admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-09-21 15:01:47 +00:00
parent 4c6a4eadd5
commit 5fa79aeed8
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
6 changed files with 535 additions and 535 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

174
2020/4xxx/CVE-2020-4315.json
View File

@ -1,90 +1,90 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177234."
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "N",
"SCORE" : "4.300",
"PR" : "N",
"AV" : "N",
"A" : "N",
"S" : "U",
"UI" : "R",
"AC" : "L",
"C" : "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4315",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-09-18T00:00:00"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.0"
}
]
},
"product_name" : "Business Automation Content Analyzer on Cloud"
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177234."
}
]
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6334813",
"title" : "IBM Security Bulletin 6334813 (Business Automation Content Analyzer on Cloud)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6334813"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-baca-cve20204315-info-disc (177234)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/177234"
}
]
}
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"I": "N",
"SCORE": "4.300",
"PR": "N",
"AV": "N",
"A": "N",
"S": "U",
"UI": "R",
"AC": "L",
"C": "L"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4315",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-09-18T00:00:00"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.0"
}
]
},
"product_name": "Business Automation Content Analyzer on Cloud"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6334813",
"title": "IBM Security Bulletin 6334813 (Business Automation Content Analyzer on Cloud)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6334813"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-baca-cve20204315-info-disc (177234)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177234"
}
]
}
}

180
2020/4xxx/CVE-2020-4579.json
View File

@ -1,93 +1,93 @@
{
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"UI" : "N",
"AC" : "L",
"C" : "N",
"S" : "U",
"PR" : "N",
"SCORE" : "7.500",
"I" : "N",
"A" : "H",
"AV" : "N"
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DataPower Gateway",
"version" : {
"version_data" : [
{
"version_value" : "2018.4.1.0"
},
{
"version_value" : "2018.4.1.12"
}
]
}
}
]
},
"vendor_name" : "IBM"
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"UI": "N",
"AC": "L",
"C": "N",
"S": "U",
"PR": "N",
"SCORE": "7.500",
"I": "N",
"A": "H",
"AV": "N"
}
]
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6334703",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6334703 (DataPower Gateway)",
"url" : "https://www.ibm.com/support/pages/node/6334703"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184438",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-datapower-cve20204579-dos (184438)"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-09-18T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4579"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DataPower Gateway",
"version": {
"version_data": [
{
"version_value": "2018.4.1.0"
},
{
"version_value": "2018.4.1.12"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
}
}
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6334703",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6334703 (DataPower Gateway)",
"url": "https://www.ibm.com/support/pages/node/6334703"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184438",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-datapower-cve20204579-dos (184438)"
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-09-18T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2020-4579"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
}
}

180
2020/4xxx/CVE-2020-4580.json
View File

@ -1,93 +1,93 @@
{
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"SCORE" : "7.500",
"I" : "N",
"A" : "H",
"AV" : "N",
"UI" : "N",
"AC" : "L",
"C" : "N",
"S" : "U"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. IBM X-Force ID: 184439.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6334705",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6334705 (DataPower Gateway)",
"url" : "https://www.ibm.com/support/pages/node/6334705"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-datapower-cve20204580-dos (184439)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184439"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2018.4.1.0"
},
{
"version_value" : "2018.4.1.12"
}
]
},
"product_name" : "DataPower Gateway"
}
]
},
"vendor_name" : "IBM"
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"PR": "N",
"SCORE": "7.500",
"I": "N",
"A": "H",
"AV": "N",
"UI": "N",
"AC": "L",
"C": "N",
"S": "U"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-09-18T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4580",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
}
},
"data_version": "4.0",
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. IBM X-Force ID: 184439.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6334705",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6334705 (DataPower Gateway)",
"url": "https://www.ibm.com/support/pages/node/6334705"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-datapower-cve20204580-dos (184439)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184439"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2018.4.1.0"
},
{
"version_value": "2018.4.1.12"
}
]
},
"product_name": "DataPower Gateway"
}
]
},
"vendor_name": "IBM"
}
]
}
]
}
}
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2020-09-18T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2020-4580",
"ASSIGNER": "psirt@us.ibm.com"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
}
}

180
2020/4xxx/CVE-2020-4581.json
View File

@ -1,93 +1,93 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"UI" : "N",
"AC" : "L",
"C" : "N",
"SCORE" : "7.500",
"I" : "N",
"PR" : "N",
"A" : "H",
"AV" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6334707",
"title" : "IBM Security Bulletin 6334707 (DataPower Gateway)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6334707"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184441",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-datapower-cve20204581-dos (184441)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2018.4.1.0"
},
{
"version_value" : "2018.4.1.12"
}
]
},
"product_name" : "DataPower Gateway"
}
]
}
"value": "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441.",
"lang": "eng"
}
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4581",
"DATE_PUBLIC" : "2020-09-18T00:00:00"
}
}
]
},
"data_version": "4.0",
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"UI": "N",
"AC": "L",
"C": "N",
"SCORE": "7.500",
"I": "N",
"PR": "N",
"A": "H",
"AV": "N"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6334707",
"title": "IBM Security Bulletin 6334707 (DataPower Gateway)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6334707"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184441",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-datapower-cve20204581-dos (184441)"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2018.4.1.0"
},
{
"version_value": "2018.4.1.12"
}
]
},
"product_name": "DataPower Gateway"
}
]
}
}
]
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2020-4581",
"DATE_PUBLIC": "2020-09-18T00:00:00"
}
}

180
2020/4xxx/CVE-2020-4590.json
View File

@ -1,93 +1,93 @@
{
"data_type" : "CVE",
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"UI" : "N",
"AC" : "H",
"C" : "N",
"PR" : "L",
"SCORE" : "5.300",
"I" : "N",
"AV" : "N",
"A" : "H"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-09-16T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4590"
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6333623 (WebSphere Application Server Liberty)",
"name" : "https://www.ibm.com/support/pages/node/6333623",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6333623"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184650",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-websphere-cve20204590-dos (184650)",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "17.0.0.3"
},
{
"version_value" : "20.0.0.9"
}
]
},
"product_name" : "WebSphere Application Server Liberty"
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"UI": "N",
"AC": "H",
"C": "N",
"PR": "L",
"SCORE": "5.300",
"I": "N",
"AV": "N",
"A": "H"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
}
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.",
"lang": "eng"
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-09-16T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2020-4590"
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6333623 (WebSphere Application Server Liberty)",
"name": "https://www.ibm.com/support/pages/node/6333623",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6333623"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184650",
"title": "X-Force Vulnerability Report",
"name": "ibm-websphere-cve20204590-dos (184650)",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "17.0.0.3"
},
{
"version_value": "20.0.0.9"
}
]
},
"product_name": "WebSphere Application Server Liberty"
}
]
}
}
]
}
]
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
}
}

176
2020/4xxx/CVE-2020-4731.json
View File

@ -1,90 +1,90 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Aspera Shares",
"version" : {
"version_data" : [
{
"version_value" : "1.9.14.PL1"
}
]
}
}
]
}
}
]
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6326929",
"title" : "IBM Security Bulletin 6326929 (Aspera Shares)",
"url" : "https://www.ibm.com/support/pages/node/6326929"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/188055",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-aspera-cve20204731-xss (188055)"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4731",
"DATE_PUBLIC" : "2020-09-16T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Aspera Shares",
"version": {
"version_data": [
{
"version_value": "1.9.14.PL1"
}
]
}
}
]
}
}
]
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"UI" : "R",
"AC" : "L",
"C" : "L",
"S" : "C",
"SCORE" : "6.100",
"I" : "L",
"PR" : "N",
"A" : "N",
"AV" : "N"
}
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055."
}
]
}
}
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6326929",
"title": "IBM Security Bulletin 6326929 (Aspera Shares)",
"url": "https://www.ibm.com/support/pages/node/6326929"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188055",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-aspera-cve20204731-xss (188055)"
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2020-4731",
"DATE_PUBLIC": "2020-09-16T00:00:00"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"data_version": "4.0",
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
},
"BM": {
"UI": "R",
"AC": "L",
"C": "L",
"S": "C",
"SCORE": "6.100",
"I": "L",
"PR": "N",
"A": "N",
"AV": "N"
}
}
},
"data_type": "CVE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055."
}
]
}
}