admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-07-14 17:00:50 +00:00
parent d6f9cab625
commit 4e524fb395
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 794 additions and 776 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

186
2021/39xxx/CVE-2021-39015.json
View File

@ -1,96 +1,96 @@
{
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "5.400",
"UI" : "R",
"I" : "L",
"PR" : "L",
"C" : "L",
"AC" : "L",
"S" : "C",
"A" : "N",
"AV" : "N"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6603333",
"name" : "https://www.ibm.com/support/pages/node/6603333",
"title" : "IBM Security Bulletin 6603333 (Engineering Lifecycle Optimization Publishing)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/213655",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-engineering-cve202139015-xss (213655)"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2021-39015",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-07-13T00:00:00"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Engineering Lifecycle Optimization Publishing"
}
]
}
"lang": "eng",
"value": "IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655."
}
]
}
}
}
]
},
"impact": {
"cvssv3": {
"BM": {
"SCORE": "5.400",
"UI": "R",
"I": "L",
"PR": "L",
"C": "L",
"AC": "L",
"S": "C",
"A": "N",
"AV": "N"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6603333",
"name": "https://www.ibm.com/support/pages/node/6603333",
"title": "IBM Security Bulletin 6603333 (Engineering Lifecycle Optimization Publishing)"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213655",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-engineering-cve202139015-xss (213655)"
}
]
},
"data_format": "MITRE",
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"CVE_data_meta": {
"ID": "CVE-2021-39015",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-13T00:00:00"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Engineering Lifecycle Optimization Publishing"
}
]
}
}
]
}
}
}

198
2021/39xxx/CVE-2021-39016.json
View File

@ -1,102 +1,102 @@
{
"data_format" : "MITRE",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Bypass Security",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2021-39016",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-07-13T00:00:00"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Engineering Lifecycle Optimization Publishing"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Bypass Security",
"lang": "eng"
}
]
}
]
}
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "L",
"C" : "N",
"I" : "L",
"UI" : "N",
"SCORE" : "4.300",
"S" : "U",
"AC" : "L",
"A" : "N",
"AV" : "N"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6603335 (Engineering Lifecycle Optimization Publishing)",
"name" : "https://www.ibm.com/support/pages/node/6603335",
"url" : "https://www.ibm.com/support/pages/node/6603335",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-engineering-cve202139016-sec-bypass (213722)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/213722"
}
]
}
}
]
},
"CVE_data_meta": {
"ID": "CVE-2021-39016",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-13T00:00:00"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Engineering Lifecycle Optimization Publishing"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"PR": "L",
"C": "N",
"I": "L",
"UI": "N",
"SCORE": "4.300",
"S": "U",
"AC": "L",
"A": "N",
"AV": "N"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6603335 (Engineering Lifecycle Optimization Publishing)",
"name": "https://www.ibm.com/support/pages/node/6603335",
"url": "https://www.ibm.com/support/pages/node/6603335",
"refsource": "CONFIRM"
},
{
"name": "ibm-engineering-cve202139016-sec-bypass (213722)",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213722"
}
]
}
}

200
2021/39xxx/CVE-2021-39017.json
View File

@ -1,102 +1,102 @@
{
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "H",
"C" : "N",
"PR" : "L",
"UI" : "R",
"SCORE" : "5.700",
"A" : "N",
"AV" : "N",
"S" : "U",
"AC" : "L"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725."
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6603341",
"name" : "https://www.ibm.com/support/pages/node/6603341",
"title" : "IBM Security Bulletin 6603341 (Engineering Lifecycle Optimization Publishing)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/213725",
"name" : "ibm-engineering-cve202139017-file-upload (213725)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2022-07-13T00:00:00",
"ID" : "CVE-2021-39017"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Engineering Lifecycle Optimization Publishing",
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
}
]
}
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"I": "H",
"C": "N",
"PR": "L",
"UI": "R",
"SCORE": "5.700",
"A": "N",
"AV": "N",
"S": "U",
"AC": "L"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
]
}
}
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6603341",
"name": "https://www.ibm.com/support/pages/node/6603341",
"title": "IBM Security Bulletin 6603341 (Engineering Lifecycle Optimization Publishing)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213725",
"name": "ibm-engineering-cve202139017-file-upload (213725)",
"title": "X-Force Vulnerability Report"
}
]
},
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2022-07-13T00:00:00",
"ID": "CVE-2021-39017"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization Publishing",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
}
}
]
}
}
}

198
2021/39xxx/CVE-2021-39018.json
View File

@ -1,102 +1,102 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6603345",
"title" : "IBM Security Bulletin 6603345 (Engineering Lifecycle Optimization Publishing)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6603345"
},
{
"name" : "ibm-engineering-cve202139018-info-disc (213726)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/213726"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"PR" : "L",
"C" : "L",
"I" : "N",
"SCORE" : "4.300",
"UI" : "N",
"S" : "U",
"AC" : "L",
"AV" : "N",
"A" : "N"
}
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2021-39018",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-07-13T00:00:00"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Engineering Lifecycle Optimization Publishing"
}
]
}
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726.",
"lang": "eng"
}
]
}
},
"data_type" : "CVE",
"data_format" : "MITRE"
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6603345",
"title": "IBM Security Bulletin 6603345 (Engineering Lifecycle Optimization Publishing)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6603345"
},
{
"name": "ibm-engineering-cve202139018-info-disc (213726)",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213726"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"PR": "L",
"C": "L",
"I": "N",
"SCORE": "4.300",
"UI": "N",
"S": "U",
"AC": "L",
"AV": "N",
"A": "N"
}
}
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"CVE_data_meta": {
"ID": "CVE-2021-39018",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-13T00:00:00"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Engineering Lifecycle Optimization Publishing"
}
]
}
}
]
}
},
"data_type": "CVE",
"data_format": "MITRE"
}

198
2021/39xxx/CVE-2021-39019.json
View File

@ -1,102 +1,102 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AV" : "N",
"AC" : "L",
"S" : "U",
"C" : "H",
"PR" : "L",
"I" : "N",
"SCORE" : "6.500",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6603355",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6603355 (Engineering Lifecycle Optimization Publishing)",
"name" : "https://www.ibm.com/support/pages/node/6603355"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/213728",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-engineering-cve202139019-info-disc (213728)"
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-07-13T00:00:00",
"ID" : "CVE-2021-39019"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Engineering Lifecycle Optimization Publishing",
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728.",
"lang": "eng"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AV": "N",
"AC": "L",
"S": "U",
"C": "H",
"PR": "L",
"I": "N",
"SCORE": "6.500",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6603355",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6603355 (Engineering Lifecycle Optimization Publishing)",
"name": "https://www.ibm.com/support/pages/node/6603355"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213728",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-engineering-cve202139019-info-disc (213728)"
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-13T00:00:00",
"ID": "CVE-2021-39019"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization Publishing",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE"
}

198
2021/39xxx/CVE-2021-39028.json
View File

@ -1,102 +1,102 @@
{
"data_type" : "CVE",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2021-39028",
"DATE_PUBLIC" : "2022-07-13T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Engineering Lifecycle Optimization Publishing",
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
}
]
}
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
}
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6603347",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6603347 (Engineering Lifecycle Optimization Publishing)",
"name" : "https://www.ibm.com/support/pages/node/6603347"
},
{
"name" : "ibm-engineering-cve202139028-header-injection (213866)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/213866"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"C" : "L",
"PR" : "L",
"I" : "L",
"UI" : "N",
"SCORE" : "5.400",
"A" : "N",
"AV" : "N",
"S" : "U",
"AC" : "L"
}
}
}
}
]
},
"CVE_data_meta": {
"ID": "CVE-2021-39028",
"DATE_PUBLIC": "2022-07-13T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization Publishing",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
}
}
]
}
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6603347",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6603347 (Engineering Lifecycle Optimization Publishing)",
"name": "https://www.ibm.com/support/pages/node/6603347"
},
{
"name": "ibm-engineering-cve202139028-header-injection (213866)",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213866"
}
]
},
"description": {
"description_data": [
{
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"C": "L",
"PR": "L",
"I": "L",
"UI": "N",
"SCORE": "5.400",
"A": "N",
"AV": "N",
"S": "U",
"AC": "L"
}
}
}
}

192
2022/22xxx/CVE-2022-22473.json
View File

@ -1,99 +1,99 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"UI" : "N",
"I" : "N",
"A" : "N",
"AC" : "H",
"PR" : "N",
"S" : "U",
"AV" : "N",
"SCORE" : "3.700",
"C" : "L"
}
}
},
"data_type" : "CVE",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6603421 (WebSphere Application Server)",
"url" : "https://www.ibm.com/support/pages/node/6603421",
"name" : "https://www.ibm.com/support/pages/node/6603421"
},
{
"refsource" : "XF",
"name" : "ibm-websphere-cve202222473-info-disc (225347)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/225347",
"title" : "X-Force Vulnerability Report"
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2022-22473",
"DATE_PUBLIC" : "2022-07-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "WebSphere Application Server",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.5"
},
{
"version_value" : "9.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
},
"data_version" : "4.0"
}
]
},
"description": {
"description_data": [
{
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"UI": "N",
"I": "N",
"A": "N",
"AC": "H",
"PR": "N",
"S": "U",
"AV": "N",
"SCORE": "3.700",
"C": "L"
}
}
},
"data_type": "CVE",
"data_format": "MITRE",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6603421 (WebSphere Application Server)",
"url": "https://www.ibm.com/support/pages/node/6603421",
"name": "https://www.ibm.com/support/pages/node/6603421"
},
{
"refsource": "XF",
"name": "ibm-websphere-cve202222473-info-disc (225347)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225347",
"title": "X-Force Vulnerability Report"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2022-22473",
"DATE_PUBLIC": "2022-07-13T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_version": "4.0"
}

182
2022/22xxx/CVE-2022-22477.json
View File

@ -1,93 +1,93 @@
{
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.5"
},
{
"version_value" : "9.0"
}
]
},
"product_name" : "WebSphere Application Server"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2022-22477",
"DATE_PUBLIC" : "2022-07-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6603417",
"url" : "https://www.ibm.com/support/pages/node/6603417",
"title" : "IBM Security Bulletin 6603417 (WebSphere Application Server)",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"name" : "ibm-websphere-cve202222477-xss (225605)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/225605"
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "L",
"AV" : "N",
"S" : "C",
"SCORE" : "6.100",
"PR" : "N",
"AC" : "L",
"A" : "N",
"I" : "L",
"UI" : "R"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
},
"product_name": "WebSphere Application Server"
}
]
},
"vendor_name": "IBM"
}
]
}
]
}
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2022-22477",
"DATE_PUBLIC": "2022-07-13T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6603417",
"url": "https://www.ibm.com/support/pages/node/6603417",
"title": "IBM Security Bulletin 6603417 (WebSphere Application Server)",
"refsource": "CONFIRM"
},
{
"refsource": "XF",
"name": "ibm-websphere-cve202222477-xss (225605)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225605"
}
]
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"C": "L",
"AV": "N",
"S": "C",
"SCORE": "6.100",
"PR": "N",
"AC": "L",
"A": "N",
"I": "L",
"UI": "R"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
}
}

18
2022/35xxx/CVE-2022-35868.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35868",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}