IBM20210302-115125

Added CVE-2020-4725, CVE-2020-4726, CVE-2020-4719
2025-06-12 02:05:39 +00:00 · 2021-03-02 11:51:25 -05:00 · 2021-03-02 11:51:25 -05:00 · 3529d6da22
commit 3529d6da22
parent fa56ab9f69
3 changed files with 261 additions and 45 deletions
--- a/2020/4xxx/CVE-2020-4719.json
+++ b/2020/4xxx/CVE-2020-4719.json
@ -1,18 +1,90 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2020-4719",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
+   "CVE_data_meta" : {
+      "ID" : "CVE-2020-4719",
+      "STATE" : "PUBLIC",
+      "ASSIGNER" : "psirt@us.ibm.com",
+      "DATE_PUBLIC" : "2021-02-26T00:00:00"
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "Bypass Security"
+               }
+            ]
+         }
+      ]
+   },
+   "data_type" : "CVE",
+   "description" : {
+      "description_data" : [
+         {
+            "value" : "The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition.  This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames.  IBM X-Force ID:  187861.",
+            "lang" : "eng"
+         }
+      ]
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "vendor_name" : "IBM",
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "Cloud APM",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "8.1.4"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               }
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "https://www.ibm.com/support/pages/node/6417137",
+            "title" : "IBM Security Bulletin 6417137 (Cloud APM)",
+            "refsource" : "CONFIRM",
+            "name" : "https://www.ibm.com/support/pages/node/6417137"
+         },
+         {
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187861",
+            "name" : "ibm-monitoring-cve20204719-sec-bypass (187861)",
+            "title" : "X-Force Vulnerability Report",
+            "refsource" : "XF"
+         }
+      ]
+   },
+   "impact" : {
+      "cvssv3" : {
+         "BM" : {
+            "UI" : "N",
+            "SCORE" : "4.900",
+            "PR" : "H",
+            "I" : "H",
+            "AV" : "N",
+            "A" : "N",
+            "S" : "U",
+            "C" : "N",
+            "AC" : "L"
+         },
+         "TM" : {
+            "RL" : "O",
+            "RC" : "C",
+            "E" : "U"
+         }
+      }
+   },
+   "data_version" : "4.0",
+   "data_format" : "MITRE"
+}
--- a/2020/4xxx/CVE-2020-4725.json
+++ b/2020/4xxx/CVE-2020-4725.json
@ -1,18 +1,90 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2020-4725",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "vendor_name" : "IBM",
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "Cloud APM",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "8.1.4"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               }
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI, which could mislead another user.  IBM X-Force ID:  187974."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "value" : "Data Manipulation",
+                  "lang" : "eng"
+               }
+            ]
+         }
+      ]
+   },
+   "CVE_data_meta" : {
+      "STATE" : "PUBLIC",
+      "ID" : "CVE-2020-4725",
+      "ASSIGNER" : "psirt@us.ibm.com",
+      "DATE_PUBLIC" : "2021-02-26T00:00:00"
+   },
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "data_format" : "MITRE",
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "https://www.ibm.com/support/pages/node/6417137",
+            "refsource" : "CONFIRM",
+            "title" : "IBM Security Bulletin 6417137 (Cloud APM)",
+            "name" : "https://www.ibm.com/support/pages/node/6417137"
+         },
+         {
+            "title" : "X-Force Vulnerability Report",
+            "name" : "ibm-monitoring-cve20204725-content-spoofing (187974)",
+            "refsource" : "XF",
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187974"
+         }
+      ]
+   },
+   "impact" : {
+      "cvssv3" : {
+         "BM" : {
+            "UI" : "N",
+            "I" : "L",
+            "AV" : "N",
+            "PR" : "L",
+            "SCORE" : "4.300",
+            "S" : "U",
+            "A" : "N",
+            "AC" : "L",
+            "C" : "N"
+         },
+         "TM" : {
+            "RL" : "O",
+            "E" : "U",
+            "RC" : "C"
+         }
+      }
+   }
+}
--- a/2020/4xxx/CVE-2020-4726.json
+++ b/2020/4xxx/CVE-2020-4726.json
@ -1,18 +1,90 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2020-4726",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "vendor_name" : "IBM",
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "Cloud APM",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "8.1.4"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               }
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system.  IBM X-Force ID:  187975."
+         }
+      ]
+   },
+   "data_type" : "CVE",
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "Obtain Information"
+               }
+            ]
+         }
+      ]
+   },
+   "CVE_data_meta" : {
+      "DATE_PUBLIC" : "2021-02-26T00:00:00",
+      "ASSIGNER" : "psirt@us.ibm.com",
+      "ID" : "CVE-2020-4726",
+      "STATE" : "PUBLIC"
+   },
+   "data_format" : "MITRE",
+   "data_version" : "4.0",
+   "impact" : {
+      "cvssv3" : {
+         "TM" : {
+            "RL" : "O",
+            "E" : "U",
+            "RC" : "C"
+         },
+         "BM" : {
+            "UI" : "N",
+            "AV" : "L",
+            "I" : "N",
+            "PR" : "N",
+            "SCORE" : "4.000",
+            "S" : "U",
+            "A" : "N",
+            "AC" : "L",
+            "C" : "L"
+         }
+      }
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "https://www.ibm.com/support/pages/node/6417137",
+            "refsource" : "CONFIRM",
+            "name" : "https://www.ibm.com/support/pages/node/6417137",
+            "title" : "IBM Security Bulletin 6417137 (Cloud APM)"
+         },
+         {
+            "name" : "ibm-monitoring-cve20204726-info-disc (187975)",
+            "refsource" : "XF",
+            "title" : "X-Force Vulnerability Report",
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187975"
+         }
+      ]
+   }
+}