diff --git a/2018/1xxx/CVE-2018-1934.json b/2018/1xxx/CVE-2018-1934.json index 831d83eaa5c..c9cb3319d6c 100644 --- a/2018/1xxx/CVE-2018-1934.json +++ b/2018/1xxx/CVE-2018-1934.json @@ -1,90 +1,90 @@ { - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153179." - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-12-19T00:00:00", - "ID" : "CVE-2018-1934", - "STATE" : "PUBLIC" - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "UI" : "R", - "SCORE" : "4.300", - "A" : "N", - "C" : "N", - "S" : "U", - "PR" : "N", - "I" : "L", - "AC" : "L", - "AV" : "N" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.2.2" - } - ] - }, - "product_name" : "Cognos Business Intelligence" - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153179." } - ] - } - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 1142626 (Cognos Business Intelligence)", - "name" : "https://www.ibm.com/support/pages/node/1142626", - "url" : "https://www.ibm.com/support/pages/node/1142626" - }, - { - "refsource" : "XF", - "name" : "ibm-cognos-cve20181934-csrf (153179)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153179" - } - ] - } -} + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-12-19T00:00:00", + "ID": "CVE-2018-1934", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "UI": "R", + "SCORE": "4.300", + "A": "N", + "C": "N", + "S": "U", + "PR": "N", + "I": "L", + "AC": "L", + "AV": "N" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.2.2" + } + ] + }, + "product_name": "Cognos Business Intelligence" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1142626 (Cognos Business Intelligence)", + "name": "https://www.ibm.com/support/pages/node/1142626", + "url": "https://www.ibm.com/support/pages/node/1142626" + }, + { + "refsource": "XF", + "name": "ibm-cognos-cve20181934-csrf (153179)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153179" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15910.json b/2019/15xxx/CVE-2019-15910.json new file mode 100644 index 00000000000..dcf1540aaec --- /dev/null +++ b/2019/15xxx/CVE-2019-15910.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on ASUS HG100 1.05.12, WS-101 1.05.12, and TS-101 1.05.12 devices using ZigBee PRO. Attackers can utilize the \"discover ZigBee network procedure\" to perform a denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15910.md", + "url": "https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15910.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15911.json b/2019/15xxx/CVE-2019-15911.json new file mode 100644 index 00000000000..e00a11e7631 --- /dev/null +++ b/2019/15xxx/CVE-2019-15911.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on ASUS HG100 1.05.12, WS-101 1.05.12, and TS-101 1.05.12 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause a denial of service attack, take over smart home devices, and tamper with messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15911.md", + "url": "https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15911.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15912.json b/2019/15xxx/CVE-2019-15912.json new file mode 100644 index 00000000000..4cfdb5cd61b --- /dev/null +++ b/2019/15xxx/CVE-2019-15912.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on ASUS HG100 1.05.12, WS-101 1.05.12, and TS-101 1.05.12 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform a denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15912_1.md", + "url": "https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15912_1.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15912_2.md", + "url": "https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15912_2.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15913.json b/2019/15xxx/CVE-2019-15913.json new file mode 100644 index 00000000000..bc686a21839 --- /dev/null +++ b/2019/15xxx/CVE-2019-15913.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM 5.5.48 devices. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause a denial of service attack, take over smart home devices, and tamper with messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15913.md", + "url": "https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15913.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15914.json b/2019/15xxx/CVE-2019-15914.json new file mode 100644 index 00000000000..130c272dbef --- /dev/null +++ b/2019/15xxx/CVE-2019-15914.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM 5.5.48 devices. Attackers can use the ZigBee trust center rejoin procedure to perform a denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15914_1.md", + "url": "https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15914_1.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15914_2.md", + "url": "https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15914_2.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15915.json b/2019/15xxx/CVE-2019-15915.json new file mode 100644 index 00000000000..d370eeaf0d7 --- /dev/null +++ b/2019/15xxx/CVE-2019-15915.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM 5.5.48 devices. Attackers can utilize the \"discover ZigBee network procedure\" to perform a denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15915.md", + "url": "https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15915.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json new file mode 100644 index 00000000000..cb3e5924f1f --- /dev/null +++ b/2019/17xxx/CVE-2019-17571.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17571", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Log4j", + "version": { + "version_data": [ + { + "version_value": "versions up to 1.2.17" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E", + "url": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19747.json b/2019/19xxx/CVE-2019-19747.json index db87db92639..b9dbd4fe6c1 100644 --- a/2019/19xxx/CVE-2019-19747.json +++ b/2019/19xxx/CVE-2019-19747.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19747", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19747", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password (provided that the active directory server has not been configured to reject empty passwords)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://neuvector.com/container-security/blog/", + "refsource": "MISC", + "name": "https://neuvector.com/container-security/blog/" + }, + { + "refsource": "MISC", + "name": "https://paulrobertson.co.za/cve-2019-19747/", + "url": "https://paulrobertson.co.za/cve-2019-19747/" } ] } diff --git a/2019/19xxx/CVE-2019-19906.json b/2019/19xxx/CVE-2019-19906.json index b73ed920393..83603f8ed45 100644 --- a/2019/19xxx/CVE-2019-19906.json +++ b/2019/19xxx/CVE-2019-19906.json @@ -61,6 +61,11 @@ "url": "https://www.openldap.org/its/index.cgi/Incoming?id=9123", "refsource": "MISC", "name": "https://www.openldap.org/its/index.cgi/Incoming?id=9123" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191220 [SECURITY] [DLA 2044-1] cyrus-sasl2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html" } ] } diff --git a/2019/4xxx/CVE-2019-4231.json b/2019/4xxx/CVE-2019-4231.json index 259930c72c1..34ac5217d61 100644 --- a/2019/4xxx/CVE-2019-4231.json +++ b/2019/4xxx/CVE-2019-4231.json @@ -1,93 +1,93 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "11.0" - }, - { - "version_value" : "11.1" - } - ] - }, - "product_name" : "Cognos Analytics" - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "AC" : "L", - "AV" : "N", - "PR" : "N", - "I" : "L", - "C" : "N", - "S" : "U", - "UI" : "R", - "SCORE" : "4.300", - "A" : "N" - } - } - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/1138588", - "title" : "IBM Security Bulletin 1138588 (Cognos Analytics)", - "name" : "https://www.ibm.com/support/pages/node/1138588", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-cognos-cve20194231-csrf (159356)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159356" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "11.0" + }, + { + "version_value": "11.1" + } + ] + }, + "product_name": "Cognos Analytics" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2019-4231", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-12-19T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356.", - "lang" : "eng" - } - ] - } -} + } + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "AC": "L", + "AV": "N", + "PR": "N", + "I": "L", + "C": "N", + "S": "U", + "UI": "R", + "SCORE": "4.300", + "A": "N" + } + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1138588", + "title": "IBM Security Bulletin 1138588 (Cognos Analytics)", + "name": "https://www.ibm.com/support/pages/node/1138588", + "refsource": "CONFIRM" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-cognos-cve20194231-csrf (159356)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159356" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-4231", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-12-19T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "description": { + "description_data": [ + { + "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4555.json b/2019/4xxx/CVE-2019-4555.json index 76644574aef..9656fa19e04 100644 --- a/2019/4xxx/CVE-2019-4555.json +++ b/2019/4xxx/CVE-2019-4555.json @@ -1,93 +1,93 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166204.", - "lang" : "eng" - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4555", - "DATE_PUBLIC" : "2019-12-19T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_type" : "CVE", - "data_version" : "4.0", - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/1138588", - "title" : "IBM Security Bulletin 1138588 (Cognos Analytics)", - "name" : "https://www.ibm.com/support/pages/node/1138588" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/166204", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-cognos-cve20194555-xss (166204)", - "refsource" : "XF" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "11.0" - }, - { - "version_value" : "11.1" - } - ] - }, - "product_name" : "Cognos Analytics" - } - ] - } + "value": "IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166204.", + "lang": "eng" } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "AC" : "L", - "PR" : "L", - "I" : "L", - "S" : "C", - "C" : "L", - "SCORE" : "5.400", - "UI" : "R", - "A" : "N" - }, - "TM" : { - "RC" : "C", - "E" : "H", - "RL" : "O" - } - } - } -} + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-4555", + "DATE_PUBLIC": "2019-12-19T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_type": "CVE", + "data_version": "4.0", + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1138588", + "title": "IBM Security Bulletin 1138588 (Cognos Analytics)", + "name": "https://www.ibm.com/support/pages/node/1138588" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166204", + "title": "X-Force Vulnerability Report", + "name": "ibm-cognos-cve20194555-xss (166204)", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "11.0" + }, + { + "version_value": "11.1" + } + ] + }, + "product_name": "Cognos Analytics" + } + ] + } + } + ] + } + }, + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "AC": "L", + "PR": "L", + "I": "L", + "S": "C", + "C": "L", + "SCORE": "5.400", + "UI": "R", + "A": "N" + }, + "TM": { + "RC": "C", + "E": "H", + "RL": "O" + } + } + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4736.json b/2019/4xxx/CVE-2019-4736.json index ff2e27dc10e..a1905ad042d 100644 --- a/2019/4xxx/CVE-2019-4736.json +++ b/2019/4xxx/CVE-2019-4736.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "CVE_data_meta" : { - "ID" : "CVE-2019-4736", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-12-19T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Financial Transaction Manager 3.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172706." - } - ] - }, - "data_version" : "4.0", - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/1135173", - "title" : "IBM Security Bulletin 1135173 (Financial Transaction Manager)", - "name" : "https://www.ibm.com/support/pages/node/1135173" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172706", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-ftm-cve20194736-csrf (172706)", - "refsource" : "XF" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "SCORE" : "4.300", - "UI" : "R", - "S" : "U", - "C" : "N", - "I" : "L", - "PR" : "N", - "AV" : "N", - "AC" : "L" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-4736", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-12-19T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Financial Transaction Manager", - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Financial Transaction Manager 3.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172706." } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } + ] + }, + "data_version": "4.0", + "data_type": "CVE", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1135173", + "title": "IBM Security Bulletin 1135173 (Financial Transaction Manager)", + "name": "https://www.ibm.com/support/pages/node/1135173" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172706", + "title": "X-Force Vulnerability Report", + "name": "ibm-ftm-cve20194736-csrf (172706)", + "refsource": "XF" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "SCORE": "4.300", + "UI": "R", + "S": "U", + "C": "N", + "I": "L", + "PR": "N", + "AV": "N", + "AC": "L" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Transaction Manager", + "version": { + "version_data": [ + { + "version_value": "3.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4742.json b/2019/4xxx/CVE-2019-4742.json index 815642a3c65..d3fc7c2304b 100644 --- a/2019/4xxx/CVE-2019-4742.json +++ b/2019/4xxx/CVE-2019-4742.json @@ -1,90 +1,90 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Financial Transaction Manager 3.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 172877." - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2019-12-19T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4742", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_version" : "4.0", - "data_type" : "CVE", - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/1135173", - "title" : "IBM Security Bulletin 1135173 (Financial Transaction Manager)", - "name" : "https://www.ibm.com/support/pages/node/1135173", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172877", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-ftm-cve20194742-clickjacking (172877)" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "I" : "L", - "PR" : "N", - "AV" : "N", - "AC" : "L", - "A" : "N", - "SCORE" : "6.100", - "UI" : "R", - "S" : "C", - "C" : "L" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Financial Transaction Manager", - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Financial Transaction Manager 3.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 172877." } - ] - } - } -} + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2019-12-19T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2019-4742", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1135173", + "title": "IBM Security Bulletin 1135173 (Financial Transaction Manager)", + "name": "https://www.ibm.com/support/pages/node/1135173", + "refsource": "CONFIRM" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172877", + "title": "X-Force Vulnerability Report", + "name": "ibm-ftm-cve20194742-clickjacking (172877)" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "I": "L", + "PR": "N", + "AV": "N", + "AC": "L", + "A": "N", + "SCORE": "6.100", + "UI": "R", + "S": "C", + "C": "L" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Transaction Manager", + "version": { + "version_data": [ + { + "version_value": "3.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4743.json b/2019/4xxx/CVE-2019-4743.json index 24dfb953b62..796e702a262 100644 --- a/2019/4xxx/CVE-2019-4743.json +++ b/2019/4xxx/CVE-2019-4743.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/1135173", - "name" : "https://www.ibm.com/support/pages/node/1135173", - "title" : "IBM Security Bulletin 1135173 (Financial Transaction Manager)" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172880", - "name" : "ibm-ftm-cve20194743-info-disc (172880)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "SCORE" : "4.300", - "UI" : "R", - "A" : "N", - "S" : "U", - "C" : "L", - "PR" : "N", - "I" : "N", - "AV" : "N", - "AC" : "L" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Financial Transaction Manager", - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172880." - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4743", - "DATE_PUBLIC" : "2019-12-19T00:00:00" - }, - "data_version" : "4.0", - "data_type" : "CVE", - "data_format" : "MITRE" -} + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1135173", + "name": "https://www.ibm.com/support/pages/node/1135173", + "title": "IBM Security Bulletin 1135173 (Financial Transaction Manager)" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172880", + "name": "ibm-ftm-cve20194743-info-disc (172880)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "SCORE": "4.300", + "UI": "R", + "A": "N", + "S": "U", + "C": "L", + "PR": "N", + "I": "N", + "AV": "N", + "AC": "L" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Transaction Manager", + "version": { + "version_data": [ + { + "version_value": "3.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172880." + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2019-4743", + "DATE_PUBLIC": "2019-12-19T00:00:00" + }, + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4744.json b/2019/4xxx/CVE-2019-4744.json index 7f4859f62a6..b877a53deec 100644 --- a/2019/4xxx/CVE-2019-4744.json +++ b/2019/4xxx/CVE-2019-4744.json @@ -1,90 +1,90 @@ { - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 1135173 (Financial Transaction Manager)", - "name" : "https://www.ibm.com/support/pages/node/1135173", - "url" : "https://www.ibm.com/support/pages/node/1135173" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172882", - "name" : "ibm-ftm-cve20194744-xss (172882)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - } - ] - }, - "product_name" : "Financial Transaction Manager" - } - ] - }, - "vendor_name" : "IBM" + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1135173 (Financial Transaction Manager)", + "name": "https://www.ibm.com/support/pages/node/1135173", + "url": "https://www.ibm.com/support/pages/node/1135173" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172882", + "name": "ibm-ftm-cve20194744-xss (172882)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" } - ] - } - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "H", - "RL" : "O" - }, - "BM" : { - "PR" : "N", - "I" : "L", - "AC" : "L", - "AV" : "N", - "UI" : "R", - "SCORE" : "6.100", - "A" : "N", - "C" : "L", - "S" : "C" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "3.0" + } + ] + }, + "product_name": "Financial Transaction Manager" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Financial Transaction Manager 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172882." - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4744", - "DATE_PUBLIC" : "2019-12-19T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_version" : "4.0", - "data_type" : "CVE" -} + } + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "H", + "RL": "O" + }, + "BM": { + "PR": "N", + "I": "L", + "AC": "L", + "AV": "N", + "UI": "R", + "SCORE": "6.100", + "A": "N", + "C": "L", + "S": "C" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Financial Transaction Manager 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172882." + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-4744", + "DATE_PUBLIC": "2019-12-19T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_version": "4.0", + "data_type": "CVE" +} \ No newline at end of file