diff --git a/2017/1xxx/CVE-2017-1695.json b/2017/1xxx/CVE-2017-1695.json index a2680075678..324840f2310 100644 --- a/2017/1xxx/CVE-2017-1695.json +++ b/2017/1xxx/CVE-2017-1695.json @@ -1,74 +1,14 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "AC" : "H", - "A" : "N", - "PR" : "N", - "C" : "H", - "UI" : "N", - "I" : "N", - "SCORE" : "5.900", - "AV" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "data_type" : "CVE", "CVE_data_meta" : { - "STATE" : "PUBLIC", "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2019-02-06T00:00:00", - "ID" : "CVE-2017-1695" - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 719107 (QRadar SIEM)", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10719107", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10719107" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134177", - "name" : "ibm-qradar-cve20171695-info-disc (134177)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177." - } - ] + "ID" : "CVE-2017-1695", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -85,9 +25,67 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "H", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "5.900", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10719107", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10719107" + }, + { + "name" : "ibm-qradar-cve20171695-info-disc(134177)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134177" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1701.json b/2018/1xxx/CVE-2018-1701.json index 5c49b9b1078..1519cec4b37 100644 --- a/2018/1xxx/CVE-2018-1701.json +++ b/2018/1xxx/CVE-2018-1701.json @@ -1,34 +1,14 @@ { - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 730555 (InfoSphere Information Server)", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10730555", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10730555" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145970", - "name" : "ibm-infosphere-cve20181701-command-exec (145970)" - } - ] - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970." - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-10-16T00:00:00", + "ID" : "CVE-2018-1701", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -42,39 +22,43 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", "data_type" : "CVE", - "CVE_data_meta" : { - "ID" : "CVE-2018-1701", - "DATE_PUBLIC" : "2018-10-16T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970." + } + ] }, "impact" : { "cvssv3" : { "BM" : { - "AV" : "N", - "I" : "H", - "SCORE" : "8.500", - "AC" : "H", - "S" : "C", - "PR" : "L", "A" : "H", + "AC" : "H", + "AV" : "N", "C" : "H", + "I" : "H", + "PR" : "L", + "S" : "C", + "SCORE" : "8.500", "UI" : "N" }, "TM" : { "E" : "U", - "RL" : "O", - "RC" : "C" + "RC" : "C", + "RL" : "O" } } }, - "data_format" : "MITRE", "problemtype" : { "problemtype_data" : [ { @@ -86,5 +70,19 @@ ] } ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10730555", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10730555" + }, + { + "name" : "ibm-infosphere-cve20181701-command-exec(145970)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145970" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1727.json b/2018/1xxx/CVE-2018-1727.json index 8578d0c1d7f..4fccf786e2a 100644 --- a/2018/1xxx/CVE-2018-1727.json +++ b/2018/1xxx/CVE-2018-1727.json @@ -1,69 +1,18 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "AV" : "N", - "SCORE" : "7.100", - "I" : "N", - "A" : "L", - "C" : "H", - "PR" : "L", - "UI" : "N", - "AC" : "L", - "S" : "U" - } - } - }, "CVE_data_meta" : { - "STATE" : "PUBLIC", "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-10-08T00:00:00", "ID" : "CVE-2018-1727", - "DATE_PUBLIC" : "2018-10-08T00:00:00" - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10718887", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10718887", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 718887 (InfoSphere Information Server)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147630", - "name" : "ibm-infosphere-cve20181727-xxe (147630)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "InfoSphere Information Server", "version" : { "version_data" : [ { @@ -79,20 +28,69 @@ "version_value" : "11.7" } ] - }, - "product_name" : "InfoSphere Information Server" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { - "value" : "IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630.", - "lang" : "eng" + "lang" : "eng", + "value" : "IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "L", + "AC" : "L", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "7.100", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10718887", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10718887" + }, + { + "name" : "ibm-infosphere-cve20181727-xxe(147630)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147630" } ] } diff --git a/2018/1xxx/CVE-2018-1895.json b/2018/1xxx/CVE-2018-1895.json index 6122c289cb1..84e893e1540 100644 --- a/2018/1xxx/CVE-2018-1895.json +++ b/2018/1xxx/CVE-2018-1895.json @@ -1,26 +1,14 @@ { - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10744013", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744013", - "title" : "IBM Security Bulletin 744013 (InfoSphere Information Server)", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-infosphere-cve20181895-xss (152159)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152159" - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-12-04T00:00:00", + "ID" : "CVE-2018-1895", + "STATE" : "PUBLIC" }, - "data_version" : "4.0", "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -40,38 +28,35 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { - "value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159.", - "lang" : "eng" + "lang" : "eng", + "value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159." } ] }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2018-12-04T00:00:00", - "ID" : "CVE-2018-1895", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "data_type" : "CVE", "impact" : { "cvssv3" : { "BM" : { "A" : "N", - "C" : "L", - "PR" : "L", - "UI" : "R", "AC" : "L", - "S" : "C", "AV" : "N", + "C" : "L", "I" : "L", - "SCORE" : "5.400" + "PR" : "L", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" }, "TM" : { "E" : "H", @@ -92,5 +77,18 @@ } ] }, - "data_format" : "MITRE" + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10744013", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744013" + }, + { + "name" : "ibm-infosphere-cve20181895-xss(152159)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152159" + } + ] + } } diff --git a/2019/4xxx/CVE-2019-4059.json b/2019/4xxx/CVE-2019-4059.json index bf602b718ba..abf4f2dfb5c 100644 --- a/2019/4xxx/CVE-2019-4059.json +++ b/2019/4xxx/CVE-2019-4059.json @@ -1,69 +1,10 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "SCORE" : "7.500", - "I" : "N", - "AC" : "L", - "S" : "U", - "C" : "H", - "A" : "N", - "UI" : "N", - "PR" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "data_type" : "CVE", "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2019-02-12T00:00:00", "ID" : "CVE-2019-4059", - "ASSIGNER" : "psirt@us.ibm.com", "STATE" : "PUBLIC" }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 870810 (Rational ClearCase)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10870810", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10870810" - }, - { - "name" : "ibm-clearcase-cve20194059-info-disc (156583)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/156583", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583." - } - ] - }, "affects" : { "vendor" : { "vendor_data" : [ @@ -71,14 +12,14 @@ "product" : { "product_data" : [ { + "product_name" : "Rational ClearCase", "version" : { "version_data" : [ { "version_value" : "1.0.0.0" } ] - }, - "product_name" : "Rational ClearCase" + } } ] }, @@ -86,5 +27,62 @@ } ] } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "7.500", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10870810", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10870810" + }, + { + "name" : "ibm-clearcase-cve20194059-info-disc(156583)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/156583" + } + ] } }