From 38ae22ad2c711f976fc96e2197525c99db68eff1 Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Tue, 5 Mar 2019 11:55:57 -0500 Subject: [PATCH] IBM20190305-115557 Added CVE-2019-4032, CVE-2019-4027, CVE-2019-4063, CVE-2018-1899, CVE-2018-1938, CVE-2018-1875, CVE-2018-1939, CVE-2019-4029, CVE-2018-1937, CVE-2019-4028 --- 2018/1xxx/CVE-2018-1875.json | 111 +++++++++++++++++++++++++++++++---- 2018/1xxx/CVE-2018-1899.json | 96 +++++++++++++++++++++++++++--- 2018/1xxx/CVE-2018-1937.json | 88 ++++++++++++++++++++++++--- 2018/1xxx/CVE-2018-1938.json | 88 ++++++++++++++++++++++++--- 2018/1xxx/CVE-2018-1939.json | 86 ++++++++++++++++++++++++--- 2019/4xxx/CVE-2019-4027.json | 85 +++++++++++++++++++++++++-- 2019/4xxx/CVE-2019-4028.json | 87 +++++++++++++++++++++++++-- 2019/4xxx/CVE-2019-4029.json | 91 +++++++++++++++++++++++++--- 2019/4xxx/CVE-2019-4032.json | 88 ++++++++++++++++++++++++--- 2019/4xxx/CVE-2019-4063.json | 89 +++++++++++++++++++++++++--- 10 files changed, 833 insertions(+), 76 deletions(-) diff --git a/2018/1xxx/CVE-2018-1875.json b/2018/1xxx/CVE-2018-1875.json index 5b6cab7d3bf..c5998221eb8 100644 --- a/2018/1xxx/CVE-2018-1875.json +++ b/2018/1xxx/CVE-2018-1875.json @@ -1,18 +1,109 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1875", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", "data_version" : "4.0", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ID" : "CVE-2018-1875", + "DATE_PUBLIC" : "2019-02-01T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 151639.", + "lang" : "eng" } ] - } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "11.3" + }, + { + "version_value" : "11.5" + }, + { + "version_value" : "11.7" + } + ] + }, + "product_name" : "InfoSphere Information Governance Catalog" + }, + { + "product_name" : "InfoSphere Information Server on Cloud", + "version" : { + "version_data" : [ + { + "version_value" : "11.5" + }, + { + "version_value" : "11.7" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "AV" : "N", + "I" : "H", + "S" : "C", + "PR" : "N", + "C" : "N", + "AC" : "L", + "A" : "N", + "SCORE" : "7.400", + "UI" : "R" + } + } + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738911", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10738911", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 738911 (InfoSphere Information Governance Catalog)" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151639", + "name" : "ibm-infosphere-cve20181875-open-redirect (151639)", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_format" : "MITRE" } diff --git a/2018/1xxx/CVE-2018-1899.json b/2018/1xxx/CVE-2018-1899.json index b95b108ba2f..3b239746927 100644 --- a/2018/1xxx/CVE-2018-1899.json +++ b/2018/1xxx/CVE-2018-1899.json @@ -1,17 +1,95 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1899", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "InfoSphere Information Server", + "version" : { + "version_data" : [ + { + "version_value" : "11.3" + }, + { + "version_value" : "11.5" + }, + { + "version_value" : "11.7" + } + ] + } + } + ] + } + } + ] + } + }, + "data_type" : "CVE", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528.", + "lang" : "eng" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Access", + "lang" : "eng" + } + ] + } + ] + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "ID" : "CVE-2018-1899", + "DATE_PUBLIC" : "2019-02-01T00:00:00" + }, + "impact" : { + "cvssv3" : { + "BM" : { + "PR" : "N", + "S" : "U", + "UI" : "N", + "SCORE" : "4.300", + "AC" : "L", + "A" : "N", + "C" : "N", + "I" : "L", + "AV" : "A" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10744029", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744029", + "title" : "IBM Security Bulletin 744029 (InfoSphere Information Server)" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152528", + "name" : "ibm-infosphere-cve20181899-improper-access (152528)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" } ] } diff --git a/2018/1xxx/CVE-2018-1937.json b/2018/1xxx/CVE-2018-1937.json index e8d442b066a..67bff6fbb23 100644 --- a/2018/1xxx/CVE-2018-1937.json +++ b/2018/1xxx/CVE-2018-1937.json @@ -1,17 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1937", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317." + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "3.1.1" + } + ] + }, + "product_name" : "Cloud Private" + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-03-02T00:00:00", + "ID" : "CVE-2018-1937", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + }, + "BM" : { + "PR" : "H", + "S" : "U", + "AC" : "L", + "C" : "H", + "A" : "N", + "UI" : "N", + "SCORE" : "4.400", + "AV" : "L", + "I" : "N" + } + } + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 871766 (Cloud Private)", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10871766", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10871766", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "name" : "ibm-cloud-cve20181937-info-disc (153317)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153317", + "title" : "X-Force Vulnerability Report" } ] } diff --git a/2018/1xxx/CVE-2018-1938.json b/2018/1xxx/CVE-2018-1938.json index 7d3a014ebb1..e93209ce929 100644 --- a/2018/1xxx/CVE-2018-1938.json +++ b/2018/1xxx/CVE-2018-1938.json @@ -1,18 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1938", - "STATE" : "RESERVED" - }, "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10871770", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10871770", + "title" : "IBM Security Bulletin 871770 (Cloud Private)" + }, + { + "name" : "ibm-cloud-cve20181938-info-disc (153318)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153318", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "AC" : "L", + "A" : "N", + "C" : "H", + "SCORE" : "4.400", + "UI" : "N", + "PR" : "H", + "S" : "U", + "AV" : "L", + "I" : "N" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Cloud Private", + "version" : { + "version_data" : [ + { + "version_value" : "3.1.1" + } + ] + } + } + ] + } + } + ] + } + }, "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318." } ] - } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-03-02T00:00:00", + "ID" : "CVE-2018-1938", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "data_version" : "4.0" } diff --git a/2018/1xxx/CVE-2018-1939.json b/2018/1xxx/CVE-2018-1939.json index 0c99e8c8672..0de5a7450a6 100644 --- a/2018/1xxx/CVE-2018-1939.json +++ b/2018/1xxx/CVE-2018-1939.json @@ -1,17 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1939", - "STATE" : "RESERVED" + "impact" : { + "cvssv3" : { + "BM" : { + "I" : "H", + "AV" : "N", + "PR" : "L", + "S" : "C", + "A" : "N", + "AC" : "L", + "C" : "N", + "SCORE" : "6.800", + "UI" : "R" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10871652", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10871652", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 871652 (Cloud Private)" + }, + { + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153319", + "name" : "ibm-cloud-cve20181939-open-redirect (153319)" + } + ] }, "data_format" : "MITRE", - "data_type" : "CVE", "data_version" : "4.0", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2018-1939", + "DATE_PUBLIC" : "2019-03-02T00:00:00", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cloud Private", + "version" : { + "version_data" : [ + { + "version_value" : "3.1.1" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, + "data_type" : "CVE", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319.", + "lang" : "eng" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Access", + "lang" : "eng" + } + ] } ] } diff --git a/2019/4xxx/CVE-2019-4027.json b/2019/4xxx/CVE-2019-4027.json index b8c2d4f242c..084cc9532f6 100644 --- a/2019/4xxx/CVE-2019-4027.json +++ b/2019/4xxx/CVE-2019-4027.json @@ -1,18 +1,93 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "DATE_PUBLIC" : "2019-02-28T00:00:00", "ID" : "CVE-2019-4027", - "STATE" : "RESERVED" + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.2.0.1" + }, + { + "version_value" : "6.0.0.0" + } + ] + }, + "product_name" : "Sterling B2B Integrator" + } + ] + } + } + ] + } }, - "data_format" : "MITRE", "data_type" : "CVE", - "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Cross-Site Scripting", + "lang" : "eng" + } + ] + } + ] + }, "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 155905." } ] + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 874246 (Sterling B2B Integrator)" + }, + { + "name" : "ibm-sterling-cve20194027-xss (155905)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155905", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "UI" : "R", + "SCORE" : "5.400", + "AC" : "L", + "A" : "N", + "C" : "L", + "S" : "C", + "PR" : "L", + "I" : "L", + "AV" : "N" + } + } } } diff --git a/2019/4xxx/CVE-2019-4028.json b/2019/4xxx/CVE-2019-4028.json index 398d4da626e..db2ab4ddc68 100644 --- a/2019/4xxx/CVE-2019-4028.json +++ b/2019/4xxx/CVE-2019-4028.json @@ -1,18 +1,93 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "STATE" : "PUBLIC", "ID" : "CVE-2019-4028", - "STATE" : "RESERVED" + "DATE_PUBLIC" : "2019-02-28T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Cross-Site Scripting", + "lang" : "eng" + } + ] + } + ] }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155906." } ] + }, + "data_type" : "CVE", + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.2.0.1" + }, + { + "version_value" : "6.0.0.0" + } + ] + }, + "product_name" : "Sterling B2B Integrator" + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 874246 (Sterling B2B Integrator)" + }, + { + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155906", + "name" : "ibm-sterling-cve20194028-xss (155906)", + "refsource" : "XF" + } + ] + }, + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "BM" : { + "AV" : "N", + "I" : "L", + "S" : "C", + "PR" : "L", + "AC" : "L", + "C" : "L", + "A" : "N", + "UI" : "R", + "SCORE" : "5.400" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "H" + } + } } } diff --git a/2019/4xxx/CVE-2019-4029.json b/2019/4xxx/CVE-2019-4029.json index e8d5d548ce7..ecd74ab8575 100644 --- a/2019/4xxx/CVE-2019-4029.json +++ b/2019/4xxx/CVE-2019-4029.json @@ -1,18 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4029", - "STATE" : "RESERVED" + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "H", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "I" : "L", + "AV" : "N", + "SCORE" : "5.400", + "UI" : "R", + "A" : "N", + "C" : "L", + "AC" : "L", + "PR" : "L", + "S" : "C" + } + } + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 874246 (Sterling B2B Integrator)", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155907", + "name" : "ibm-sterling-cve20194029-xss (155907)", + "title" : "X-Force Vulnerability Report" + } + ] }, "data_format" : "MITRE", - "data_type" : "CVE", "data_version" : "4.0", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-02-28T00:00:00", + "ID" : "CVE-2019-4029", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 155907.", + "lang" : "eng" } ] - } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Sterling B2B Integrator", + "version" : { + "version_data" : [ + { + "version_value" : "5.2.0.1" + }, + { + "version_value" : "6.0.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "data_type" : "CVE" } diff --git a/2019/4xxx/CVE-2019-4032.json b/2019/4xxx/CVE-2019-4032.json index 6b497d76031..a7ad7a59b0e 100644 --- a/2019/4xxx/CVE-2019-4032.json +++ b/2019/4xxx/CVE-2019-4032.json @@ -1,18 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4032", - "STATE" : "RESERVED" + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Data Manipulation", + "lang" : "eng" + } + ] + } + ] }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998." } ] + }, + "data_type" : "CVE", + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Financial Transaction Manager", + "version" : { + "version_data" : [ + { + "version_value" : "3.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-01-31T00:00:00", + "ID" : "CVE-2019-4032", + "STATE" : "PUBLIC" + }, + "data_version" : "4.0", + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10869520", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10869520", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 869520 (Financial Transaction Manager)" + }, + { + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-ftm-cve20194032-sql-injection (155998)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155998" + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "AV" : "N", + "I" : "L", + "S" : "U", + "PR" : "L", + "SCORE" : "6.300", + "UI" : "N", + "AC" : "L", + "A" : "L", + "C" : "L" + } + } } } diff --git a/2019/4xxx/CVE-2019-4063.json b/2019/4xxx/CVE-2019-4063.json index 76041d8c37e..55792a3b080 100644 --- a/2019/4xxx/CVE-2019-4063.json +++ b/2019/4xxx/CVE-2019-4063.json @@ -1,18 +1,93 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-4063", - "STATE" : "RESERVED" + "DATE_PUBLIC" : "2019-02-28T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the middle techniques. IBM X-ForceID: 157008.", + "lang" : "eng" } ] + }, + "data_type" : "CVE", + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Sterling B2B Integrator", + "version" : { + "version_data" : [ + { + "version_value" : "5.2.0.1" + }, + { + "version_value" : "6.0.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 874234 (Sterling B2B Integrator)", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874234", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874234", + "refsource" : "CONFIRM" + }, + { + "title" : "X-Force Vulnerability Report", + "name" : "ibm-sterling-cve20194063-info-disc (157008)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157008", + "refsource" : "XF" + } + ] + }, + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "S" : "U", + "PR" : "N", + "AC" : "H", + "A" : "N", + "C" : "H", + "UI" : "N", + "SCORE" : "5.900", + "I" : "N", + "AV" : "N" + } + } } }