From 35178f03dfd658dcdc4ddacccf70f43d615c213e Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Mon, 9 Dec 2019 17:27:54 -0500 Subject: [PATCH] IBM20191209-172754 Added CVE-2019-4612, CVE-2019-4621, CVE-2019-4428, CVE-2019-4611 --- 2019/4xxx/CVE-2019-4428.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4611.json | 102 +++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4612.json | 102 +++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4621.json | 111 ++++++++++++++++++++++++++++++----- 4 files changed, 360 insertions(+), 60 deletions(-) diff --git a/2019/4xxx/CVE-2019-4428.json b/2019/4xxx/CVE-2019-4428.json index 5f004fc42ad..1ae378b97b5 100644 --- a/2019/4xxx/CVE-2019-4428.json +++ b/2019/4xxx/CVE-2019-4428.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4428", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "I" : "L", + "UI" : "R", + "S" : "C", + "A" : "N", + "C" : "L", + "AC" : "L", + "SCORE" : "5.400", + "PR" : "L", + "AV" : "N" + } + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162807." + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "1.0.0" + }, + { + "version_value" : "1.3.0" + } + ] + }, + "product_name" : "Watson Assistant for IBM Cloud Pak for Data" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/1125585", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 1125585 (Watson Assistant for IBM Cloud Pak for Data)", + "name" : "https://www.ibm.com/support/pages/node/1125585" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162807", + "refsource" : "XF", + "name" : "ibm-wdc-cve20194428-xss (162807)", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "ID" : "CVE-2019-4428", + "DATE_PUBLIC" : "2019-12-06T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC" + } +} diff --git a/2019/4xxx/CVE-2019-4611.json b/2019/4xxx/CVE-2019-4611.json index 9bf61e881f9..edeea137527 100644 --- a/2019/4xxx/CVE-2019-4611.json +++ b/2019/4xxx/CVE-2019-4611.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4611", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 1118565 (Planning Analytics)", + "name" : "https://www.ibm.com/support/pages/node/1118565", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/1118565" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/168519", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-planning-cve20194611-xss (168519)" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2" + } + ] + }, + "product_name" : "Planning Analytics" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "L", + "AC" : "L", + "A" : "N", + "AV" : "N", + "PR" : "L", + "SCORE" : "5.400", + "S" : "C", + "I" : "L", + "UI" : "R" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "H" + } + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-12-06T00:00:00", + "ID" : "CVE-2019-4611" + } +} diff --git a/2019/4xxx/CVE-2019-4612.json b/2019/4xxx/CVE-2019-4612.json index f0ee885541c..0220d235ce9 100644 --- a/2019/4xxx/CVE-2019-4612.json +++ b/2019/4xxx/CVE-2019-4612.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4612", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/1118565", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/1118565", + "title" : "IBM Security Bulletin 1118565 (Planning Analytics)" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/168523", + "name" : "ibm-planning-cve20194612-file-upload (168523)", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523." + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "S" : "U", + "UI" : "R", + "I" : "H", + "AV" : "N", + "SCORE" : "6.300", + "PR" : "L", + "C" : "L", + "AC" : "L", + "A" : "N" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2" + } + ] + }, + "product_name" : "Planning Analytics" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4612", + "DATE_PUBLIC" : "2019-12-06T00:00:00" + }, + "data_type" : "CVE" +} diff --git a/2019/4xxx/CVE-2019-4621.json b/2019/4xxx/CVE-2019-4621.json index 4f4c16022f6..bab1c82a36d 100644 --- a/2019/4xxx/CVE-2019-4621.json +++ b/2019/4xxx/CVE-2019-4621.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4621", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "DataPower Gateway", + "version" : { + "version_data" : [ + { + "version_value" : "7.6.0.0" + }, + { + "version_value" : "2018.4.1.0" + }, + { + "version_value" : "7.6.0.14" + }, + { + "version_value" : "2018.4.1.5" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "I" : "H", + "UI" : "N", + "S" : "U", + "AV" : "N", + "SCORE" : "8.100", + "PR" : "N", + "C" : "H", + "AC" : "H", + "A" : "H" + }, + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Bypass Security" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/1125615", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/1125615", + "title" : "IBM Security Bulletin 1125615 (DataPower Gateway)" + }, + { + "title" : "X-Force Vulnerability Report", + "name" : "ibm-mq-cve20194621-sec-bypass (168883)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/168883" + } + ] + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-12-05T00:00:00", + "ID" : "CVE-2019-4621", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC" + }, + "data_type" : "CVE" +}