From ca866967eb644aa4b165be2ae1e0063d2bd64854 Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Mon, 11 Mar 2019 14:45:29 -0400 Subject: [PATCH] IBM20190311-144529 Added CVE-2018-2009, CVE-2018-1998, CVE-2018-1980, CVE-2018-1902, CVE-2018-1922, CVE-2018-1912, CVE-2019-4015, CVE-2019-4016, CVE-2018-1923, CVE-2018-1911, CVE-2018-1890, CVE-2018-1974, CVE-2018-1978, CVE-2019-4030 --- 2018/1xxx/CVE-2018-1890.json | 139 +++++++++++++++++++++++++++++++-- 2018/1xxx/CVE-2018-1902.json | 97 +++++++++++++++++++++-- 2018/1xxx/CVE-2018-1911.json | 108 ++++++++++++------------- 2018/1xxx/CVE-2018-1912.json | 96 ++++++++++++----------- 2018/1xxx/CVE-2018-1922.json | 99 ++++++++++++++++++++--- 2018/1xxx/CVE-2018-1923.json | 97 +++++++++++++++++++++-- 2018/1xxx/CVE-2018-1974.json | 147 ++++++++++++++++++++++++++++++++--- 2018/1xxx/CVE-2018-1978.json | 99 ++++++++++++++++++++--- 2018/1xxx/CVE-2018-1980.json | 95 ++++++++++++++++++++-- 2018/1xxx/CVE-2018-1998.json | 133 +++++++++++++++++++++++++++++-- 2018/2xxx/CVE-2018-2009.json | 91 ++++++++++++++++++++-- 2019/4xxx/CVE-2019-4015.json | 95 ++++++++++++++++++++-- 2019/4xxx/CVE-2019-4016.json | 95 ++++++++++++++++++++-- 2019/4xxx/CVE-2019-4030.json | 114 ++++++++++++++------------- 14 files changed, 1265 insertions(+), 240 deletions(-) diff --git a/2018/1xxx/CVE-2018-1890.json b/2018/1xxx/CVE-2018-1890.json index 645c3531120..06a5ea2486e 100644 --- a/2018/1xxx/CVE-2018-1890.json +++ b/2018/1xxx/CVE-2018-1890.json @@ -1,17 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1890", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "UI" : "N", + "C" : "L", + "AC" : "H", + "S" : "C", + "A" : "L", + "I" : "L", + "SCORE" : "5.600", + "PR" : "N", + "AV" : "L" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10873042", + "title" : "IBM Security Bulletin 873042 (WebSphere Application Server)", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10873042" + }, + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10873332", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10873332", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 873332 (Runtimes for Java Technology)" + }, + { + "title" : "IBM Security Bulletin 874750 (WebSphere Application Server Patterns)", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874750", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874750" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152081", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-sdk-cve20181890-code-exec (152081)" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "1.0.0.0" + }, + { + "version_value" : "1.0.0.7" + }, + { + "version_value" : "2.2.0.0" + }, + { + "version_value" : "2.2.5.3" + } + ] + }, + "product_name" : "WebSphere Application Server Patterns" + }, + { + "version" : { + "version_data" : [ + { + "version_value" : "7.0" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.5" + }, + { + "version_value" : "9.0" + }, + { + "version_value" : "Liberty" + } + ] + }, + "product_name" : "WebSphere Application Server" + }, + { + "version" : { + "version_data" : [ + { + "version_value" : " " + } + ] + }, + "product_name" : "Runtimes for Java Technology" + } + ] + } + } + ] + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2018-1890", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-01T00:00:00" + }, "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081." + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] } ] } diff --git a/2018/1xxx/CVE-2018-1902.json b/2018/1xxx/CVE-2018-1902.json index ab34253c0d6..326ff46b844 100644 --- a/2018/1xxx/CVE-2018-1902.json +++ b/2018/1xxx/CVE-2018-1902.json @@ -1,18 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1902", - "STATE" : "RESERVED" + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 795115 (WebSphere Application Server)", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10795115", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10795115" + }, + { + "title" : "X-Force Vulnerability Report", + "name" : "ibm-websphere-cve20181902-spoofing (152531)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152531" + } + ] + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "AV" : "N", + "PR" : "L", + "SCORE" : "3.100", + "I" : "L", + "A" : "N", + "S" : "U", + "AC" : "H", + "C" : "N", + "UI" : "N" + } + } + }, + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "File Manipulation", + "lang" : "eng" + } + ] + } + ] }, "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531.", + "lang" : "eng" } ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2018-1902", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-03-07T00:00:00", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "WebSphere Application Server", + "version" : { + "version_data" : [ + { + "version_value" : "7.0" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.5" + }, + { + "version_value" : "9.0" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" + } + ] + } } } diff --git a/2018/1xxx/CVE-2018-1911.json b/2018/1xxx/CVE-2018-1911.json index 18b12e2774f..26bed318cf6 100644 --- a/2018/1xxx/CVE-2018-1911.json +++ b/2018/1xxx/CVE-2018-1911.json @@ -1,14 +1,30 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-03-04T00:00:00", - "ID" : "CVE-2018-1911", - "STATE" : "PUBLIC" + "description" : { + "description_data" : [ + { + "value" : "IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152735.", + "lang" : "eng" + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Cross-Site Scripting", + "lang" : "eng" + } + ] + } + ] }, "affects" : { "vendor" : { "vendor_data" : [ { + "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -49,67 +65,53 @@ } } ] - }, - "vendor_name" : "IBM" + } } ] } }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152735." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } - ] - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2018-1911", + "DATE_PUBLIC" : "2019-03-04T00:00:00", + "STATE" : "PUBLIC" }, "references" : { "reference_data" : [ { + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10873256", + "title" : "IBM Security Bulletin 873256 (Rational DOORS Next Generation)", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10873256", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10873256" + "refsource" : "CONFIRM" }, { - "name" : "ibm-dng-cve20181911-xss(152735)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152735", "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152735" + "name" : "ibm-dng-cve20181911-xss (152735)", + "title" : "X-Force Vulnerability Report" } ] + }, + "data_version" : "4.0", + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "AC" : "L", + "S" : "C", + "UI" : "R", + "C" : "L", + "PR" : "L", + "AV" : "N", + "A" : "N", + "SCORE" : "5.400", + "I" : "L" + }, + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "H" + } + } } } diff --git a/2018/1xxx/CVE-2018-1912.json b/2018/1xxx/CVE-2018-1912.json index e52a58656bb..a93a278e875 100644 --- a/2018/1xxx/CVE-2018-1912.json +++ b/2018/1xxx/CVE-2018-1912.json @@ -1,14 +1,47 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-03-04T00:00:00", - "ID" : "CVE-2018-1912", - "STATE" : "PUBLIC" + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "S" : "C", + "AC" : "L", + "C" : "L", + "UI" : "R", + "AV" : "N", + "PR" : "L", + "I" : "L", + "SCORE" : "5.400", + "A" : "N" + }, + "TM" : { + "E" : "H", + "RL" : "O", + "RC" : "C" + } + } + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10873254", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 873254 (Rational DOORS Next Generation)", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10873254" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152736", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-dng-cve20181912-xss (152736)", + "refsource" : "XF" + } + ] }, "affects" : { "vendor" : { "vendor_data" : [ { + "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -34,67 +67,36 @@ } } ] - }, - "vendor_name" : "IBM" + } } ] } }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", + "CVE_data_meta" : { + "ID" : "CVE-2018-1912", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-03-04T00:00:00", + "STATE" : "PUBLIC" + }, "description" : { "description_data" : [ { "lang" : "eng", - "value" : "IBM DOORS Next Generation (DNG/RRC) 6.0.2 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152736." + "value" : "IBM DOORS Next Generation (DNG/RRC) 6.0.2 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152736." } ] }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, + "data_format" : "MITRE", "problemtype" : { "problemtype_data" : [ { "description" : [ { - "lang" : "eng", - "value" : "Cross-Site Scripting" + "value" : "Cross-Site Scripting", + "lang" : "eng" } ] } ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10873254", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10873254" - }, - { - "name" : "ibm-dng-cve20181912-xss(152736)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152736" - } - ] } } diff --git a/2018/1xxx/CVE-2018-1922.json b/2018/1xxx/CVE-2018-1922.json index 53295d12143..b8bfabac6a2 100644 --- a/2018/1xxx/CVE-2018-1922.json +++ b/2018/1xxx/CVE-2018-1922.json @@ -1,18 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1922", - "STATE" : "RESERVED" - }, "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] + } + ] + }, "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152858.", + "lang" : "eng" } ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2018-1922", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-03-08T00:00:00", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "9.7" + }, + { + "version_value" : "11.1" + } + ] + }, + "product_name" : "DB2 for Linux, UNIX and Windows" + } + ] + } + } + ] + } + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10740413", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 740413 (DB2 for Linux, UNIX and Windows)", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10740413" + }, + { + "refsource" : "XF", + "name" : "ibm-db2-cve20181922-bo (152858)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152858" + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "AC" : "L", + "S" : "U", + "UI" : "N", + "C" : "H", + "PR" : "N", + "AV" : "L", + "A" : "H", + "I" : "H", + "SCORE" : "8.400" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } } } diff --git a/2018/1xxx/CVE-2018-1923.json b/2018/1xxx/CVE-2018-1923.json index 8ae3ccc471c..03adbc9c9ef 100644 --- a/2018/1xxx/CVE-2018-1923.json +++ b/2018/1xxx/CVE-2018-1923.json @@ -1,18 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1923", - "STATE" : "RESERVED" - }, "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] + } + ] + }, "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859." } ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-08T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2018-1923" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "9.7" + }, + { + "version_value" : "11.1" + } + ] + }, + "product_name" : "DB2 for Linux, UNIX and Windows" + } + ] + } + } + ] + } + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10740413", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 740413 (DB2 for Linux, UNIX and Windows)", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10740413" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152859", + "name" : "ibm-db2-cve20181923-bo (152859)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_version" : "4.0", + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + }, + "BM" : { + "PR" : "N", + "AV" : "L", + "A" : "H", + "I" : "H", + "SCORE" : "8.400", + "AC" : "L", + "S" : "U", + "UI" : "N", + "C" : "H" + } + } } } diff --git a/2018/1xxx/CVE-2018-1974.json b/2018/1xxx/CVE-2018-1974.json index edc05228b42..fefdf57a289 100644 --- a/2018/1xxx/CVE-2018-1974.json +++ b/2018/1xxx/CVE-2018-1974.json @@ -1,18 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1974", - "STATE" : "RESERVED" - }, "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Privileges", + "lang" : "eng" + } + ] + } + ] + }, "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915.", + "lang" : "eng" } ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-03-08T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2018-1974" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MQ", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.1" + }, + { + "version_value" : "8.0.0.1" + }, + { + "version_value" : "8.0.0.2" + }, + { + "version_value" : "8.0.0.3" + }, + { + "version_value" : "8.0.0.4" + }, + { + "version_value" : "8.0.0.5" + }, + { + "version_value" : "8.0.0.6" + }, + { + "version_value" : "8.0.0.7" + }, + { + "version_value" : "9.0.0.2" + }, + { + "version_value" : "8.0.0.8" + }, + { + "version_value" : "8.0.0.9" + }, + { + "version_value" : "9.0.0.3" + }, + { + "version_value" : "8.0.0.0" + }, + { + "version_value" : "8.0.0.10" + }, + { + "version_value" : "9.0.0.0" + }, + { + "version_value" : "9.0.0.4" + }, + { + "version_value" : "9.0.0.5" + }, + { + "version_value" : "9.1.0.0" + }, + { + "version_value" : "9.1.0.1" + }, + { + "version_value" : "9.1.1" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10792043", + "title" : "IBM Security Bulletin 792043 (MQ)", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10792043" + }, + { + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-websphere-cve20181974-priv-escalation (153915)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153915" + } + ] + }, + "data_version" : "4.0", + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "AC" : "H", + "S" : "U", + "UI" : "N", + "C" : "H", + "PR" : "L", + "AV" : "N", + "A" : "H", + "SCORE" : "7.500", + "I" : "H" + } + } } } diff --git a/2018/1xxx/CVE-2018-1978.json b/2018/1xxx/CVE-2018-1978.json index 9551225c3e5..dc6ce521c17 100644 --- a/2018/1xxx/CVE-2018-1978.json +++ b/2018/1xxx/CVE-2018-1978.json @@ -1,18 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1978", - "STATE" : "RESERVED" + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] + } + ] }, "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154069.", + "lang" : "eng" } ] - } + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-08T00:00:00", + "ID" : "CVE-2018-1978", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "9.7" + }, + { + "version_value" : "11.1" + } + ] + }, + "product_name" : "DB2 for Linux, UNIX and Windows" + } + ] + } + } + ] + } + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10740413", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10740413", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 740413 (DB2 for Linux, UNIX and Windows)" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/154069", + "name" : "ibm-db2-cve20181978-bo (154069)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "AV" : "L", + "PR" : "N", + "I" : "H", + "SCORE" : "8.400", + "A" : "H", + "S" : "U", + "AC" : "L", + "C" : "H", + "UI" : "N" + } + } + }, + "data_type" : "CVE" } diff --git a/2018/1xxx/CVE-2018-1980.json b/2018/1xxx/CVE-2018-1980.json index d7eecbc48cb..5fb4805e64a 100644 --- a/2018/1xxx/CVE-2018-1980.json +++ b/2018/1xxx/CVE-2018-1980.json @@ -1,17 +1,98 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1980", - "STATE" : "RESERVED" + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "I" : "H", + "SCORE" : "8.400", + "A" : "H", + "AV" : "L", + "PR" : "N", + "C" : "H", + "UI" : "N", + "S" : "U", + "AC" : "L" + } + } }, - "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10740413", + "title" : "IBM Security Bulletin 740413 (DB2 for Linux, UNIX and Windows)", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10740413" + }, + { + "title" : "X-Force Vulnerability Report", + "name" : "ibm-db2-cve20181980-bo (154078)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/154078" + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2018-1980", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-03-08T00:00:00", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "DB2 for Linux, UNIX and Windows", + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "9.7" + }, + { + "version_value" : "11.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Privileges", + "lang" : "eng" + } + ] + } + ] + }, + "data_format" : "MITRE", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154078.", + "lang" : "eng" } ] } diff --git a/2018/1xxx/CVE-2018-1998.json b/2018/1xxx/CVE-2018-1998.json index 8853c507a11..3fd5fde76d1 100644 --- a/2018/1xxx/CVE-2018-1998.json +++ b/2018/1xxx/CVE-2018-1998.json @@ -1,17 +1,140 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-1998", - "STATE" : "RESERVED" + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-08T00:00:00" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.1" + }, + { + "version_value" : "8.0.0.1" + }, + { + "version_value" : "8.0.0.2" + }, + { + "version_value" : "8.0.0.3" + }, + { + "version_value" : "8.0.0.4" + }, + { + "version_value" : "8.0.0.5" + }, + { + "version_value" : "8.0.0.6" + }, + { + "version_value" : "8.0.0.7" + }, + { + "version_value" : "9.0.0.2" + }, + { + "version_value" : "8.0.0.8" + }, + { + "version_value" : "8.0.0.9" + }, + { + "version_value" : "9.0.0.3" + }, + { + "version_value" : "8.0.0.0" + }, + { + "version_value" : "8.0.0.10" + }, + { + "version_value" : "9.0.0.0" + }, + { + "version_value" : "9.0.0.4" + }, + { + "version_value" : "9.0.0.5" + }, + { + "version_value" : "9.1.1" + } + ] + }, + "product_name" : "MQ" + } + ] + } + } + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Privileges", + "lang" : "eng" + } + ] + } + ] }, "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887." + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "UI" : "N", + "C" : "H", + "AC" : "L", + "S" : "C", + "A" : "H", + "SCORE" : "8.800", + "I" : "H", + "PR" : "L", + "AV" : "L" + } + } + }, + "data_type" : "CVE", + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10870488", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 870488 (MQ)", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10870488" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/154887", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-websphere-cve20181998-priv-escalation (154887)" } ] } diff --git a/2018/2xxx/CVE-2018-2009.json b/2018/2xxx/CVE-2018-2009.json index f560196115d..c89ad17317b 100644 --- a/2018/2xxx/CVE-2018-2009.json +++ b/2018/2xxx/CVE-2018-2009.json @@ -1,17 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2009", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "A" : "N", + "I" : "N", + "SCORE" : "6.500", + "PR" : "L", + "AV" : "N", + "UI" : "N", + "C" : "H", + "AC" : "L", + "S" : "U" + } + } + }, "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10794327", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 794327 (API Connect)", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10794327" + }, + { + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-api-cve20182009-info-disc (155148)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155148" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2018.1" + }, + { + "version_value" : "2018.4.1" + } + ] + }, + "product_name" : "API Connect" + } + ] + } + } + ] + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2018-2009", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-03-05T00:00:00", + "STATE" : "PUBLIC" + }, "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148.", + "lang" : "eng" + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] } ] } diff --git a/2019/4xxx/CVE-2019-4015.json b/2019/4xxx/CVE-2019-4015.json index ab5a5826388..51be6ac4628 100644 --- a/2019/4xxx/CVE-2019-4015.json +++ b/2019/4xxx/CVE-2019-4015.json @@ -1,17 +1,98 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4015", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "S" : "U", + "AC" : "L", + "C" : "H", + "UI" : "N", + "AV" : "L", + "PR" : "N", + "SCORE" : "8.400", + "I" : "H", + "A" : "H" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 740413 (DB2 for Linux, UNIX and Windows)", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10740413", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10740413" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155893", + "name" : "ibm-db2-cve20194015-bo (155893)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "9.7" + }, + { + "version_value" : "11.1" + } + ] + }, + "product_name" : "DB2 for Linux, UNIX and Windows" + } + ] + } + } + ] + } + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4015", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-08T00:00:00" + }, "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893.." + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] } ] } diff --git a/2019/4xxx/CVE-2019-4016.json b/2019/4xxx/CVE-2019-4016.json index b55e2de72a8..f14ff8c1d6d 100644 --- a/2019/4xxx/CVE-2019-4016.json +++ b/2019/4xxx/CVE-2019-4016.json @@ -1,18 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4016", - "STATE" : "RESERVED" + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10740413", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10740413", + "title" : "IBM Security Bulletin 740413 (DB2 for Linux, UNIX and Windows)" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155894", + "name" : "ibm-db2-cve20194016-bo (155894)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "BM" : { + "S" : "U", + "AC" : "L", + "C" : "H", + "UI" : "N", + "AV" : "L", + "PR" : "N", + "I" : "H", + "SCORE" : "8.400", + "A" : "H" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] + } + ] }, "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894." } ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4016", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-03-08T00:00:00", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "DB2 for Linux, UNIX and Windows", + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "9.7" + }, + { + "version_value" : "11.1" + } + ] + } + } + ] + } + } + ] + } } } diff --git a/2019/4xxx/CVE-2019-4030.json b/2019/4xxx/CVE-2019-4030.json index f94b8b0072e..24b0c4d9d76 100644 --- a/2019/4xxx/CVE-2019-4030.json +++ b/2019/4xxx/CVE-2019-4030.json @@ -1,67 +1,43 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-03-04T00:00:00", - "ID" : "CVE-2019-4030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Application Server", - "version" : { - "version_data" : [ - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "references" : { + "reference_data" : [ { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946." + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10869406", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10869406", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 869406 (WebSphere Application Server)" + }, + { + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-websphere-cve20194030-xss (155946)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155946" } ] }, + "data_version" : "4.0", + "data_type" : "CVE", "impact" : { "cvssv3" : { "BM" : { - "A" : "N", - "AC" : "L", "AV" : "N", - "C" : "L", - "I" : "L", "PR" : "L", - "S" : "C", + "I" : "L", "SCORE" : "5.400", + "A" : "N", + "S" : "C", + "AC" : "L", + "C" : "L", "UI" : "R" }, "TM" : { - "E" : "H", + "RL" : "O", "RC" : "C", - "RL" : "O" + "E" : "H" } } }, + "data_format" : "MITRE", "problemtype" : { "problemtype_data" : [ { @@ -74,18 +50,44 @@ } ] }, - "references" : { - "reference_data" : [ + "description" : { + "description_data" : [ { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10869406", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10869406" - }, - { - "name" : "ibm-websphere-cve20194030-xss(155946)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155946" + "value" : "IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946.", + "lang" : "eng" } ] + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4030", + "DATE_PUBLIC" : "2019-03-04T00:00:00", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "8.5" + }, + { + "version_value" : "9.0" + } + ] + }, + "product_name" : "WebSphere Application Server" + } + ] + } + } + ] + } } }