From 51c59f928450c4dcc6ad89452e23334d347910c9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 30 Nov 2018 10:05:41 -0500 Subject: [PATCH] - Synchronized data. --- 2018/1xxx/CVE-2018-1897.json | 70 +++++++++++++-------------- 2018/1xxx/CVE-2018-1927.json | 86 ++++++++++++++++----------------- 2018/1xxx/CVE-2018-1928.json | 92 ++++++++++++++++++------------------ 3 files changed, 121 insertions(+), 127 deletions(-) diff --git a/2018/1xxx/CVE-2018-1897.json b/2018/1xxx/CVE-2018-1897.json index 020c37e895e..aad9585cbf5 100644 --- a/2018/1xxx/CVE-2018-1897.json +++ b/2018/1xxx/CVE-2018-1897.json @@ -1,5 +1,10 @@ { - "data_format" : "MITRE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-11-27T00:00:00", + "ID" : "CVE-2018-1897", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ @@ -7,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "DB2 for Linux, UNIX and Windows", "version" : { "version_data" : [ { @@ -22,8 +28,7 @@ "version_value" : "11.1" } ] - }, - "product_name" : "DB2 for Linux, UNIX and Windows" + } } ] }, @@ -32,68 +37,61 @@ ] } }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10737295", - "title" : "IBM Security Bulletin 737295 (DB2 for Linux, UNIX and Windows)", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10737295" - }, - { - "refsource" : "XF", - "name" : "ibm-db2-cve20181897-bo (152462)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152462" - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2018-1897", - "DATE_PUBLIC" : "2018-11-27T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462." + "value" : "IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462." } ] }, - "data_type" : "CVE", "impact" : { "cvssv3" : { "BM" : { - "AC" : "L", "A" : "H", - "UI" : "N", + "AC" : "L", "AV" : "L", "C" : "H", - "SCORE" : "8.400", - "S" : "U", + "I" : "H", "PR" : "N", - "I" : "H" + "S" : "U", + "SCORE" : "8.400", + "UI" : "N" }, "TM" : { - "RC" : "C", "E" : "U", + "RC" : "C", "RL" : "O" } } }, - "data_version" : "4.0", "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Gain Privileges", - "lang" : "eng" + "lang" : "eng", + "value" : "Gain Privileges" } ] } ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10737295", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10737295" + }, + { + "name" : "ibm-db2-cve20181897-bo(152462)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152462" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1927.json b/2018/1xxx/CVE-2018-1927.json index 8755ea2a4ce..316432c0d88 100644 --- a/2018/1xxx/CVE-2018-1927.json +++ b/2018/1xxx/CVE-2018-1927.json @@ -5,30 +5,6 @@ "ID" : "CVE-2018-1927", "STATE" : "PUBLIC" }, - "description" : { - "description_data" : [ - { - "value" : "IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10741605", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10741605", - "title" : "IBM Security Bulletin 741605 (StoredIQ)" - }, - { - "name" : "ibm-storeiq-cve20181927-csrf (153118)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153118", - "refsource" : "XF" - } - ] - }, "affects" : { "vendor" : { "vendor_data" : [ @@ -53,6 +29,36 @@ } }, "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "N", + "I" : "H", + "PR" : "N", + "S" : "U", + "SCORE" : "6.500", + "UI" : "R" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { @@ -65,26 +71,18 @@ } ] }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "SCORE" : "6.500", - "S" : "U", - "I" : "H", - "PR" : "N", - "C" : "N", - "AV" : "N", - "AC" : "L", - "A" : "N", - "UI" : "R" + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10741605", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10741605" }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" + { + "name" : "ibm-storeiq-cve20181927-csrf(153118)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153118" } - } - }, - "data_type" : "CVE" + ] + } } diff --git a/2018/1xxx/CVE-2018-1928.json b/2018/1xxx/CVE-2018-1928.json index 0c34e09d488..9eda4924f5b 100644 --- a/2018/1xxx/CVE-2018-1928.json +++ b/2018/1xxx/CVE-2018-1928.json @@ -1,38 +1,10 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "A" : "N", - "UI" : "N", - "AC" : "H", - "AV" : "L", - "C" : "H", - "SCORE" : "6.700", - "S" : "U", - "PR" : "N", - "I" : "H" - } - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-11-28T00:00:00", + "ID" : "CVE-2018-1928", + "STATE" : "PUBLIC" }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } - ] - } - ] - }, - "data_version" : "4.0", "affects" : { "vendor" : { "vendor_data" : [ @@ -57,33 +29,59 @@ } }, "data_format" : "MITRE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2018-11-28T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1928", - "STATE" : "PUBLIC" - }, + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119." + "value" : "IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "H", + "AV" : "L", + "C" : "H", + "I" : "H", + "PR" : "N", + "S" : "U", + "SCORE" : "6.700", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] } ] }, "references" : { "reference_data" : [ { - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10741611", - "title" : "IBM Security Bulletin 741611 (StoredIQ)", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10741611", - "refsource" : "CONFIRM" + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10741611" }, { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153119", - "name" : "ibm-storeiq-cve20181928-priv-escalation (153119)", - "refsource" : "XF" + "name" : "ibm-storeiq-cve20181928-priv-escalation(153119)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153119" } ] }