admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20190820-152425

Browse Source 
Added CVE-2019-4482, CVE-2019-4340, CVE-2019-4437, CVE-2019-4167, CVE-2019-4424, CVE-2019-4120, CVE-2019-4338
This commit is contained in:
Scott Moore - IBM 2019-08-20 15:24:25 -04:00
parent 8e6d5cf653
commit 5e27b6639c
No known key found for this signature in database
GPG Key ID: 8E6C411D57F2D75C
7 changed files with 630 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
2019/4xxx/CVE-2019-4120.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4120",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Cloud Private",
"version" : {
"version_data" : [
{
"version_value" : "3.1.1"
},
{
"version_value" : "3.1.2"
}
]
}
}
]
}
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"UI" : "R",
"PR" : "L",
"I" : "L",
"A" : "N",
"SCORE" : "5.400",
"S" : "C",
"C" : "L",
"AC" : "L",
"AV" : "N"
}
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-08-13T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4120"
},
"description" : {
"description_data" : [
{
"value" : "IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158146.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 885328 (Cloud Private)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10885328",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10885328"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158146",
"name" : "ibm-cloud-cve20194120-xss (158146)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
}
}

102
2019/4xxx/CVE-2019-4167.json
View File

@ -1,18 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4167",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10967327",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10967327",
"title" : "IBM Security Bulletin 967327 (StoredIQ)",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-storeiq-cve20194167-csrf (158700)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158700",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4167",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-08-14T00:00:00",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "StoredIQ",
"version" : {
"version_data" : [
{
"version_value" : "7.6.0"
}
]
}
}
]
}
}
]
}
}
]
}
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"PR" : "N",
"UI" : "R",
"I" : "L",
"A" : "N",
"SCORE" : "4.300",
"S" : "U",
"AV" : "N",
"C" : "N",
"AC" : "L"
}
}
}
}

102
2019/4xxx/CVE-2019-4338.json
View File

@ -1,18 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4338",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 960858 (Security Guardium Big Data Intelligence)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10960858",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10960858"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161417",
"name" : "ibm-guardium-cve20194338-dos (161417)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "4.0"
}
]
},
"product_name" : "Security Guardium Big Data Intelligence"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"A" : "H",
"I" : "N",
"PR" : "N",
"UI" : "N",
"AV" : "N",
"C" : "N",
"AC" : "L",
"S" : "U",
"SCORE" : "7.500"
}
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-08-16T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4338"
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417.",
"lang" : "eng"
}
]
}
}

102
2019/4xxx/CVE-2019-4340.json
View File

@ -1,18 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4340",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 161419.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-08-16T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4340"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Security Guardium Big Data Intelligence",
"version" : {
"version_data" : [
{
"version_value" : "4.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "7.100",
"S" : "U",
"C" : "H",
"AC" : "L",
"AV" : "N",
"UI" : "N",
"PR" : "L",
"I" : "N",
"A" : "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10960856",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10960856",
"title" : "IBM Security Bulletin 960856 (Security Guardium Big Data Intelligence)",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-guardium-cve20194340-xxe (161419)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161419"
}
]
}
}

114
2019/4xxx/CVE-2019-4424.json
View File

@ -1,18 +1,102 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4424",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 959537 (Business Automation Workflow)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10959537",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10959537"
},
{
"name" : "ibm-baw-cve20194424-xxe (162770)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162770",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2019-4424",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-08-06T00:00:00"
},
"description" : {
"description_data" : [
{
"value" : "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "18.0.0.0"
},
{
"version_value" : "18.0.0.1"
},
{
"version_value" : "18.0.0.2"
},
{
"version_value" : "19.0.0.1"
},
{
"version_value" : "19.0.0.2"
}
]
},
"product_name" : "Business Automation Workflow"
}
]
}
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"SCORE" : "7.100",
"S" : "U",
"AV" : "N",
"C" : "H",
"AC" : "L",
"PR" : "L",
"UI" : "N",
"I" : "N",
"A" : "L"
}
}
}
}

105
2019/4xxx/CVE-2019-4437.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4437",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-08-13T00:00:00",
"ID" : "CVE-2019-4437",
"ASSIGNER" : "psirt@us.ibm.com"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947."
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"UI" : "N",
"I" : "N",
"A" : "L",
"SCORE" : "8.200",
"S" : "U",
"AV" : "N",
"AC" : "L",
"C" : "H"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "API Connect",
"version" : {
"version_data" : [
{
"version_value" : "2018.1"
},
{
"version_value" : "2018.4.1.6"
}
]
}
}
]
}
}
]
}
}
]
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10960876",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10960876",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 960876 (API Connect)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162947",
"name" : "ibm-api-cve20194437-info-disc (162947)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
}
}

105
2019/4xxx/CVE-2019-4482.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4482",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-08-13T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4482"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164066."
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "H"
},
"BM" : {
"A" : "N",
"I" : "L",
"UI" : "R",
"PR" : "L",
"AC" : "L",
"C" : "L",
"AV" : "N",
"S" : "C",
"SCORE" : "5.400"
}
}
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Emptoris Spend Analysis",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.3"
}
]
}
}
]
}
}
]
}
}
]
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 880217 (Emptoris Spend Analysis)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880217",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880217"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-emptoris-cve20194482-xss (164066)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/164066"
}
]
}
}