admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20180404

Browse Source 
Added CVE-2017-1624, CVE-2017-1733, CVE-2017-1772, CVE-2018-1400, CVE-2018-1421, CVE-2018-1447, CVE-2018-1469.
This commit is contained in:
Scott Moore - IBM 2018-04-04 11:52:02 -04:00
parent e6118c7e3b
commit 5799f66014
7 changed files with 655 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
2017/1xxx/CVE-2017-1624.json
View File

@ -1,17 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1624",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 133122."
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "L",
"I" : "L",
"A" : "N",
"AV" : "N",
"AC" : "H",
"S" : "U",
"SCORE" : "4.200",
"UI" : "N",
"C" : "L"
}
}
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22015236",
"name" : "IBM Security Bulletin 2015236 (Security QRadar SIEM)"
},
{
"name" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133122"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.3"
},
{
"version_value" : "7.3.1"
}
]
},
"product_name" : "Security QRadar SIEM"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2017-1624"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
}

77
2017/1xxx/CVE-2017-1733.json
View File

@ -1,18 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1733",
"STATE" : "RESERVED"
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2017-1733",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "IBM Security Bulletin 2015243 (Security QRadar SIEM)",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22015243"
},
{
"name" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134914"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"AV" : "L",
"UI" : "N",
"C" : "L",
"AC" : "L",
"A" : "N",
"I" : "N",
"PR" : "N",
"SCORE" : "4.000"
}
}
},
"data_type" : "CVE",
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security QRadar SIEM",
"version" : {
"version_data" : [
{
"version_value" : "7.3"
}
]
}
}
]
}
}
]
}
}
}

90
2017/1xxx/CVE-2017-1772.json
View File

@ -1,18 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1772",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000369",
"name" : "IBM Security Bulletin C1000369 (MobileFirst Platform Foundation)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136786",
"name" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2018-03-30T00:00:00",
"ID" : "CVE-2017-1772",
"ASSIGNER" : "psirt@us.ibm.com"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136786.",
"lang" : "eng"
}
]
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.3"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.1"
},
{
"version_value" : "8.0"
}
]
},
"product_name" : "MobileFirst Platform Foundation"
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "6.100",
"C" : "L",
"UI" : "R",
"PR" : "N",
"S" : "C",
"AC" : "L",
"A" : "N",
"AV" : "N",
"I" : "L"
}
}
},
"data_version" : "4.0"
}

94
2018/1xxx/CVE-2018-1400.json
View File

@ -1,17 +1,99 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1400",
"STATE" : "RESERVED"
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"STATE" : "PUBLIC"
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22013644",
"name" : "IBM Security Bulletin 2013644 (Rational Software Architect Design Manager)"
},
{
"name" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138436"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "5.0.2"
}
]
},
"product_name" : "Rational Software Architect Design Manager "
},
{
"product_name" : "Rational Software Architect Design Manager",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "5.400",
"AV" : "N",
"A" : "N",
"C" : "L",
"UI" : "R",
"AC" : "L",
"I" : "L",
"PR" : "L",
"S" : "C"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM Rhapsody DM (IBM Rational Software Architect Design Manager 5.0, 5.0.1, 5.0.2, 6.0, and 6.0.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138436.",
"lang" : "eng"
}
]
}

94
2018/1xxx/CVE-2018-1421.json
View File

@ -1,18 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1421",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023."
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22015055",
"name" : "IBM Security Bulletin 2015055 (DataPower Gateways)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139023",
"name" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "L",
"UI" : "N",
"AC" : "L",
"AV" : "N",
"S" : "U",
"I" : "N",
"SCORE" : "7.100",
"PR" : "L",
"C" : "H"
}
}
},
"CVE_data_meta" : {
"ID" : "CVE-2018-1421",
"DATE_PUBLIC" : "2018-04-03T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.1"
},
{
"version_value" : "7.2"
},
{
"version_value" : "7.5"
},
{
"version_value" : "7.5.1"
},
{
"version_value" : "7.5.2"
},
{
"version_value" : "7.6"
}
]
},
"product_name" : "DataPower Gateways"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
}

138
2018/1xxx/CVE-2018-1447.json
View File

@ -1,18 +1,138 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1447",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"I" : "N",
"S" : "U",
"SCORE" : "5.100",
"AC" : "H",
"C" : "H",
"UI" : "N",
"AV" : "L",
"A" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "IBM Security Bulletin 2015066 (Spectrum Protect for Virtual Environments)",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22015066"
},
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22014669",
"name" : "IBM Security Bulletin 2014669 (Spectrum Protect)"
},
{
"name" : "IBM Security Bulletin 2015071 (Spectrum Protect Snapshot)",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22015071"
},
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22014957",
"name" : "IBM Security Bulletin 2014957 (Spectrum Protect for Space Management)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139972",
"name" : "X-Force Vulnerability Report"
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-03-29T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2018-1447",
"ASSIGNER" : "psirt@us.ibm.com"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.1"
},
{
"version_value" : "8.1"
}
]
},
"product_name" : "Spectrum Protect"
},
{
"product_name" : "Spectrum Protect Snapshot",
"version" : {
"version_data" : [
{
"version_value" : "4.1.3"
},
{
"version_value" : "4.1.4"
},
{
"version_value" : "4.1.6"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "7.1"
},
{
"version_value" : "8.1"
}
]
},
"product_name" : "Spectrum Protect for Virtual Environments"
},
{
"version" : {
"version_data" : [
{
"version_value" : "7.1"
},
{
"version_value" : "8.1"
}
]
},
"product_name" : "Spectrum Protect for Space Management"
}
]
}
}
]
}
}
}

135
2018/1xxx/CVE-2018-1469.json
View File

@ -1,18 +1,135 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1469",
"STATE" : "RESERVED"
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"UI" : "N",
"C" : "H",
"I" : "H",
"AC" : "L",
"SCORE" : "9.800",
"A" : "H",
"PR" : "N",
"S" : "U"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unathenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605.",
"lang" : "eng"
}
]
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "5.0.1.0"
},
{
"version_value" : "5.0.0.0"
},
{
"version_value" : "5.0.2.0"
},
{
"version_value" : "5.0.5.0"
},
{
"version_value" : "5.0.6.0"
},
{
"version_value" : "5.0.6.1"
},
{
"version_value" : "5.0.6.2"
},
{
"version_value" : "5.0.7.0"
},
{
"version_value" : "5.0.7.1"
},
{
"version_value" : "5.0.3.0"
},
{
"version_value" : "5.0.4.0"
},
{
"version_value" : "5.0.7.2"
},
{
"version_value" : "5.0.6.3"
},
{
"version_value" : "5.0.6.4"
},
{
"version_value" : "5.0.8.0"
},
{
"version_value" : "5.0.8.1"
},
{
"version_value" : "5.0.6.5"
},
{
"version_value" : "5.0.6.6"
},
{
"version_value" : "5.0.8.2"
}
]
},
"product_name" : "API Connect"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2018-1469",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22014940",
"name" : "IBM Security Bulletin 2014940 (API Connect)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140605",
"name" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE"
}