admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#2554

Browse Source 
Auto-merge PR#2554
This commit is contained in:
CVE Team 2019-09-17 15:05:28 -04:00 committed by GitHub
commit 2ccde8ad8c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 939 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
2019/4xxx/CVE-2019-4086.json
View File

@ -1,18 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4086",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/security-bulletin-ibm-application-performance-management-could-allow-remote-attacker-hijack-clicking-action-victim-cve-2019-4086",
"title" : "IBM Security Bulletin 1071760 (Cloud Application Performance Management)",
"url" : "https://www.ibm.com/support/pages/security-bulletin-ibm-application-performance-management-could-allow-remote-attacker-hijack-clicking-action-victim-cve-2019-4086",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157509",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-apm-cve20194086-clickjacking (157509)",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"UI" : "R",
"SCORE" : "6.100",
"A" : "N",
"AV" : "N",
"AC" : "L",
"S" : "C",
"PR" : "N",
"I" : "L",
"C" : "L"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.1.4"
}
]
},
"product_name" : "Cloud Application Performance Management"
}
]
},
"vendor_name" : "IBM"
}
]
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4086",
"DATE_PUBLIC" : "2019-09-04T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"data_type" : "CVE"
}

109
2019/4xxx/CVE-2019-4171.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4171",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller",
"name" : "https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller",
"title" : "IBM Security Bulletin 1072744 (Cognos Controller)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158876",
"name" : "ibm-cognos-cve20194171-info-disc (158876)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Cognos Controller",
"version" : {
"version_data" : [
{
"version_value" : "10.3.1"
},
{
"version_value" : "10.3.0"
},
{
"version_value" : "10.4.0"
},
{
"version_value" : "10.4.1"
}
]
}
}
]
}
}
]
}
]
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-09-09T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4171"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"SCORE" : "3.700",
"UI" : "N",
"A" : "N",
"AC" : "H",
"S" : "U",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "N"
}
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
}
}

109
2019/4xxx/CVE-2019-4175.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4175",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller",
"title" : "IBM Security Bulletin 1072744 (Cognos Controller)",
"name" : "https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-cognos-cve20194175-info-disc (158880)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158880",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"A" : "N",
"SCORE" : "5.900",
"UI" : "N",
"C" : "H",
"I" : "N",
"PR" : "N",
"AC" : "H",
"S" : "U",
"AV" : "N"
}
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2019-4175",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-09-09T00:00:00",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.3.1"
},
{
"version_value" : "10.3.0"
},
{
"version_value" : "10.4.0"
},
{
"version_value" : "10.4.1"
}
]
},
"product_name" : "Cognos Controller"
}
]
},
"vendor_name" : "IBM"
}
]
}
]
}
}
}

103
2019/4xxx/CVE-2019-4183.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4183",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"AC" : "H",
"S" : "U",
"PR" : "N",
"I" : "N",
"C" : "N",
"UI" : "N",
"SCORE" : "5.900",
"A" : "H"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Cognos Analytics",
"version" : {
"version_data" : [
{
"version_value" : "11.0"
},
{
"version_value" : "11.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4183",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-09-13T00:00:00",
"STATE" : "PUBLIC"
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1073530",
"title" : "IBM Security Bulletin 1073530 (Cognos Analytics)",
"name" : "https://www.ibm.com/support/pages/node/1073530",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158973",
"name" : "ibm-cognos-cve20194183-dos (158973)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE"
}

109
2019/4xxx/CVE-2019-4268.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4268",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"I" : "N",
"PR" : "N",
"C" : "L",
"AV" : "N",
"AC" : "L",
"S" : "U",
"A" : "N",
"UI" : "N",
"SCORE" : "5.300"
}
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201."
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-09-16T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4268"
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.5"
},
{
"version_value" : "9.0"
}
]
},
"product_name" : "WebSphere Application Server"
}
]
},
"vendor_name" : "IBM"
}
]
}
]
}
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 884030 (WebSphere Application Server)",
"name" : "https://www.ibm.com/support/pages/node/884030",
"url" : "https://www.ibm.com/support/pages/node/884030"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160201",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-websphere-cve20194268-info-disc (160201)",
"refsource" : "XF"
}
]
}
}

109
2019/4xxx/CVE-2019-4270.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4270",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160203."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
},
"BM" : {
"AV" : "N",
"AC" : "L",
"S" : "C",
"I" : "L",
"PR" : "L",
"C" : "L",
"UI" : "R",
"SCORE" : "5.400",
"A" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "WebSphere Application Server",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.5"
},
{
"version_value" : "9.0"
}
]
}
}
]
}
}
]
}
]
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-09-16T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4270"
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/884036",
"name" : "https://www.ibm.com/support/pages/node/884036",
"title" : "IBM Security Bulletin 884036 (WebSphere Application Server)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160203",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-websphere-cve20194270-xss (160203)"
}
]
},
"data_format" : "MITRE"
}

109
2019/4xxx/CVE-2019-4271.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4271",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/884040",
"title" : "IBM Security Bulletin 884040 (WebSphere Application Server)",
"name" : "https://www.ibm.com/support/pages/node/884040",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-websphere-cve20194271-http-pollution (160243)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160243",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"S" : "U",
"AV" : "N",
"C" : "N",
"PR" : "L",
"I" : "L",
"SCORE" : "3.500",
"UI" : "R",
"A" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2019-4271",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-09-03T00:00:00"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.5"
},
{
"version_value" : "9.0"
}
]
},
"product_name" : "WebSphere Application Server"
}
]
},
"vendor_name" : "IBM"
}
]
}
]
}
}
}

103
2019/4xxx/CVE-2019-4342.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4342",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1073530",
"title" : "IBM Security Bulletin 1073530 (Cognos Analytics)",
"url" : "https://www.ibm.com/support/pages/node/1073530"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-cognos-cve20194342-xss (161421)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161421"
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-09-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4342"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Cognos Analytics",
"version" : {
"version_data" : [
{
"version_value" : "11.0"
},
{
"version_value" : "11.1"
}
]
}
}
]
}
}
]
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
},
"BM" : {
"AV" : "N",
"AC" : "L",
"S" : "C",
"I" : "L",
"PR" : "L",
"C" : "L",
"UI" : "R",
"SCORE" : "5.400",
"A" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421.",
"lang" : "eng"
}
]
}
}

109
2019/4xxx/CVE-2019-4442.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4442",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-09-16T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4442"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "WebSphere Application Server",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.5"
},
{
"version_value" : "9.0"
}
]
}
}
]
}
}
]
}
]
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"PR" : "L",
"I" : "N",
"C" : "L",
"AV" : "N",
"S" : "U",
"AC" : "L",
"A" : "N",
"UI" : "N",
"SCORE" : "4.300"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/959021",
"title" : "IBM Security Bulletin 959021 (WebSphere Application Server)",
"name" : "https://www.ibm.com/support/pages/node/959021",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163226",
"name" : "ibm-websphere-cve20194442-info-disc (163226)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
}
}

109
2019/4xxx/CVE-2019-4477.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4477",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta" : {
"ID" : "CVE-2019-4477",
"DATE_PUBLIC" : "2019-09-16T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.5"
},
{
"version_value" : "9.0"
}
]
},
"product_name" : "WebSphere Application Server"
}
]
}
}
]
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"AC" : "H",
"S" : "U",
"AV" : "N",
"C" : "H",
"PR" : "L",
"I" : "N",
"SCORE" : "5.300",
"UI" : "N",
"A" : "N"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997."
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/960290",
"name" : "https://www.ibm.com/support/pages/node/960290",
"title" : "IBM Security Bulletin 960290 (WebSphere Application Server)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163997",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-was-cve20194477-info-disc (163997)"
}
]
}
}