From 59bfda5c91ab988813d0229789519b42e1c848c5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 11 Oct 2018 08:09:09 -0400 Subject: [PATCH] - Synchronized data. --- 2018/1xxx/CVE-2018-1706.json | 106 +++++++++++++++--------------- 2018/1xxx/CVE-2018-1708.json | 124 +++++++++++++++++------------------ 2018/1xxx/CVE-2018-1724.json | 96 +++++++++++++-------------- 2018/1xxx/CVE-2018-1738.json | 92 +++++++++++++------------- 2018/1xxx/CVE-2018-1745.json | 94 +++++++++++++------------- 5 files changed, 251 insertions(+), 261 deletions(-) diff --git a/2018/1xxx/CVE-2018-1706.json b/2018/1xxx/CVE-2018-1706.json index 36259ada3fe..79573a2965c 100644 --- a/2018/1xxx/CVE-2018-1706.json +++ b/2018/1xxx/CVE-2018-1706.json @@ -1,90 +1,88 @@ { - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "H" - }, - "BM" : { - "AV" : "N", - "SCORE" : "5.400", - "A" : "N", - "PR" : "L", - "AC" : "L", - "I" : "L", - "UI" : "R", - "C" : "L", - "S" : "C" - } - } - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10719669", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10719669", - "title" : "IBM Security Bulletin 719669 (Spectrum Symphony)" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/146341", - "name" : "ibm-symphony-cve20181706-xss (146341)", - "refsource" : "XF" - } - ] - }, - "data_format" : "MITRE", "CVE_data_meta" : { - "ID" : "CVE-2018-1706", "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2018-08-01T00:00:00", + "ID" : "CVE-2018-1706", "STATE" : "PUBLIC" }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 146341." - } - ] - }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "Spectrum Symphony", "version" : { "version_data" : [ { "version_value" : "7.2.0.2" } ] - }, - "product_name" : "Spectrum Symphony" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 146341." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" + }, + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Cross-Site Scripting", - "lang" : "eng" + "lang" : "eng", + "value" : "Cross-Site Scripting" } ] } ] }, - "data_version" : "4.0" + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10719669", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10719669" + }, + { + "name" : "ibm-symphony-cve20181706-xss(146341)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/146341" + } + ] + } } diff --git a/2018/1xxx/CVE-2018-1708.json b/2018/1xxx/CVE-2018-1708.json index 2737047b763..84e0c63d701 100644 --- a/2018/1xxx/CVE-2018-1708.json +++ b/2018/1xxx/CVE-2018-1708.json @@ -1,12 +1,67 @@ { + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-08-01T00:00:00", + "ID" : "CVE-2018-1708", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Spectrum Symphony", + "version" : { + "version_data" : [ + { + "version_value" : "7.2.0.2" + }, + { + "version_value" : "7.1.2" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343." + "value" : "IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343." } ] }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "6.500", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { @@ -19,75 +74,18 @@ } ] }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.2.0.2" - }, - { - "version_value" : "7.1.2" - } - ] - }, - "product_name" : "Spectrum Symphony" - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_type" : "CVE", - "data_format" : "MITRE", "references" : { "reference_data" : [ { - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10719667", - "refsource" : "CONFIRM", "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10719667", - "title" : "IBM Security Bulletin 719667 (Spectrum Symphony)" + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10719667" }, { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/146343", - "name" : "ibm-symphony-cve20181708-info-disc (146343)", - "refsource" : "XF" + "name" : "ibm-symphony-cve20181708-info-disc(146343)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/146343" } ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1708", - "DATE_PUBLIC" : "2018-08-01T00:00:00", - "STATE" : "PUBLIC" - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "AV" : "N", - "PR" : "L", - "A" : "N", - "SCORE" : "6.500", - "AC" : "L", - "I" : "N", - "UI" : "N", - "C" : "H", - "S" : "U" - } - } } } diff --git a/2018/1xxx/CVE-2018-1724.json b/2018/1xxx/CVE-2018-1724.json index c971f141053..e02bb1586ca 100644 --- a/2018/1xxx/CVE-2018-1724.json +++ b/2018/1xxx/CVE-2018-1724.json @@ -1,53 +1,14 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "UI" : "N", - "I" : "H", - "S" : "U", - "C" : "H", - "AC" : "L", - "AV" : "L", - "SCORE" : "8.400", - "A" : "H", - "PR" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, "CVE_data_meta" : { - "ID" : "CVE-2018-1724", "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-10-07T00:00:00" + "DATE_PUBLIC" : "2018-10-07T00:00:00", + "ID" : "CVE-2018-1724", + "STATE" : "PUBLIC" }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 718373 (Spectrum LSF)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spectrum-lsf-is-affected-by-a-privilege-escalation-vulnerability/", - "url" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spectrum-lsf-is-affected-by-a-privilege-escalation-vulnerability/" - }, - { - "refsource" : "XF", - "name" : "ibm-lsf-cve20181724-priv-escalation (147439)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147439", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_type" : "CVE", "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -70,29 +31,66 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to obtain highly sensitive information or escalate their privileges to root due to improper file permission settings. IBM X-Force ID: 147439." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "H", + "AC" : "L", + "AV" : "L", + "C" : "H", + "I" : "H", + "PR" : "N", + "S" : "U", + "SCORE" : "8.400", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Gain Privileges", - "lang" : "eng" + "lang" : "eng", + "value" : "Gain Privileges" } ] } ] }, - "description" : { - "description_data" : [ + "references" : { + "reference_data" : [ { - "value" : "IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to obtain highly sensitive information or escalate their privileges to root due to improper file permission settings. IBM X-Force ID: 147439.", - "lang" : "eng" + "name" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spectrum-lsf-is-affected-by-a-privilege-escalation-vulnerability/", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spectrum-lsf-is-affected-by-a-privilege-escalation-vulnerability/" + }, + { + "name" : "ibm-lsf-cve20181724-priv-escalation(147439)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147439" } ] } diff --git a/2018/1xxx/CVE-2018-1738.json b/2018/1xxx/CVE-2018-1738.json index 2a9ef43c986..ca1acc7cdd7 100644 --- a/2018/1xxx/CVE-2018-1738.json +++ b/2018/1xxx/CVE-2018-1738.json @@ -1,25 +1,10 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907." - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-10-04T00:00:00", + "ID" : "CVE-2018-1738", + "STATE" : "PUBLIC" }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } - ] - } - ] - }, - "data_version" : "4.0", "affects" : { "vendor" : { "vendor_data" : [ @@ -27,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "Security Key Lifecycle Manager", "version" : { "version_data" : [ { @@ -39,8 +25,7 @@ "version_value" : "3.0" } ] - }, - "product_name" : "Security Key Lifecycle Manager" + } } ] }, @@ -49,42 +34,29 @@ ] } }, - "data_type" : "CVE", "data_format" : "MITRE", - "references" : { - "reference_data" : [ + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "title" : "IBM Security Bulletin 733309 (Security Key Lifecycle Manager)", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733309", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733309", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "name" : "ibm-tivoli-cve20181738-improper-auth (147907)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147907", - "title" : "X-Force Vulnerability Report" + "lang" : "eng", + "value" : "IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907." } ] }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-10-04T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1738" - }, "impact" : { "cvssv3" : { "BM" : { - "I" : "L", - "UI" : "N", - "S" : "U", - "C" : "H", + "A" : "N", "AC" : "L", "AV" : "N", + "C" : "H", + "I" : "L", + "PR" : "L", + "S" : "U", "SCORE" : "7.100", - "A" : "N", - "PR" : "L" + "UI" : "N" }, "TM" : { "E" : "U", @@ -92,5 +64,31 @@ "RL" : "O" } } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733309", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733309" + }, + { + "name" : "ibm-tivoli-cve20181738-improper-auth(147907)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147907" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1745.json b/2018/1xxx/CVE-2018-1745.json index cc1d6af9ac4..3c18d5a80e6 100644 --- a/2018/1xxx/CVE-2018-1745.json +++ b/2018/1xxx/CVE-2018-1745.json @@ -1,48 +1,10 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "PR" : "N", - "SCORE" : "7.500", - "A" : "H", - "AC" : "L", - "I" : "N", - "UI" : "N", - "C" : "N", - "S" : "U" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10733355", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10733355", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 733355 (Security Key Lifecycle Manager)" - }, - { - "name" : "ibm-tivoli-cve20181745-dos (148424)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148424", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_format" : "MITRE", "CVE_data_meta" : { - "ID" : "CVE-2018-1745", "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-10-04T00:00:00" + "DATE_PUBLIC" : "2018-10-04T00:00:00", + "ID" : "CVE-2018-1745", + "STATE" : "PUBLIC" }, - "data_type" : "CVE", "affects" : { "vendor" : { "vendor_data" : [ @@ -50,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "Security Key Lifecycle Manager", "version" : { "version_data" : [ { @@ -59,8 +22,7 @@ "version_value" : "3.0" } ] - }, - "product_name" : "Security Key Lifecycle Manager" + } } ] }, @@ -69,6 +31,37 @@ ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. IBM X-Force ID: 148424." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "H", + "AC" : "L", + "AV" : "N", + "C" : "N", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "7.500", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { @@ -81,12 +74,17 @@ } ] }, - "data_version" : "4.0", - "description" : { - "description_data" : [ + "references" : { + "reference_data" : [ { - "lang" : "eng", - "value" : "IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. IBM X-Force ID: 148424." + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10733355", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10733355" + }, + { + "name" : "ibm-tivoli-cve20181745-dos(148424)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148424" } ] }