diff --git a/2019/4xxx/CVE-2019-4086.json b/2019/4xxx/CVE-2019-4086.json index 2b0bda17e9f..cc53935c1cd 100644 --- a/2019/4xxx/CVE-2019-4086.json +++ b/2019/4xxx/CVE-2019-4086.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4086", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/security-bulletin-ibm-application-performance-management-could-allow-remote-attacker-hijack-clicking-action-victim-cve-2019-4086", + "title" : "IBM Security Bulletin 1071760 (Cloud Application Performance Management)", + "url" : "https://www.ibm.com/support/pages/security-bulletin-ibm-application-performance-management-could-allow-remote-attacker-hijack-clicking-action-victim-cve-2019-4086", + "refsource" : "CONFIRM" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157509", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-apm-cve20194086-clickjacking (157509)", + "refsource" : "XF" + } + ] + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "UI" : "R", + "SCORE" : "6.100", + "A" : "N", + "AV" : "N", + "AC" : "L", + "S" : "C", + "PR" : "N", + "I" : "L", + "C" : "L" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "8.1.4" + } + ] + }, + "product_name" : "Cloud Application Performance Management" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4086", + "DATE_PUBLIC" : "2019-09-04T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC" + }, + "data_type" : "CVE" +} diff --git a/2019/4xxx/CVE-2019-4171.json b/2019/4xxx/CVE-2019-4171.json index d0ad0d357bb..69fd1d30a60 100644 --- a/2019/4xxx/CVE-2019-4171.json +++ b/2019/4xxx/CVE-2019-4171.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4171", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller", + "name" : "https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller", + "title" : "IBM Security Bulletin 1072744 (Cognos Controller)" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158876", + "name" : "ibm-cognos-cve20194171-info-disc (158876)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + }, + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Cognos Controller", + "version" : { + "version_data" : [ + { + "version_value" : "10.3.1" + }, + { + "version_value" : "10.3.0" + }, + { + "version_value" : "10.4.0" + }, + { + "version_value" : "10.4.1" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-09-09T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4171" + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876." + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "SCORE" : "3.700", + "UI" : "N", + "A" : "N", + "AC" : "H", + "S" : "U", + "AV" : "N", + "C" : "L", + "I" : "N", + "PR" : "N" + } + } + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4175.json b/2019/4xxx/CVE-2019-4175.json index df0b7a08856..8ff7cb9f44d 100644 --- a/2019/4xxx/CVE-2019-4175.json +++ b/2019/4xxx/CVE-2019-4175.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4175", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller", + "title" : "IBM Security Bulletin 1072744 (Cognos Controller)", + "name" : "https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller" + }, + { + "title" : "X-Force Vulnerability Report", + "name" : "ibm-cognos-cve20194175-info-disc (158880)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158880", + "refsource" : "XF" + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "A" : "N", + "SCORE" : "5.900", + "UI" : "N", + "C" : "H", + "I" : "N", + "PR" : "N", + "AC" : "H", + "S" : "U", + "AV" : "N" + } + } + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "ID" : "CVE-2019-4175", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-09-09T00:00:00", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "10.3.1" + }, + { + "version_value" : "10.3.0" + }, + { + "version_value" : "10.4.0" + }, + { + "version_value" : "10.4.1" + } + ] + }, + "product_name" : "Cognos Controller" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2019/4xxx/CVE-2019-4183.json b/2019/4xxx/CVE-2019-4183.json index 98c6c274637..30040ae41ce 100644 --- a/2019/4xxx/CVE-2019-4183.json +++ b/2019/4xxx/CVE-2019-4183.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4183", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "value" : "IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973.", + "lang" : "eng" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Denial of Service", + "lang" : "eng" + } + ] + } + ] + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "BM" : { + "AV" : "N", + "AC" : "H", + "S" : "U", + "PR" : "N", + "I" : "N", + "C" : "N", + "UI" : "N", + "SCORE" : "5.900", + "A" : "H" + }, + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Cognos Analytics", + "version" : { + "version_data" : [ + { + "version_value" : "11.0" + }, + { + "version_value" : "11.1" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4183", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-09-13T00:00:00", + "STATE" : "PUBLIC" + }, + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/1073530", + "title" : "IBM Security Bulletin 1073530 (Cognos Analytics)", + "name" : "https://www.ibm.com/support/pages/node/1073530", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158973", + "name" : "ibm-cognos-cve20194183-dos (158973)", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_format" : "MITRE" +} diff --git a/2019/4xxx/CVE-2019-4268.json b/2019/4xxx/CVE-2019-4268.json index 76e900df013..a9b60fdf3df 100644 --- a/2019/4xxx/CVE-2019-4268.json +++ b/2019/4xxx/CVE-2019-4268.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4268", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + }, + "BM" : { + "I" : "N", + "PR" : "N", + "C" : "L", + "AV" : "N", + "AC" : "L", + "S" : "U", + "A" : "N", + "UI" : "N", + "SCORE" : "5.300" + } + } + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201." + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-09-16T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4268" + }, + "data_type" : "CVE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "7.0" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.5" + }, + { + "version_value" : "9.0" + } + ] + }, + "product_name" : "WebSphere Application Server" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 884030 (WebSphere Application Server)", + "name" : "https://www.ibm.com/support/pages/node/884030", + "url" : "https://www.ibm.com/support/pages/node/884030" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160201", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-websphere-cve20194268-info-disc (160201)", + "refsource" : "XF" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4270.json b/2019/4xxx/CVE-2019-4270.json index f28f4aacb6b..f6adebd81c3 100644 --- a/2019/4xxx/CVE-2019-4270.json +++ b/2019/4xxx/CVE-2019-4270.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4270", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160203." + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "H", + "RL" : "O" + }, + "BM" : { + "AV" : "N", + "AC" : "L", + "S" : "C", + "I" : "L", + "PR" : "L", + "C" : "L", + "UI" : "R", + "SCORE" : "5.400", + "A" : "N" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "WebSphere Application Server", + "version" : { + "version_data" : [ + { + "version_value" : "7.0" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.5" + }, + { + "version_value" : "9.0" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-09-16T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4270" + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/884036", + "name" : "https://www.ibm.com/support/pages/node/884036", + "title" : "IBM Security Bulletin 884036 (WebSphere Application Server)" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160203", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-websphere-cve20194270-xss (160203)" + } + ] + }, + "data_format" : "MITRE" +} diff --git a/2019/4xxx/CVE-2019-4271.json b/2019/4xxx/CVE-2019-4271.json index 39228b07cc7..674280ceb04 100644 --- a/2019/4xxx/CVE-2019-4271.json +++ b/2019/4xxx/CVE-2019-4271.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4271", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/884040", + "title" : "IBM Security Bulletin 884040 (WebSphere Application Server)", + "name" : "https://www.ibm.com/support/pages/node/884040", + "refsource" : "CONFIRM" + }, + { + "name" : "ibm-websphere-cve20194271-http-pollution (160243)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160243", + "refsource" : "XF" + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "AC" : "L", + "S" : "U", + "AV" : "N", + "C" : "N", + "PR" : "L", + "I" : "L", + "SCORE" : "3.500", + "UI" : "R", + "A" : "N" + }, + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + } + } + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Access", + "lang" : "eng" + } + ] + } + ] + }, + "description" : { + "description_data" : [ + { + "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "ID" : "CVE-2019-4271", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-09-03T00:00:00" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "7.0" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.5" + }, + { + "version_value" : "9.0" + } + ] + }, + "product_name" : "WebSphere Application Server" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2019/4xxx/CVE-2019-4342.json b/2019/4xxx/CVE-2019-4342.json index 1b5ddd03c60..1d1e2f68558 100644 --- a/2019/4xxx/CVE-2019-4342.json +++ b/2019/4xxx/CVE-2019-4342.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4342", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/1073530", + "title" : "IBM Security Bulletin 1073530 (Cognos Analytics)", + "url" : "https://www.ibm.com/support/pages/node/1073530" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-cognos-cve20194342-xss (161421)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161421" + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-09-13T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4342" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Cognos Analytics", + "version" : { + "version_data" : [ + { + "version_value" : "11.0" + }, + { + "version_value" : "11.1" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "H", + "RL" : "O" + }, + "BM" : { + "AV" : "N", + "AC" : "L", + "S" : "C", + "I" : "L", + "PR" : "L", + "C" : "L", + "UI" : "R", + "SCORE" : "5.400", + "A" : "N" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "value" : "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421.", + "lang" : "eng" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4442.json b/2019/4xxx/CVE-2019-4442.json index bee542c631e..c8316793159 100644 --- a/2019/4xxx/CVE-2019-4442.json +++ b/2019/4xxx/CVE-2019-4442.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4442", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_type" : "CVE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-09-16T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4442" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "WebSphere Application Server", + "version" : { + "version_data" : [ + { + "version_value" : "7.0" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.5" + }, + { + "version_value" : "9.0" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "PR" : "L", + "I" : "N", + "C" : "L", + "AV" : "N", + "S" : "U", + "AC" : "L", + "A" : "N", + "UI" : "N", + "SCORE" : "4.300" + } + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.", + "lang" : "eng" + } + ] + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/959021", + "title" : "IBM Security Bulletin 959021 (WebSphere Application Server)", + "name" : "https://www.ibm.com/support/pages/node/959021", + "refsource" : "CONFIRM" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163226", + "name" : "ibm-websphere-cve20194442-info-disc (163226)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4477.json b/2019/4xxx/CVE-2019-4477.json index b1704aee37b..42e0ebe0d96 100644 --- a/2019/4xxx/CVE-2019-4477.json +++ b/2019/4xxx/CVE-2019-4477.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4477", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "CVE_data_meta" : { + "ID" : "CVE-2019-4477", + "DATE_PUBLIC" : "2019-09-16T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC" + }, + "data_type" : "CVE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "7.0" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.5" + }, + { + "version_value" : "9.0" + } + ] + }, + "product_name" : "WebSphere Application Server" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + }, + "BM" : { + "AC" : "H", + "S" : "U", + "AV" : "N", + "C" : "H", + "PR" : "L", + "I" : "N", + "SCORE" : "5.300", + "UI" : "N", + "A" : "N" + } + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997." + } + ] + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/960290", + "name" : "https://www.ibm.com/support/pages/node/960290", + "title" : "IBM Security Bulletin 960290 (WebSphere Application Server)" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163997", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-was-cve20194477-info-disc (163997)" + } + ] + } +}