admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 11:37:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20191209-172754

Browse Source 
Added CVE-2019-4612, CVE-2019-4621, CVE-2019-4428, CVE-2019-4611
This commit is contained in:
Scott Moore - IBM 2019-12-09 17:27:54 -05:00
parent a279eea771
commit 35178f03df
No known key found for this signature in database
GPG Key ID: 8E6C411D57F2D75C
4 changed files with 360 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
2019/4xxx/CVE-2019-4428.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4428",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"I" : "L",
"UI" : "R",
"S" : "C",
"A" : "N",
"C" : "L",
"AC" : "L",
"SCORE" : "5.400",
"PR" : "L",
"AV" : "N"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162807."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.0.0"
},
{
"version_value" : "1.3.0"
}
]
},
"product_name" : "Watson Assistant for IBM Cloud Pak for Data"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"data_format" : "MITRE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1125585",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 1125585 (Watson Assistant for IBM Cloud Pak for Data)",
"name" : "https://www.ibm.com/support/pages/node/1125585"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162807",
"refsource" : "XF",
"name" : "ibm-wdc-cve20194428-xss (162807)",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2019-4428",
"DATE_PUBLIC" : "2019-12-06T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
}
}

102
2019/4xxx/CVE-2019-4611.json
View File

@ -1,18 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4611",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 1118565 (Planning Analytics)",
"name" : "https://www.ibm.com/support/pages/node/1118565",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/1118565"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/168519",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-planning-cve20194611-xss (168519)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2"
}
]
},
"product_name" : "Planning Analytics"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "L",
"AC" : "L",
"A" : "N",
"AV" : "N",
"PR" : "L",
"SCORE" : "5.400",
"S" : "C",
"I" : "L",
"UI" : "R"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "H"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-12-06T00:00:00",
"ID" : "CVE-2019-4611"
}
}

102
2019/4xxx/CVE-2019-4612.json
View File

@ -1,18 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4612",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1118565",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1118565",
"title" : "IBM Security Bulletin 1118565 (Planning Analytics)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/168523",
"name" : "ibm-planning-cve20194612-file-upload (168523)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"S" : "U",
"UI" : "R",
"I" : "H",
"AV" : "N",
"SCORE" : "6.300",
"PR" : "L",
"C" : "L",
"AC" : "L",
"A" : "N"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2"
}
]
},
"product_name" : "Planning Analytics"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4612",
"DATE_PUBLIC" : "2019-12-06T00:00:00"
},
"data_type" : "CVE"
}

111
2019/4xxx/CVE-2019-4621.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4621",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "DataPower Gateway",
"version" : {
"version_data" : [
{
"version_value" : "7.6.0.0"
},
{
"version_value" : "2018.4.1.0"
},
{
"version_value" : "7.6.0.14"
},
{
"version_value" : "2018.4.1.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "H",
"UI" : "N",
"S" : "U",
"AV" : "N",
"SCORE" : "8.100",
"PR" : "N",
"C" : "H",
"AC" : "H",
"A" : "H"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Bypass Security"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1125615",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1125615",
"title" : "IBM Security Bulletin 1125615 (DataPower Gateway)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-mq-cve20194621-sec-bypass (168883)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/168883"
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-12-05T00:00:00",
"ID" : "CVE-2019-4621",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"data_type" : "CVE"
}