From 14a91fce46f979174154ba7bc82506b2506f61c0 Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Wed, 2 Oct 2019 10:41:25 -0400 Subject: [PATCH] IBM20191002-104125 Added CVE-2019-4520, CVE-2019-4542, CVE-2019-4549, CVE-2019-4538, CVE-2019-4539 --- 2019/4xxx/CVE-2019-4520.json | 102 +++++++++++++++++++++++++++++------ 2019/4xxx/CVE-2019-4538.json | 102 +++++++++++++++++++++++++++++------ 2019/4xxx/CVE-2019-4539.json | 102 +++++++++++++++++++++++++++++------ 2019/4xxx/CVE-2019-4542.json | 102 +++++++++++++++++++++++++++++------ 2019/4xxx/CVE-2019-4549.json | 102 +++++++++++++++++++++++++++++------ 5 files changed, 435 insertions(+), 75 deletions(-) diff --git a/2019/4xxx/CVE-2019-4520.json b/2019/4xxx/CVE-2019-4520.json index a31d4d79169..d1a5727541e 100644 --- a/2019/4xxx/CVE-2019-4520.json +++ b/2019/4xxx/CVE-2019-4520.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4520", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "value" : "IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178.", + "lang" : "eng" + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-10-01T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4520" + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 1077045 (Security Directory Server)", + "name" : "https://www.ibm.com/support/pages/node/1077045", + "url" : "https://www.ibm.com/support/pages/node/1077045" + }, + { + "refsource" : "XF", + "name" : "ibm-sds-cve20194520-info-disc (165178)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/165178" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Security Directory Server", + "version" : { + "version_data" : [ + { + "version_value" : "6.4.0" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "AC" : "L", + "SCORE" : "7.500", + "UI" : "N", + "PR" : "N", + "A" : "N", + "I" : "N", + "AV" : "N", + "S" : "U", + "C" : "H" + } + } + } +} diff --git a/2019/4xxx/CVE-2019-4538.json b/2019/4xxx/CVE-2019-4538.json index 02ea00be94e..92d90264549 100644 --- a/2019/4xxx/CVE-2019-4538.json +++ b/2019/4xxx/CVE-2019-4538.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4538", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "value" : "IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660.", + "lang" : "eng" + } + ] + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-10-01T00:00:00", + "ID" : "CVE-2019-4538", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "PR" : "N", + "A" : "N", + "I" : "H", + "AV" : "N", + "S" : "C", + "C" : "N", + "AC" : "L", + "SCORE" : "7.400", + "UI" : "R" + } + } + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/1077045", + "name" : "https://www.ibm.com/support/pages/node/1077045", + "title" : "IBM Security Bulletin 1077045 (Security Directory Server)", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-sds-cve20194538-open-redirect (165660)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/165660" + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Security Directory Server", + "version" : { + "version_data" : [ + { + "version_value" : "6.4.0" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2019/4xxx/CVE-2019-4539.json b/2019/4xxx/CVE-2019-4539.json index 1b55d865b08..4c6bf0a5dbb 100644 --- a/2019/4xxx/CVE-2019-4539.json +++ b/2019/4xxx/CVE-2019-4539.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4539", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "BM" : { + "PR" : "L", + "A" : "H", + "I" : "L", + "AV" : "N", + "S" : "U", + "C" : "N", + "AC" : "L", + "SCORE" : "7.100", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/1077045", + "title" : "IBM Security Bulletin 1077045 (Security Directory Server)", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/1077045" + }, + { + "refsource" : "XF", + "name" : "ibm-sds-cve20194539-xml-injection (165812)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/165812" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Security Directory Server", + "version" : { + "version_data" : [ + { + "version_value" : "6.4.0" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Denial of Service" + } + ] + } + ] + }, + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "value" : "IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812.", + "lang" : "eng" + } + ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-10-01T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4539" + }, + "data_type" : "CVE" +} diff --git a/2019/4xxx/CVE-2019-4542.json b/2019/4xxx/CVE-2019-4542.json index 5d2e54721a6..b0e3b4908bb 100644 --- a/2019/4xxx/CVE-2019-4542.json +++ b/2019/4xxx/CVE-2019-4542.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4542", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-10-01T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4542" + }, + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 165815." + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "PR" : "N", + "A" : "N", + "I" : "L", + "AV" : "N", + "S" : "C", + "C" : "L", + "AC" : "L", + "SCORE" : "6.100", + "UI" : "R" + }, + "TM" : { + "E" : "H", + "RL" : "O", + "RC" : "C" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "6.4.0" + } + ] + }, + "product_name" : "Security Directory Server" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/1077045", + "title" : "IBM Security Bulletin 1077045 (Security Directory Server)", + "name" : "https://www.ibm.com/support/pages/node/1077045", + "refsource" : "CONFIRM" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/165815", + "refsource" : "XF", + "name" : "ibm-sds-cve20194542-xss (165815)", + "title" : "X-Force Vulnerability Report" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4549.json b/2019/4xxx/CVE-2019-4549.json index 33cdaf2f515..fb91100c528 100644 --- a/2019/4xxx/CVE-2019-4549.json +++ b/2019/4xxx/CVE-2019-4549.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4549", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "value" : "IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951.", + "lang" : "eng" + } + ] + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "ID" : "CVE-2019-4549", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-10-01T00:00:00", + "STATE" : "PUBLIC" + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 1077045 (Security Directory Server)", + "name" : "https://www.ibm.com/support/pages/node/1077045", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/1077045" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/165951", + "refsource" : "XF", + "name" : "ibm-sds-cve20194549-info-disc (165951)", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Security Directory Server", + "version" : { + "version_data" : [ + { + "version_value" : "6.4.0" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "UI" : "N", + "SCORE" : "5.300", + "AC" : "L", + "S" : "U", + "C" : "L", + "AV" : "N", + "I" : "N", + "PR" : "N", + "A" : "N" + } + } + } +}