admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20200615-92122

Browse Source 
Added CVE-2020-4469, CVE-2020-4216, CVE-2020-4470, CVE-2020-4406, CVE-2020-4477, CVE-2020-4494, CVE-2020-4471
This commit is contained in:
Scott Moore - IBM 2020-06-15 09:21:22 -04:00
parent 8c8c383591
commit 2e00172444
No known key found for this signature in database
GPG Key ID: 8E6C411D57F2D75C
7 changed files with 708 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
2020/4xxx/CVE-2020-4216.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4216",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_format" : "MITRE",
"data_version" : "4.0",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "N",
"SCORE" : "7.500",
"A" : "N",
"S" : "U",
"UI" : "N",
"C" : "H",
"AC" : "L",
"PR" : "N",
"AV" : "N"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4216",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-06-12T00:00:00"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Plus",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6221332",
"name" : "https://www.ibm.com/support/pages/node/6221332",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6221332 (Spectrum Protect Plus)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-specturm-cve20204216-info-disc (175066)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175066",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066."
}
]
}
}

144
2020/4xxx/CVE-2020-4406.json
View File

@ -1,18 +1,132 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4406",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"AV" : "N",
"C" : "L",
"PR" : "L",
"AC" : "L",
"UI" : "R",
"S" : "C",
"SCORE" : "5.400",
"A" : "N",
"I" : "L"
}
}
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2020-4406",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-06-12T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Client (Linux and Windows)",
"version" : {
"version_data" : [
{
"version_value" : "8.1.7.0"
},
{
"version_value" : "8.1.9.1"
}
]
}
},
{
"product_name" : "Spectrum Protect Client (AIX)",
"version" : {
"version_data" : [
{
"version_value" : "8.1.9.0"
},
{
"version_value" : "8.1.9.1"
}
]
}
},
{
"product_name" : "Spectrum Protect for Space Management (AIX)",
"version" : {
"version_data" : [
{
"version_value" : "8.1.9.0"
},
{
"version_value" : "8.1.9.1"
}
]
}
},
{
"product_name" : "Spectrum Protect for Space Management (Linux)",
"version" : {
"version_data" : [
{
"version_value" : "8.1.7.0"
},
{
"version_value" : "8.1.9.1"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6221448 (Spectrum Protect Client (Linux and Windows))",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6221448",
"name" : "https://www.ibm.com/support/pages/node/6221448"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/179488",
"name" : "ibm-spectrum-cve20204406-clickjacking (179488)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488."
}
]
}
}

105
2020/4xxx/CVE-2020-4469.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4469",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-06-12T00:00:00",
"ID" : "CVE-2020-4469",
"ASSIGNER" : "psirt@us.ibm.com"
},
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "8.100",
"A" : "H",
"I" : "H",
"UI" : "N",
"S" : "U",
"PR" : "N",
"AC" : "H",
"C" : "H",
"AV" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_type" : "CVE",
"data_version" : "4.0",
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix for CVE-2020-4211. IBM X-Force ID: 181724."
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6221358",
"name" : "https://www.ibm.com/support/pages/node/6221358",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6221358 (Spectrum Protect Plus)"
},
{
"name" : "ibm-spectrum-cve20204469-code-exec (181724)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181724",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Plus",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.5"
}
]
}
}
]
}
}
]
}
}
]
}
}
}

105
2020/4xxx/CVE-2020-4470.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4470",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"ID" : "CVE-2020-4470",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-06-12T00:00:00",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "7.100",
"A" : "H",
"I" : "H",
"UI" : "R",
"S" : "U",
"C" : "H",
"PR" : "L",
"AC" : "H",
"AV" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6221358 (Spectrum Protect Plus)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6221358",
"url" : "https://www.ibm.com/support/pages/node/6221358"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181725",
"name" : "ibm-spectrum-cve20204470-file-upload (181725)",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Plus",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.5"
}
]
}
}
]
}
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
}
}

105
2020/4xxx/CVE-2020-4471.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4471",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. IBM X-Force ID: 181726.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6221358 (Spectrum Protect Plus)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6221358",
"name" : "https://www.ibm.com/support/pages/node/6221358"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181726",
"name" : "ibm-spectrum-cve20204471-dos (181726)",
"refsource" : "XF"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.5"
}
]
},
"product_name" : "Spectrum Protect Plus"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-06-12T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4471"
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"PR" : "N",
"AC" : "H",
"C" : "N",
"UI" : "N",
"S" : "U",
"A" : "L",
"SCORE" : "4.800",
"I" : "L"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_version" : "4.0",
"data_format" : "MITRE"
}

105
2020/4xxx/CVE-2020-4477.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4477",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_format" : "MITRE",
"data_version" : "4.0",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"UI" : "N",
"I" : "N",
"SCORE" : "5.300",
"A" : "N",
"AV" : "N",
"C" : "H",
"AC" : "H",
"PR" : "L"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4477",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-06-12T00:00:00",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.5"
}
]
},
"product_name" : "Spectrum Protect Plus"
}
]
}
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6221388 (Spectrum Protect Plus)",
"url" : "https://www.ibm.com/support/pages/node/6221388",
"name" : "https://www.ibm.com/support/pages/node/6221388",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-spectrum-cve20204477-info-disc (181779)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181779"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779."
}
]
}
}

144
2020/4xxx/CVE-2020-4494.json
View File

@ -1,18 +1,132 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4494",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"I" : "N",
"A" : "N",
"SCORE" : "7.500",
"S" : "U",
"UI" : "N",
"C" : "H",
"AC" : "L",
"PR" : "N",
"AV" : "N"
}
}
},
"data_type" : "CVE",
"data_version" : "4.0",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-06-12T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4494"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.1.7.0"
},
{
"version_value" : "8.1.9.1"
}
]
},
"product_name" : "Spectrum Protect for Space Management (Linux)"
},
{
"version" : {
"version_data" : [
{
"version_value" : "8.1.9.0"
},
{
"version_value" : "8.1.9.1"
}
]
},
"product_name" : "Spectrum Protect for Space Management (AIX)"
},
{
"product_name" : "Spectrum Protect Client (AIX)",
"version" : {
"version_data" : [
{
"version_value" : "8.1.9.0"
},
{
"version_value" : "8.1.9.1"
}
]
}
},
{
"product_name" : "Spectrum Protect Client (Linux and Windows)",
"version" : {
"version_data" : [
{
"version_value" : "8.1.7.0"
},
{
"version_value" : "8.1.9.1"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6221448 (Spectrum Protect Client (Linux and Windows))",
"name" : "https://www.ibm.com/support/pages/node/6221448",
"url" : "https://www.ibm.com/support/pages/node/6221448",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-spectrum-cve20204494-info-disc (182019)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/182019"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.",
"lang" : "eng"
}
]
}
}