admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-03-30 17:00:37 +00:00
parent 497c099096
commit 27effea051
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
29 changed files with 1776 additions and 1516 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
2010/2xxx/CVE-2010-2068.json
View File

@ -216,6 +216,36 @@
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [7/13] - /httpd/site/trunk/content/security/json/",
"url": "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"url": "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1888222 - in /httpd/site/trunk/content/security/json: CVE-2010-2068.json CVE-2010-2791.json CVE-2011-0419.json CVE-2011-3368.json",
"url": "https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f@%3Ccvs.httpd.apache.org%3E"
}
]
}

30
2010/2xxx/CVE-2010-2791.json
View File

@ -111,6 +111,36 @@
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [7/13] - /httpd/site/trunk/content/security/json/",
"url": "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"url": "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1888222 - in /httpd/site/trunk/content/security/json: CVE-2010-2068.json CVE-2010-2791.json CVE-2011-0419.json CVE-2011-3368.json",
"url": "https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f@%3Ccvs.httpd.apache.org%3E"
}
]
}

45
2011/0xxx/CVE-2011-0419.json
View File

@ -311,6 +311,51 @@
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [7/13] - /httpd/site/trunk/content/security/json/",
"url": "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"url": "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1888222 - in /httpd/site/trunk/content/security/json: CVE-2010-2068.json CVE-2010-2791.json CVE-2011-0419.json CVE-2011-3368.json",
"url": "https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f@%3Ccvs.httpd.apache.org%3E"
}
]
}

5
2011/3xxx/CVE-2011-3368.json
View File

@ -316,6 +316,11 @@
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1888222 - in /httpd/site/trunk/content/security/json: CVE-2010-2068.json CVE-2010-2791.json CVE-2011-0419.json CVE-2011-3368.json",
"url": "https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f@%3Ccvs.httpd.apache.org%3E"
}
]
}

25
2016/8xxx/CVE-2016-8743.json
View File

@ -212,6 +212,31 @@
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1888217 - /httpd/site/trunk/content/security/json/CVE-2016-8743.json",
"url": "https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073163 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2016-8743.json security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1888221 - /httpd/site/trunk/content/security/json/CVE-2016-8743.json",
"url": "https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073161 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2016-8743.json security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239@%3Ccvs.httpd.apache.org%3E"
}
]
}

5
2020/23xxx/CVE-2020-23839.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1330",
"refsource": "MISC",
"name": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1330"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/162016/GetSimple-CMS-3.3.16-Cross-Site-Scripting-Shell-Upload.html",
"url": "http://packetstormsecurity.com/files/162016/GetSimple-CMS-3.3.16-Cross-Site-Scripting-Shell-Upload.html"
}
]
}

5
2020/27xxx/CVE-2020-27216.json
View File

@ -560,6 +560,11 @@
"refsource": "MLIST",
"name": "[beam-issues] 20210329 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/rb69b1d7008a4b3de5ce5867e41a455693907026bc70ead06867aa323@%3Cissues.beam.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[beam-issues] 20210330 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/r19e8b338af511641d211ff45c43646fe1ae19dc9897d69939c09cabe@%3Cissues.beam.apache.org%3E"
}
]
}

5
2020/27xxx/CVE-2020-27909.json
View File

@ -91,6 +91,11 @@
"refsource": "FULLDISC",
"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-374/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-374/"
}
]
},

184
2020/4xxx/CVE-2020-4848.json
View File

@ -1,96 +1,96 @@
{
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6437573 (UrbanCode Deploy)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6437573",
"url" : "https://www.ibm.com/support/pages/node/6437573"
},
{
"name" : "ibm-ucd-cve02204848-priv-escalation (190293)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190293",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.2.7.9"
},
{
"version_value" : "7.0.5.4"
},
{
"version_value" : "7.1.1.1"
}
]
},
"product_name" : "UrbanCode Deploy"
}
]
},
"vendor_name" : "IBM"
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293.",
"lang": "eng"
}
]
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6437573 (UrbanCode Deploy)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6437573",
"url": "https://www.ibm.com/support/pages/node/6437573"
},
{
"name": "ibm-ucd-cve02204848-priv-escalation (190293)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190293",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.2.7.9"
},
{
"version_value": "7.0.5.4"
},
{
"version_value": "7.1.1.1"
}
]
},
"product_name": "UrbanCode Deploy"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-03-29T00:00:00",
"ID" : "CVE-2020-4848"
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"A" : "N",
"C" : "L",
"AC" : "L",
"S" : "U",
"PR" : "L",
"I" : "L",
"SCORE" : "5.400",
"UI" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
}
}
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-03-29T00:00:00",
"ID": "CVE-2020-4848"
},
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"A": "N",
"C": "L",
"AC": "L",
"S": "U",
"PR": "L",
"I": "L",
"SCORE": "5.400",
"UI": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
}
}

186
2020/4xxx/CVE-2020-4884.json
View File

@ -1,96 +1,96 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-03-29T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4884"
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "H",
"AV" : "L",
"A" : "N",
"UI" : "N",
"SCORE" : "6.200",
"AC" : "L",
"I" : "N",
"PR" : "N",
"S" : "U"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "UrbanCode Deploy",
"version" : {
"version_data" : [
{
"version_value" : "6.2.7.9"
},
{
"version_value" : "7.0.5.4"
},
{
"version_value" : "7.1.1.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
},
"data_format" : "MITRE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6437565",
"name" : "https://www.ibm.com/support/pages/node/6437565",
"title" : "IBM Security Bulletin 6437565 (UrbanCode Deploy)",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190908",
"name" : "ibm-ucd-cve20204884-info-disc (190908)"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.",
"lang" : "eng"
}
]
}
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-03-29T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4884"
},
"impact": {
"cvssv3": {
"BM": {
"C": "H",
"AV": "L",
"A": "N",
"UI": "N",
"SCORE": "6.200",
"AC": "L",
"I": "N",
"PR": "N",
"S": "U"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.2.7.9"
},
{
"version_value": "7.0.5.4"
},
{
"version_value": "7.1.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6437565",
"name": "https://www.ibm.com/support/pages/node/6437565",
"title": "IBM Security Bulletin 6437565 (UrbanCode Deploy)",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190908",
"name": "ibm-ucd-cve20204884-info-disc (190908)"
}
]
},
"description": {
"description_data": [
{
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.",
"lang": "eng"
}
]
}
}

218
2020/4xxx/CVE-2020-4944.json
View File

@ -1,111 +1,111 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"SCORE" : "5.100",
"AC" : "H",
"I" : "N",
"PR" : "N",
"S" : "U",
"C" : "H",
"AV" : "L",
"A" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-03-29T00:00:00",
"ID" : "CVE-2020-4944"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain in plain text after a manuel edit, which can be read by a local user. IBM X-Force ID: 191944."
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6437567 (UrbanCode Deploy)",
"url" : "https://www.ibm.com/support/pages/node/6437567",
"name" : "https://www.ibm.com/support/pages/node/6437567"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191944",
"name" : "ibm-ucd-cve20204944-info-disc (191944)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0.3.0"
},
{
"version_value" : "7.0.4.0"
},
{
"version_value" : "7.1.0.0"
},
{
"version_value" : "7.0.5.3"
},
{
"version_value" : "7.1.1.0"
},
{
"version_value" : "7.0.5.4"
},
{
"version_value" : "7.1.1.1"
},
{
"version_value" : "7.1.1.2"
}
]
},
"product_name" : "UrbanCode Deploy"
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"SCORE": "5.100",
"AC": "H",
"I": "N",
"PR": "N",
"S": "U",
"C": "H",
"AV": "L",
"A": "N"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
]
}
},
"data_type" : "CVE"
}
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-03-29T00:00:00",
"ID": "CVE-2020-4944"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain in plain text after a manuel edit, which can be read by a local user. IBM X-Force ID: 191944."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6437567 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6437567",
"name": "https://www.ibm.com/support/pages/node/6437567"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191944",
"name": "ibm-ucd-cve20204944-info-disc (191944)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"data_version": "4.0",
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.0.3.0"
},
{
"version_value": "7.0.4.0"
},
{
"version_value": "7.1.0.0"
},
{
"version_value": "7.0.5.3"
},
{
"version_value": "7.1.1.0"
},
{
"version_value": "7.0.5.4"
},
{
"version_value": "7.1.1.1"
},
{
"version_value": "7.1.1.2"
}
]
},
"product_name": "UrbanCode Deploy"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_type": "CVE"
}

5
2021/20xxx/CVE-2021-20271.json
View File

@ -58,6 +58,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-2383d950fd",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-8d52a8a999",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
}
]
},

280
2021/20xxx/CVE-2021-20352.json
View File

@ -1,144 +1,144 @@
{
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6437579",
"title" : "IBM Security Bulletin 6437579 (Rational Team Concert)",
"name" : "https://www.ibm.com/support/pages/node/6437579"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/194710",
"refsource" : "XF",
"name" : "ibm-engineering-cve202120352-xss (194710)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ID" : "CVE-2021-20352",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-03-29T00:00:00",
"STATE" : "PUBLIC"
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"A" : "N",
"PR" : "L",
"S" : "C",
"I" : "L",
"SCORE" : "5.400",
"AV" : "N",
"C" : "L",
"UI" : "R"
},
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194710.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Engineering Workflow Management"
},
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Engineering Lifecycle Optimization"
},
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
},
"product_name" : "Rational Engineering Lifecycle Manager"
},
{
"product_name" : "Rational Team Concert",
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6437579",
"title": "IBM Security Bulletin 6437579 (Rational Team Concert)",
"name": "https://www.ibm.com/support/pages/node/6437579"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194710",
"refsource": "XF",
"name": "ibm-engineering-cve202120352-xss (194710)",
"title": "X-Force Vulnerability Report"
}
]
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
},
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-20352",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-03-29T00:00:00",
"STATE": "PUBLIC"
},
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"A": "N",
"PR": "L",
"S": "C",
"I": "L",
"SCORE": "5.400",
"AV": "N",
"C": "L",
"UI": "R"
},
"TM": {
"RL": "O",
"E": "H",
"RC": "C"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194710.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Engineering Workflow Management"
},
{
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Engineering Lifecycle Optimization"
},
{
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
},
"product_name": "Rational Engineering Lifecycle Manager"
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_type" : "CVE"
}
}
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE"
}

284
2021/20xxx/CVE-2021-20447.json
View File

@ -1,144 +1,144 @@
{
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Rational Engineering Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
}
},
{
"product_name" : "Rational Team Concert",
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
}
},
{
"product_name" : "Engineering Workflow Management",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
},
{
"product_name" : "Engineering Lifecycle Optimization",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196623.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
}
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6437579",
"title" : "IBM Security Bulletin 6437579 (Rational Team Concert)",
"name" : "https://www.ibm.com/support/pages/node/6437579"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196623",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-engineering-cve202120447-xss (196623)"
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-20447",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-03-29T00:00:00"
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"C" : "L",
"UI" : "R",
"AV" : "N",
"SCORE" : "5.400",
"I" : "L",
"S" : "C",
"PR" : "L",
"A" : "N",
"AC" : "L"
}
}
}
}
}
},
"description": {
"description_data": [
{
"value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196623.",
"lang": "eng"
}
]
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6437579",
"title": "IBM Security Bulletin 6437579 (Rational Team Concert)",
"name": "https://www.ibm.com/support/pages/node/6437579"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196623",
"title": "X-Force Vulnerability Report",
"name": "ibm-engineering-cve202120447-xss (196623)"
}
]
},
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-20447",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-03-29T00:00:00"
},
"impact": {
"cvssv3": {
"TM": {
"E": "H",
"RL": "O",
"RC": "C"
},
"BM": {
"C": "L",
"UI": "R",
"AV": "N",
"SCORE": "5.400",
"I": "L",
"S": "C",
"PR": "L",
"A": "N",
"AC": "L"
}
}
}
}

182
2021/20xxx/CVE-2021-20482.json
View File

@ -1,93 +1,93 @@
{
"data_type" : "CVE",
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cloud Pak for Automation",
"version" : {
"version_data" : [
{
"version_value" : "20.0.2"
},
{
"version_value" : "20.0.3.IF002"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197504.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6437577",
"url" : "https://www.ibm.com/support/pages/node/6437577",
"title" : "IBM Security Bulletin 6437577 (Cloud Pak for Automation)",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-baw-cve202120482-xxe (197504)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/197504",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"data_type": "CVE",
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak for Automation",
"version": {
"version_data": [
{
"version_value": "20.0.2"
},
{
"version_value": "20.0.3.IF002"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-03-29T00:00:00",
"ID" : "CVE-2021-20482"
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"PR" : "L",
"I" : "N",
"AC" : "L",
"SCORE" : "7.100",
"UI" : "N",
"A" : "L",
"AV" : "N",
"C" : "H"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
}
}
}
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197504.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6437577",
"url": "https://www.ibm.com/support/pages/node/6437577",
"title": "IBM Security Bulletin 6437577 (Cloud Pak for Automation)",
"refsource": "CONFIRM"
},
{
"name": "ibm-baw-cve202120482-xxe (197504)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197504",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-03-29T00:00:00",
"ID": "CVE-2021-20482"
},
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"PR": "L",
"I": "N",
"AC": "L",
"SCORE": "7.100",
"UI": "N",
"A": "L",
"AV": "N",
"C": "H"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
}
}

282
2021/20xxx/CVE-2021-20502.json
View File

@ -1,144 +1,144 @@
{
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Engineering Lifecycle Optimization",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Engineering Workflow Management"
},
{
"product_name" : "Rational Engineering Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
}
},
{
"product_name" : "Rational Team Concert",
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "7.100",
"I" : "N",
"C" : "H",
"UI" : "N",
"AV" : "N",
"AC" : "L",
"A" : "L",
"S" : "U",
"PR" : "L"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-03-29T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-20502"
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6437579",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6437579",
"title" : "IBM Security Bulletin 6437579 (Rational Team Concert)"
},
{
"name" : "ibm-engineering-cve202120502-xxe (198059)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198059",
"refsource" : "XF"
}
]
}
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Engineering Workflow Management"
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"SCORE": "7.100",
"I": "N",
"C": "H",
"UI": "N",
"AV": "N",
"AC": "L",
"A": "L",
"S": "U",
"PR": "L"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-03-29T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-20502"
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6437579",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6437579",
"title": "IBM Security Bulletin 6437579 (Rational Team Concert)"
},
{
"name": "ibm-engineering-cve202120502-xxe (198059)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198059",
"refsource": "XF"
}
]
}
}

284
2021/20xxx/CVE-2021-20503.json
View File

@ -1,144 +1,144 @@
{
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-03-29T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-20503"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
},
"BM" : {
"SCORE" : "5.400",
"I" : "L",
"C" : "L",
"UI" : "R",
"AV" : "N",
"AC" : "L",
"A" : "N",
"S" : "C",
"PR" : "L"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6437579",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6437579",
"title" : "IBM Security Bulletin 6437579 (Rational Team Concert)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-engineering-cve202120503-xss (198182)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198182"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198182."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Engineering Workflow Management"
},
{
"product_name" : "Engineering Lifecycle Optimization",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
},
{
"product_name" : "Rational Team Concert",
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
}
},
{
"product_name" : "Rational Engineering Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
}
}
]
}
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-03-29T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-20503"
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "H",
"RC": "C"
},
"BM": {
"SCORE": "5.400",
"I": "L",
"C": "L",
"UI": "R",
"AV": "N",
"AC": "L",
"A": "N",
"S": "C",
"PR": "L"
}
]
}
},
"data_version" : "4.0"
}
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6437579",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6437579",
"title": "IBM Security Bulletin 6437579 (Rational Team Concert)"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-engineering-cve202120503-xss (198182)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198182"
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198182."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Engineering Workflow Management"
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
}
}
]
}
},
"data_version": "4.0"
}

284
2021/20xxx/CVE-2021-20504.json
View File

@ -1,144 +1,144 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
},
"BM" : {
"I" : "L",
"SCORE" : "5.400",
"AV" : "N",
"UI" : "R",
"C" : "L",
"PR" : "L",
"S" : "C",
"AC" : "L",
"A" : "N"
}
}
},
"CVE_data_meta" : {
"ID" : "CVE-2021-20504",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-03-29T00:00:00",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6437579",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6437579",
"title" : "IBM Security Bulletin 6437579 (Rational Team Concert)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198231",
"refsource" : "XF",
"name" : "ibm-engineering-cve202120504-xss (198231)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
},
"product_name" : "Rational Team Concert"
},
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
},
"product_name" : "Rational Engineering Lifecycle Manager"
},
{
"product_name" : "Engineering Workflow Management",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Engineering Lifecycle Optimization"
}
]
}
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "H",
"RL": "O"
},
"BM": {
"I": "L",
"SCORE": "5.400",
"AV": "N",
"UI": "R",
"C": "L",
"PR": "L",
"S": "C",
"AC": "L",
"A": "N"
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231."
}
]
}
}
}
},
"CVE_data_meta": {
"ID": "CVE-2021-20504",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-03-29T00:00:00",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6437579",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6437579",
"title": "IBM Security Bulletin 6437579 (Rational Team Concert)"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198231",
"refsource": "XF",
"name": "ibm-engineering-cve202120504-xss (198231)",
"title": "X-Force Vulnerability Report"
}
]
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
},
"product_name": "Rational Team Concert"
},
{
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
},
"product_name": "Rational Engineering Lifecycle Manager"
},
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Engineering Lifecycle Optimization"
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231."
}
]
}
}

284
2021/20xxx/CVE-2021-20506.json
View File

@ -1,144 +1,144 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-20506",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-03-29T00:00:00"
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "R",
"C" : "L",
"AV" : "N",
"SCORE" : "5.400",
"I" : "L",
"A" : "N",
"AC" : "L",
"S" : "C",
"PR" : "L"
},
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
}
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6437579",
"title" : "IBM Security Bulletin 6437579 (Rational Team Concert)",
"name" : "https://www.ibm.com/support/pages/node/6437579"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198233",
"refsource" : "XF",
"name" : "ibm-engineering-cve202120506-xss (198233)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Engineering Lifecycle Optimization",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
},
{
"product_name" : "Engineering Workflow Management",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
},
{
"product_name" : "Rational Engineering Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
},
"product_name" : "Rational Team Concert"
}
]
},
"vendor_name" : "IBM"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-20506",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-03-29T00:00:00"
},
"impact": {
"cvssv3": {
"BM": {
"UI": "R",
"C": "L",
"AV": "N",
"SCORE": "5.400",
"I": "L",
"A": "N",
"AC": "L",
"S": "C",
"PR": "L"
},
"TM": {
"RL": "O",
"E": "H",
"RC": "C"
}
]
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231.",
"lang" : "eng"
}
]
}
}
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6437579",
"title": "IBM Security Bulletin 6437579 (Rational Team Concert)",
"name": "https://www.ibm.com/support/pages/node/6437579"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198233",
"refsource": "XF",
"name": "ibm-engineering-cve202120506-xss (198233)",
"title": "X-Force Vulnerability Report"
}
]
},
"data_format": "MITRE",
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
},
"product_name": "Rational Team Concert"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231.",
"lang": "eng"
}
]
}
}

280
2021/20xxx/CVE-2021-20518.json
View File

@ -1,144 +1,144 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6437579",
"title" : "IBM Security Bulletin 6437579 (Rational Team Concert)",
"url" : "https://www.ibm.com/support/pages/node/6437579",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-engineering-cve202120518-xss (198437)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198437",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"A" : "N",
"S" : "C",
"PR" : "L",
"SCORE" : "5.400",
"I" : "L",
"UI" : "R",
"C" : "L",
"AV" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-03-29T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-20518"
},
"description" : {
"description_data" : [
{
"value" : "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Engineering Lifecycle Optimization"
},
{
"product_name" : "Engineering Workflow Management",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
},
{
"product_name" : "Rational Team Concert",
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
}
},
{
"product_name" : "Rational Engineering Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"name": "https://www.ibm.com/support/pages/node/6437579",
"title": "IBM Security Bulletin 6437579 (Rational Team Concert)",
"url": "https://www.ibm.com/support/pages/node/6437579",
"refsource": "CONFIRM"
},
{
"name": "ibm-engineering-cve202120518-xss (198437)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198437",
"refsource": "XF"
}
]
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"A": "N",
"S": "C",
"PR": "L",
"SCORE": "5.400",
"I": "L",
"UI": "R",
"C": "L",
"AV": "N"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-03-29T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-20518"
},
"description": {
"description_data": [
{
"value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Engineering Lifecycle Optimization"
},
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_type" : "CVE"
}
}
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE"
}

284
2021/20xxx/CVE-2021-20520.json
View File

@ -1,144 +1,144 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-20520",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-03-29T00:00:00"
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"A" : "N",
"S" : "C",
"PR" : "L",
"SCORE" : "5.400",
"I" : "L",
"C" : "L",
"UI" : "R",
"AV" : "N"
},
"TM" : {
"E" : "H",
"RL" : "O",
"RC" : "C"
}
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6437579 (Rational Team Concert)",
"name" : "https://www.ibm.com/support/pages/node/6437579",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6437579"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-engineering-cve202120520-xss (198572)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198572"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Engineering Workflow Management"
},
{
"product_name" : "Engineering Lifecycle Optimization",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
},
{
"product_name" : "Rational Team Concert",
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
},
"product_name" : "Rational Engineering Lifecycle Manager"
}
]
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-20520",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-03-29T00:00:00"
},
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"A": "N",
"S": "C",
"PR": "L",
"SCORE": "5.400",
"I": "L",
"C": "L",
"UI": "R",
"AV": "N"
},
"TM": {
"E": "H",
"RL": "O",
"RC": "C"
}
]
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572.",
"lang" : "eng"
}
]
}
}
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6437579 (Rational Team Concert)",
"name": "https://www.ibm.com/support/pages/node/6437579",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6437579"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-engineering-cve202120520-xss (198572)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198572"
}
]
},
"data_format": "MITRE",
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Engineering Workflow Management"
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
},
"product_name": "Rational Engineering Lifecycle Manager"
}
]
}
}
]
}
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572.",
"lang": "eng"
}
]
}
}

30
2021/21xxx/CVE-2021-21290.json
View File

@ -196,6 +196,36 @@
"refsource": "MLIST",
"name": "[bookkeeper-issues] 20210330 [GitHub] [bookkeeper] eolivelli opened a new issue #2669: Update Netty to 4.1.60.final",
"url": "https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890@%3Cissues.bookkeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-dev] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904@%3Cdev.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-dev] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4@%3Cdev.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-jira] 20210330 [jira] [Updated] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-issues] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233@%3Cissues.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-jira] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-issues] 20210330 [jira] [Updated] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528@%3Cissues.zookeeper.apache.org%3E"
}
]
},

30
2021/21xxx/CVE-2021-21295.json
View File

@ -133,6 +133,36 @@
"refsource": "MLIST",
"name": "[bookkeeper-issues] 20210330 [GitHub] [bookkeeper] eolivelli opened a new issue #2669: Update Netty to 4.1.60.final",
"url": "https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890@%3Cissues.bookkeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-dev] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904@%3Cdev.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-dev] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4@%3Cdev.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-jira] 20210330 [jira] [Updated] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-issues] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233@%3Cissues.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-jira] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-issues] 20210330 [jira] [Updated] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528@%3Cissues.zookeeper.apache.org%3E"
}
]
},

5
2021/27xxx/CVE-2021-27185.json
View File

@ -71,6 +71,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210319-0002/",
"url": "https://security.netapp.com/advisory/ntap-20210319-0002/"
},
{
"refsource": "MISC",
"name": "https://advisory.checkmarx.net/advisory/CX-2021-4302",
"url": "https://advisory.checkmarx.net/advisory/CX-2021-4302"
}
]
}

5
2021/27xxx/CVE-2021-27191.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210319-0002/",
"url": "https://security.netapp.com/advisory/ntap-20210319-0002/"
},
{
"refsource": "MISC",
"name": "https://advisory.checkmarx.net/advisory/CX-2021-4304",
"url": "https://advisory.checkmarx.net/advisory/CX-2021-4304"
}
]
}

5
2021/27xxx/CVE-2021-27515.json
View File

@ -66,6 +66,11 @@
"url": "https://github.com/unshiftio/url-parse/compare/1.4.7...1.5.0",
"refsource": "MISC",
"name": "https://github.com/unshiftio/url-parse/compare/1.4.7...1.5.0"
},
{
"refsource": "MISC",
"name": "https://advisory.checkmarx.net/advisory/CX-2021-4306",
"url": "https://advisory.checkmarx.net/advisory/CX-2021-4306"
}
]
}

10
2021/27xxx/CVE-2021-27807.json
View File

@ -134,6 +134,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-93469e0030",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PT72QOFDXLJ7PLTN66EMG5EHPTE7TFZ/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-8b17a2725e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KDA2U4KL2N3XT3PM4ZJEBBA6JJIH2G4/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-dc83ae690a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AVLKAHFMPH72TTP25INPZPGX5FODK3H/"
}
]
},

10
2021/27xxx/CVE-2021-27906.json
View File

@ -134,6 +134,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-93469e0030",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PT72QOFDXLJ7PLTN66EMG5EHPTE7TFZ/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-8b17a2725e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KDA2U4KL2N3XT3PM4ZJEBBA6JJIH2G4/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-dc83ae690a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AVLKAHFMPH72TTP25INPZPGX5FODK3H/"
}
]
},

10
2021/28xxx/CVE-2021-28834.json
View File

@ -71,6 +71,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-139a6a2f9d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3BBLUIDCUUR3NEE4NJLOCCAV3ALQ3O6/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-4c57a892d1",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYOLQKFL6IJCQLBXV34Z4TI4O54GESPR/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-edc673e864",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJCJVYHPY6LNUFM6LYZIAUIYOMVT5QGV/"
}
]
}