N", + "A" : "N", + "C" : "L", + "AC" : "L", + "PR" : "H", + "SCORE" : "2.700", + "I" : "N", + "S" : "U", + "UI" : "N" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6491125 (Security Guardium)", + "name" : "https://www.ibm.com/support/pages/node/6491125", + "url" : "https://www.ibm.com/support/pages/node/6491125", + "refsource" : "CONFIRM" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/195569", + "name" : "ibm-guardium-cve202120377-info-disc (195569)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + }, + "data_format" : "MITRE", + "data_version" : "4.0", + "data_type" : "CVE" +} diff --git a/2021/29xxx/CVE-2021-29800.json b/2021/29xxx/CVE-2021-29800.json index 77ae1e7988a..08d02607017 100644 --- a/2021/29xxx/CVE-2021-29800.json +++ b/2021/29xxx/CVE-2021-29800.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-29800", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_version" : "4.0", + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6491109 (Jazz for Service Management)", + "name" : "https://www.ibm.com/support/pages/node/6491109", + "url" : "https://www.ibm.com/support/pages/node/6491109" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/203906", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-tivoli-cve202129800-xss (203906)", + "refsource" : "XF" + } + ] + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "H" + }, + "BM" : { + "AC" : "L", + "PR" : "L", + "C" : "L", + "A" : "N", + "AV" : "N", + "SCORE" : "6.400", + "I" : "L", + "UI" : "N", + "S" : "C" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Jazz for Service Management", + "version" : { + "version_data" : [ + { + "version_value" : "1.1.3.10" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2021-09-21T00:00:00", + "ID" : "CVE-2021-29800", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC" + } +} diff --git a/2021/38xxx/CVE-2021-38863.json b/2021/38xxx/CVE-2021-38863.json index 7532d56f329..62b3193a291 100644 --- a/2021/38xxx/CVE-2021-38863.json +++ b/2021/38xxx/CVE-2021-38863.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-38863", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "1.0.5.0" + } + ] + }, + "product_name" : "Security Verify Bridge" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "UI" : "N", + "S" : "C", + "SCORE" : "6.500", + "I" : "N", + "A" : "N", + "C" : "H", + "AV" : "L", + "PR" : "L", + "AC" : "L" + } + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154." + } + ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2021-09-22T00:00:00", + "ID" : "CVE-2021-38863", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC" + }, + "data_type" : "CVE", + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/6491653", + "title" : "IBM Security Bulletin 6491653 (Security Verify Bridge)", + "url" : "https://www.ibm.com/support/pages/node/6491653" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/208154", + "name" : "ibm-sv-cve202138863-info-disc (208154)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + } +}