admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-12-09 23:01:07 +00:00
parent db723efac5
commit 513d560dee
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
4 changed files with 361 additions and 361 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2019/4xxx/CVE-2019-4428.json
View File

@ -1,93 +1,93 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"I" : "L",
"UI" : "R",
"S" : "C",
"A" : "N",
"C" : "L",
"AC" : "L",
"SCORE" : "5.400",
"PR" : "L",
"AV" : "N"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162807."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.0.0"
},
{
"version_value" : "1.3.0"
}
]
},
"product_name" : "Watson Assistant for IBM Cloud Pak for Data"
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
},
"BM": {
"I": "L",
"UI": "R",
"S": "C",
"A": "N",
"C": "L",
"AC": "L",
"SCORE": "5.400",
"PR": "L",
"AV": "N"
}
]
}
},
"data_format" : "MITRE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1125585",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 1125585 (Watson Assistant for IBM Cloud Pak for Data)",
"name" : "https://www.ibm.com/support/pages/node/1125585"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162807",
"refsource" : "XF",
"name" : "ibm-wdc-cve20194428-xss (162807)",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162807."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.0.0"
},
{
"version_value": "1.3.0"
}
]
},
"product_name": "Watson Assistant for IBM Cloud Pak for Data"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2019-4428",
"DATE_PUBLIC" : "2019-12-06T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
}
}
}
},
"data_format": "MITRE",
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/1125585",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1125585 (Watson Assistant for IBM Cloud Pak for Data)",
"name": "https://www.ibm.com/support/pages/node/1125585"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162807",
"refsource": "XF",
"name": "ibm-wdc-cve20194428-xss (162807)",
"title": "X-Force Vulnerability Report"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"ID": "CVE-2019-4428",
"DATE_PUBLIC": "2019-12-06T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
}
}

174
2019/4xxx/CVE-2019-4611.json
View File

@ -1,90 +1,90 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 1118565 (Planning Analytics)",
"name" : "https://www.ibm.com/support/pages/node/1118565",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/1118565"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/168519",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-planning-cve20194611-xss (168519)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2"
}
]
},
"product_name" : "Planning Analytics"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
}
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "L",
"AC" : "L",
"A" : "N",
"AV" : "N",
"PR" : "L",
"SCORE" : "5.400",
"S" : "C",
"I" : "L",
"UI" : "R"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "H"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-12-06T00:00:00",
"ID" : "CVE-2019-4611"
}
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 1118565 (Planning Analytics)",
"name": "https://www.ibm.com/support/pages/node/1118565",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/1118565"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168519",
"title": "X-Force Vulnerability Report",
"name": "ibm-planning-cve20194611-xss (168519)"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2"
}
]
},
"product_name": "Planning Analytics"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"C": "L",
"AC": "L",
"A": "N",
"AV": "N",
"PR": "L",
"SCORE": "5.400",
"S": "C",
"I": "L",
"UI": "R"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "H"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.",
"lang": "eng"
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-12-06T00:00:00",
"ID": "CVE-2019-4611"
}
}

174
2019/4xxx/CVE-2019-4612.json
View File

@ -1,90 +1,90 @@
{
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1118565",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1118565",
"title" : "IBM Security Bulletin 1118565 (Planning Analytics)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/168523",
"name" : "ibm-planning-cve20194612-file-upload (168523)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"S" : "U",
"UI" : "R",
"I" : "H",
"AV" : "N",
"SCORE" : "6.300",
"PR" : "L",
"C" : "L",
"AC" : "L",
"A" : "N"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2"
}
]
},
"product_name" : "Planning Analytics"
}
]
},
"vendor_name" : "IBM"
"url": "https://www.ibm.com/support/pages/node/1118565",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/1118565",
"title": "IBM Security Bulletin 1118565 (Planning Analytics)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168523",
"name": "ibm-planning-cve20194612-file-upload (168523)",
"title": "X-Force Vulnerability Report"
}
]
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4612",
"DATE_PUBLIC" : "2019-12-06T00:00:00"
},
"data_type" : "CVE"
}
]
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523."
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"S": "U",
"UI": "R",
"I": "H",
"AV": "N",
"SCORE": "6.300",
"PR": "L",
"C": "L",
"AC": "L",
"A": "N"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2"
}
]
},
"product_name": "Planning Analytics"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4612",
"DATE_PUBLIC": "2019-12-06T00:00:00"
},
"data_type": "CVE"
}

194
2019/4xxx/CVE-2019-4621.json
View File

@ -1,99 +1,99 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DataPower Gateway",
"version" : {
"version_data" : [
{
"version_value" : "7.6.0.0"
},
{
"version_value" : "2018.4.1.0"
},
{
"version_value" : "7.6.0.14"
},
{
"version_value" : "2018.4.1.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "H",
"UI" : "N",
"S" : "U",
"AV" : "N",
"SCORE" : "8.100",
"PR" : "N",
"C" : "H",
"AC" : "H",
"A" : "H"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Bypass Security"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DataPower Gateway",
"version": {
"version_data": [
{
"version_value": "7.6.0.0"
},
{
"version_value": "2018.4.1.0"
},
{
"version_value": "7.6.0.14"
},
{
"version_value": "2018.4.1.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1125615",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1125615",
"title" : "IBM Security Bulletin 1125615 (DataPower Gateway)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-mq-cve20194621-sec-bypass (168883)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/168883"
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-12-05T00:00:00",
"ID" : "CVE-2019-4621",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"data_type" : "CVE"
}
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"I": "H",
"UI": "N",
"S": "U",
"AV": "N",
"SCORE": "8.100",
"PR": "N",
"C": "H",
"AC": "H",
"A": "H"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/1125615",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/1125615",
"title": "IBM Security Bulletin 1125615 (DataPower Gateway)"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-mq-cve20194621-sec-bypass (168883)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168883"
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2019-12-05T00:00:00",
"ID": "CVE-2019-4621",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"data_type": "CVE"
}