admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2017-11-01 17:04:10 -04:00
parent 33ff067511
commit 489fe17e62
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
12 changed files with 380 additions and 400 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
2016/3xxx/CVE-2016-3048.json
View File

@ -1,49 +1,14 @@
{
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711."
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "IBM Security Bulletin 1997685 (OpenPages GRC Platform)",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21997685"
},
{
"name" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/114711"
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2016-3048",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-10-27T00:00:00"
"DATE_PUBLIC" : "2017-10-27T00:00:00",
"ID" : "CVE-2016-3048",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -63,10 +28,43 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_type" : "CVE"
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/114711"
},
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21997685"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000121.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.332815",
"ID": "CVE-2017-1000121",
"REQUESTER": "mcatanzaro@igalia.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebKit",
"version": {
"version_data": [
{
"version_value": "WebKitGTK+ prior to 2.16.3"
}
]
}
}
]
},
"vendor_name": "WebKit"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.332815",
"ID" : "CVE-2017-1000121",
"REQUESTER" : "mcatanzaro@igalia.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WebKit",
"version" : {
"version_data" : [
{
"version_value" : "WebKitGTK+ prior to 2.16.3"
}
]
}
}
]
},
"vendor_name" : "WebKit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer Overflow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://trac.webkit.org/changeset/217126/webkit"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://trac.webkit.org/changeset/217126/webkit"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000122.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.333826",
"ID": "CVE-2017-1000122",
"REQUESTER": "mcatanzaro@igalia.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebKit",
"version": {
"version_data": [
{
"version_value": "WebKitGTK+ prior to 2.16.3"
}
]
}
}
]
},
"vendor_name": "WebKit"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.333826",
"ID" : "CVE-2017-1000122",
"REQUESTER" : "mcatanzaro@igalia.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WebKit",
"version" : {
"version_data" : [
{
"version_value" : "WebKitGTK+ prior to 2.16.3"
}
]
}
}
]
},
"vendor_name" : "WebKit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient input validation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://trac.webkit.org/changeset/217206"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://trac.webkit.org/changeset/217206"
}
]
}
}

40
2017/1xxx/CVE-2017-1147.json
View File

@ -1,17 +1,14 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122200."
}
]
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-10-27T00:00:00",
"ID" : "CVE-2017-1147",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -31,12 +28,23 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122200."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
@ -49,23 +57,13 @@
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2017-10-27T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1147"
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21997685",
"name" : "IBM Security Bulletin 1997685 (OpenPages GRC Platform)"
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/122200"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/122200",
"name" : "X-Force Vulnerability Report"
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21997685"
}
]
}

40
2017/1xxx/CVE-2017-1148.json
View File

@ -1,16 +1,9 @@
{
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"name" : "IBM Security Bulletin 2009717 (OpenPages GRC Platform)",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009717"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/122201",
"name" : "X-Force Vulnerability Report"
}
]
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-10-27T00:00:00",
"ID" : "CVE-2017-1148",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
@ -38,22 +31,17 @@
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2017-1148",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-10-27T00:00:00",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201."
"value" : "IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201."
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
@ -65,5 +53,15 @@
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/122201"
},
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009717"
}
]
}
}

24
2017/1xxx/CVE-2017-1290.json
View File

@ -1,20 +1,18 @@
{
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2017-10-27T00:00:00",
"ID" : "CVE-2017-1290",
"DATE_PUBLIC" : "2017-10-27T00:00:00"
"STATE" : "PUBLIC"
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "OpenPages GRC Platform",
"version" : {
"version_data" : [
{
@ -27,21 +25,23 @@
"version_value" : "7.3"
}
]
},
"product_name" : "OpenPages GRC Platform"
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151."
"value" : "IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151."
}
]
},
@ -60,12 +60,10 @@
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009770",
"name" : "IBM Security Bulletin 2009770 (OpenPages GRC Platform)"
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125151"
},
{
"name" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125151"
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009770"
}
]
}

42
2017/1xxx/CVE-2017-1300.json
View File

@ -1,17 +1,14 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162.",
"lang" : "eng"
}
]
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-10-27T00:00:00",
"ID" : "CVE-2017-1300",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -31,11 +28,23 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
@ -48,24 +57,13 @@
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2017-1300",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2017-10-27T00:00:00"
},
"data_type" : "CVE",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "IBM Security Bulletin 2009684 (OpenPages GRC Platform)",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009684"
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125162"
},
{
"name" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125162"
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009684"
}
]
}

48
2017/1xxx/CVE-2017-1333.json
View File

@ -1,6 +1,10 @@
{
"data_version" : "4.0",
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-10-27T00:00:00",
"ID" : "CVE-2017-1333",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
@ -8,6 +12,7 @@
"product" : {
"product_data" : [
{
"product_name" : "OpenPages GRC Platform",
"version" : {
"version_data" : [
{
@ -20,8 +25,7 @@
"version_value" : "7.3"
}
]
},
"product_name" : "OpenPages GRC Platform"
}
}
]
},
@ -30,29 +34,14 @@
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2017-10-27T00:00:00",
"ID" : "CVE-2017-1333"
},
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21997796",
"name" : "IBM Security Bulletin 1997796 (OpenPages GRC Platform)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126241",
"name" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241.",
"lang" : "eng"
"lang" : "eng",
"value" : "IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241."
}
]
},
@ -68,5 +57,14 @@
}
]
},
"data_type" : "CVE"
"references" : {
"reference_data" : [
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126241"
},
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21997796"
}
]
}
}

54
2017/1xxx/CVE-2017-1340.json
View File

@ -1,38 +1,14 @@
{
"data_version" : "4.0",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009973",
"name" : "IBM Security Bulletin 2009973 (Jazz Reporting Service)"
},
{
"name" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126455"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report bulder interacts with. IBM X-Force ID: 126455.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2017-1340",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-10-26T00:00:00"
"DATE_PUBLIC" : "2017-10-26T00:00:00",
"ID" : "CVE-2017-1340",
"STATE" : "PUBLIC"
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -46,11 +22,23 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report bulder interacts with. IBM X-Force ID: 126455."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
@ -62,5 +50,15 @@
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126455"
},
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009973"
}
]
}
}

44
2017/1xxx/CVE-2017-1552.json
View File

@ -1,10 +1,14 @@
{
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-10-25T00:00:00",
"ID" : "CVE-2017-1552",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -21,11 +25,23 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 131396."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
@ -38,31 +54,13 @@
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009192",
"name" : "IBM Security Bulletin 2009192 (BigInsights)"
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131396"
},
{
"name" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131396"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2017-10-25T00:00:00",
"ID" : "CVE-2017-1552"
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 131396."
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009192"
}
]
}

94
2017/1xxx/CVE-2017-1553.json
View File

@ -1,22 +1,47 @@
{
"references" : {
"reference_data" : [
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-10-25T00:00:00",
"ID" : "CVE-2017-1553",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BigInsights",
"version" : {
"version_data" : [
{
"version_value" : "4.2.0"
},
{
"version_value" : "4.2.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"name" : "IBM Security Bulletin 2009192 (BigInsights)",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009192"
},
{
"name" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131397"
"lang" : "eng",
"value" : "IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131397."
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2017-1553",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-10-25T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
@ -29,41 +54,14 @@
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "4.2.0"
},
{
"version_value" : "4.2.5"
}
]
},
"product_name" : "BigInsights"
}
]
}
}
]
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
"references" : {
"reference_data" : [
{
"value" : "IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131397.",
"lang" : "eng"
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131397"
},
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009192"
}
]
},
"data_type" : "CVE"
}
}

80
2017/1xxx/CVE-2017-1554.json
View File

@ -1,44 +1,14 @@
{
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "IBM Security Bulletin 2009192 (BigInsights)",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009192"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131398",
"name" : "X-Force Vulnerability Report"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131398."
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-10-25T00:00:00",
"ID" : "CVE-2017-1554",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -55,15 +25,43 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2017-1554",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-10-25T00:00:00"
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131398."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131398"
},
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009192"
}
]
}
}