From bb76c82969a58129f08055ca20d79a04fe1d10ee Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Fri, 6 May 2022 11:51:58 -0400 Subject: [PATCH] IBM20220506-115158 Added CVE-2021-39023, CVE-2021-39027 --- 2021/39xxx/CVE-2021-39023.json | 105 ++++++++++++++++++++++++++++----- 2021/39xxx/CVE-2021-39027.json | 105 ++++++++++++++++++++++++++++----- 2 files changed, 180 insertions(+), 30 deletions(-) diff --git a/2021/39xxx/CVE-2021-39023.json b/2021/39xxx/CVE-2021-39023.json index 0c3ac2b3cc8..2c59daf92e0 100644 --- a/2021/39xxx/CVE-2021-39023.json +++ b/2021/39xxx/CVE-2021-39023.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-39023", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "4.0.0" + }, + { + "version_value" : "5.0.0" + } + ] + }, + "product_name" : "Guardium Data Encryption" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2022-05-05T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2021-39023" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "AC" : "L", + "UI" : "N", + "AV" : "N", + "C" : "L", + "I" : "N", + "S" : "U", + "PR" : "H", + "SCORE" : "2.700", + "A" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "data_version" : "4.0", + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "value" : "IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860.", + "lang" : "eng" + } + ] + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6582473", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/6582473", + "title" : "IBM Security Bulletin 6582473 (Guardium Data Encryption)" + }, + { + "title" : "X-Force Vulnerability Report", + "name" : "ibm-guardium-cve202139023-info-disc (213860)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/213860" + } + ] + } +} diff --git a/2021/39xxx/CVE-2021-39027.json b/2021/39xxx/CVE-2021-39027.json index f83b456614c..f2e604b5c52 100644 --- a/2021/39xxx/CVE-2021-39027.json +++ b/2021/39xxx/CVE-2021-39027.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-39027", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "N", + "S" : "C", + "I" : "L", + "AC" : "H", + "UI" : "R", + "AV" : "N", + "SCORE" : "3.000", + "A" : "N", + "PR" : "L" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Bypass Security" + } + ] + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2021-39027", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2022-05-05T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "4.0.0" + }, + { + "version_value" : "5.0.0" + } + ] + }, + "product_name" : "Guardium Data Encryption" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6582499 (Guardium Data Encryption)", + "name" : "https://www.ibm.com/support/pages/node/6582499", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/6582499" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/213865", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-guardium-cve202139027-sec-bypass (213865)" + } + ] + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "value" : "IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE" +}