diff --git a/2020/4xxx/CVE-2020-4909.json b/2020/4xxx/CVE-2020-4909.json index 1a23b0ec8b6..d866ada7e99 100644 --- a/2020/4xxx/CVE-2020-4909.json +++ b/2020/4xxx/CVE-2020-4909.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4909", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Cloud Pak System", + "version" : { + "version_data" : [ + { + "version_value" : "2.3" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273.", + "lang" : "eng" + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "AV" : "N", + "A" : "N", + "S" : "C", + "C" : "L", + "UI" : "R", + "SCORE" : "4.800", + "AC" : "L", + "PR" : "H", + "I" : "L" + }, + "TM" : { + "E" : "H", + "RL" : "O", + "RC" : "C" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6393554", + "name" : "https://www.ibm.com/support/pages/node/6393554", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6393554 (Cloud Pak System)" + }, + { + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191273", + "name" : "ibm-cps-cve20204909-xss (191273)", + "refsource" : "XF" + } + ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2021-01-02T00:00:00", + "ID" : "CVE-2020-4909", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "data_format" : "MITRE", + "data_version" : "4.0" +} diff --git a/2020/4xxx/CVE-2020-4910.json b/2020/4xxx/CVE-2020-4910.json index dc190e40bd9..afa2b30c161 100644 --- a/2020/4xxx/CVE-2020-4910.json +++ b/2020/4xxx/CVE-2020-4910.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4910", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.3" + } + ] + }, + "product_name" : "Cloud Pak System" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "S" : "C", + "C" : "L", + "SCORE" : "4.800", + "AC" : "L", + "UI" : "R", + "PR" : "H", + "I" : "L", + "AV" : "N", + "A" : "N" + }, + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Cross-Site Scripting", + "lang" : "eng" + } + ] + } + ] + }, + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6393554 (Cloud Pak System)", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/6393554", + "url" : "https://www.ibm.com/support/pages/node/6393554" + }, + { + "title" : "X-Force Vulnerability Report", + "name" : "ibm-cps-cve20204910-xss (191274)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191274" + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-01-02T00:00:00", + "ID" : "CVE-2020-4910" + }, + "data_format" : "MITRE", + "data_version" : "4.0" +} diff --git a/2020/4xxx/CVE-2020-4912.json b/2020/4xxx/CVE-2020-4912.json index 38ef210da17..44eae53acd9 100644 --- a/2020/4xxx/CVE-2020-4912.json +++ b/2020/4xxx/CVE-2020-4912.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4912", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6393554 (Cloud Pak System)", + "url" : "https://www.ibm.com/support/pages/node/6393554", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/6393554" + }, + { + "name" : "ibm-cps-cve20204912-priv-escalation (191287)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191287", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "ID" : "CVE-2020-4912", + "DATE_PUBLIC" : "2021-01-02T00:00:00" + }, + "data_version" : "4.0", + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "value" : "IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.", + "lang" : "eng" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Cloud Pak System", + "version" : { + "version_data" : [ + { + "version_value" : "2.3" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "A" : "L", + "AV" : "N", + "I" : "L", + "PR" : "H", + "SCORE" : "4.700", + "UI" : "N", + "AC" : "L", + "S" : "U", + "C" : "L" + } + } + } +} diff --git a/2020/4xxx/CVE-2020-4913.json b/2020/4xxx/CVE-2020-4913.json index dd23a1e226b..e9474b1b894 100644 --- a/2020/4xxx/CVE-2020-4913.json +++ b/2020/4xxx/CVE-2020-4913.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4913", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "value" : "IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.", + "lang" : "eng" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Cloud Pak System", + "version" : { + "version_data" : [ + { + "version_value" : "2.3" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "C" : "H", + "S" : "U", + "AC" : "L", + "SCORE" : "4.400", + "UI" : "N", + "I" : "N", + "PR" : "H", + "AV" : "L", + "A" : "N" + } + } + }, + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6393554 (Cloud Pak System)", + "name" : "https://www.ibm.com/support/pages/node/6393554", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/6393554" + }, + { + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191288", + "refsource" : "XF", + "name" : "ibm-cps-cve20204913-info-disc (191288)" + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-01-02T00:00:00", + "ID" : "CVE-2020-4913" + }, + "data_version" : "4.0", + "data_format" : "MITRE" +} diff --git a/2020/4xxx/CVE-2020-4916.json b/2020/4xxx/CVE-2020-4916.json index e94caedfd70..1cf5794bf97 100644 --- a/2020/4xxx/CVE-2020-4916.json +++ b/2020/4xxx/CVE-2020-4916.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4916", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-01-02T00:00:00", + "ID" : "CVE-2020-4916" + }, + "data_format" : "MITRE", + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Cross-Site Scripting", + "lang" : "eng" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6393554 (Cloud Pak System)", + "url" : "https://www.ibm.com/support/pages/node/6393554", + "name" : "https://www.ibm.com/support/pages/node/6393554", + "refsource" : "CONFIRM" + }, + { + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-cps-cve20204916-xss (191390)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191390" + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "H", + "RL" : "O" + }, + "BM" : { + "AV" : "N", + "A" : "N", + "S" : "C", + "C" : "L", + "PR" : "H", + "I" : "L", + "SCORE" : "5.500", + "UI" : "N", + "AC" : "L" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.3" + } + ] + }, + "product_name" : "Cloud Pak System" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.", + "lang" : "eng" + } + ] + } +} diff --git a/2020/4xxx/CVE-2020-4917.json b/2020/4xxx/CVE-2020-4917.json index 6a4287dbb77..da2cad0c6e7 100644 --- a/2020/4xxx/CVE-2020-4917.json +++ b/2020/4xxx/CVE-2020-4917.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4917", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "value" : "IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391.", + "lang" : "eng" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Cloud Pak System", + "version" : { + "version_data" : [ + { + "version_value" : "2.3" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "BM" : { + "AV" : "N", + "A" : "N", + "C" : "N", + "S" : "U", + "AC" : "L", + "SCORE" : "4.300", + "UI" : "R", + "I" : "L", + "PR" : "N" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Access", + "lang" : "eng" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6393554", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/6393554", + "title" : "IBM Security Bulletin 6393554 (Cloud Pak System)" + }, + { + "refsource" : "XF", + "name" : "ibm-cps-cve20204917-csrf (191391)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191391", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "ID" : "CVE-2020-4917", + "DATE_PUBLIC" : "2021-01-02T00:00:00" + }, + "data_version" : "4.0", + "data_format" : "MITRE" +} diff --git a/2020/4xxx/CVE-2020-4918.json b/2020/4xxx/CVE-2020-4918.json index 055fe3b5263..656869c8ee2 100644 --- a/2020/4xxx/CVE-2020-4918.json +++ b/2020/4xxx/CVE-2020-4918.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4918", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6393554", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/6393554", + "title" : "IBM Security Bulletin 6393554 (Cloud Pak System)" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191392", + "name" : "ibm-cps-cve20204918-info-disc (191392)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_version" : "4.0", + "data_format" : "MITRE", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-01-02T00:00:00", + "ID" : "CVE-2020-4918" + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392." + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.3" + } + ] + }, + "product_name" : "Cloud Pak System" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "A" : "N", + "AV" : "L", + "AC" : "L", + "SCORE" : "2.300", + "UI" : "N", + "PR" : "H", + "I" : "N", + "C" : "L", + "S" : "U" + } + } + } +} diff --git a/2020/4xxx/CVE-2020-4919.json b/2020/4xxx/CVE-2020-4919.json index 60bacfb7a89..dd0d7af09b5 100644 --- a/2020/4xxx/CVE-2020-4919.json +++ b/2020/4xxx/CVE-2020-4919.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4919", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6393554 (Cloud Pak System)", + "url" : "https://www.ibm.com/support/pages/node/6393554", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/6393554" + }, + { + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-cps-cve20204919-session-fixation (191395)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191395" + } + ] + }, + "data_format" : "MITRE", + "data_version" : "4.0", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "ID" : "CVE-2020-4919", + "DATE_PUBLIC" : "2021-01-02T00:00:00" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.3" + } + ] + }, + "product_name" : "Cloud Pak System" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395.", + "lang" : "eng" + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "L", + "S" : "U", + "SCORE" : "4.700", + "UI" : "N", + "AC" : "L", + "PR" : "H", + "I" : "L", + "AV" : "N", + "A" : "L" + }, + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + } + } + } +} diff --git a/2020/4xxx/CVE-2020-4928.json b/2020/4xxx/CVE-2020-4928.json index a01aa0f9fc9..19a7092e0db 100644 --- a/2020/4xxx/CVE-2020-4928.json +++ b/2020/4xxx/CVE-2020-4928.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4928", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_version" : "4.0", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-01-02T00:00:00", + "ID" : "CVE-2020-4928" + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6393554 (Cloud Pak System)", + "name" : "https://www.ibm.com/support/pages/node/6393554", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/6393554" + }, + { + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-cps-cve20204928-file-upload (191705)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191705" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Access", + "lang" : "eng" + } + ] + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "H", + "AV" : "L", + "SCORE" : "6.700", + "UI" : "N", + "AC" : "L", + "PR" : "H", + "I" : "H", + "S" : "U", + "C" : "H" + }, + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Cloud Pak System", + "version" : { + "version_data" : [ + { + "version_value" : "2.3" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705." + } + ] + } +} diff --git a/2020/4xxx/CVE-2020-4942.json b/2020/4xxx/CVE-2020-4942.json index e5556b997bc..bcaa6d63a4e 100644 --- a/2020/4xxx/CVE-2020-4942.json +++ b/2020/4xxx/CVE-2020-4942.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4942", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "ID" : "CVE-2020-4942", + "DATE_PUBLIC" : "2020-12-31T00:00:00" + }, + "data_version" : "4.0", + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/6395108", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/6395108", + "title" : "IBM Security Bulletin 6395108 (Curam SPM)" + }, + { + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191942", + "name" : "ibm-curam-cve20204942-csrf (191942)", + "refsource" : "XF" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "A" : "N", + "AV" : "N", + "SCORE" : "6.500", + "AC" : "L", + "UI" : "R", + "PR" : "N", + "I" : "H", + "C" : "N", + "S" : "U" + } + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942." + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "7.0.9" + }, + { + "version_value" : "7.0.11" + } + ] + }, + "product_name" : "Curam SPM" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +}