From 5fa79aeed83d6d2df80d3c212dc07efc781c065f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 21 Sep 2020 15:01:47 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/4xxx/CVE-2020-4315.json | 174 ++++++++++++++++----------------- 2020/4xxx/CVE-2020-4579.json | 180 +++++++++++++++++------------------ 2020/4xxx/CVE-2020-4580.json | 180 +++++++++++++++++------------------ 2020/4xxx/CVE-2020-4581.json | 180 +++++++++++++++++------------------ 2020/4xxx/CVE-2020-4590.json | 180 +++++++++++++++++------------------ 2020/4xxx/CVE-2020-4731.json | 176 +++++++++++++++++----------------- 6 files changed, 535 insertions(+), 535 deletions(-) diff --git a/2020/4xxx/CVE-2020-4315.json b/2020/4xxx/CVE-2020-4315.json index d28360aba87..705f95f0e3c 100644 --- a/2020/4xxx/CVE-2020-4315.json +++ b/2020/4xxx/CVE-2020-4315.json @@ -1,90 +1,90 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177234." - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "N", - "SCORE" : "4.300", - "PR" : "N", - "AV" : "N", - "A" : "N", - "S" : "U", - "UI" : "R", - "AC" : "L", - "C" : "L" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4315", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-09-18T00:00:00" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "1.0" - } - ] - }, - "product_name" : "Business Automation Content Analyzer on Cloud" - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177234." } - ] - } - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6334813", - "title" : "IBM Security Bulletin 6334813 (Business Automation Content Analyzer on Cloud)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6334813" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-baca-cve20204315-info-disc (177234)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/177234" - } - ] - } -} + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "I": "N", + "SCORE": "4.300", + "PR": "N", + "AV": "N", + "A": "N", + "S": "U", + "UI": "R", + "AC": "L", + "C": "L" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4315", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-09-18T00:00:00" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + }, + "product_name": "Business Automation Content Analyzer on Cloud" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6334813", + "title": "IBM Security Bulletin 6334813 (Business Automation Content Analyzer on Cloud)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6334813" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-baca-cve20204315-info-disc (177234)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177234" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4579.json b/2020/4xxx/CVE-2020-4579.json index 11d32c9d4c2..9ed8481209e 100644 --- a/2020/4xxx/CVE-2020-4579.json +++ b/2020/4xxx/CVE-2020-4579.json @@ -1,93 +1,93 @@ { - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "UI" : "N", - "AC" : "L", - "C" : "N", - "S" : "U", - "PR" : "N", - "SCORE" : "7.500", - "I" : "N", - "A" : "H", - "AV" : "N" - } - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438." - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DataPower Gateway", - "version" : { - "version_data" : [ - { - "version_value" : "2018.4.1.0" - }, - { - "version_value" : "2018.4.1.12" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "data_version": "4.0", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "UI": "N", + "AC": "L", + "C": "N", + "S": "U", + "PR": "N", + "SCORE": "7.500", + "I": "N", + "A": "H", + "AV": "N" } - ] - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6334703", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6334703 (DataPower Gateway)", - "url" : "https://www.ibm.com/support/pages/node/6334703" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184438", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-datapower-cve20204579-dos (184438)" - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-09-18T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4579" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DataPower Gateway", + "version": { + "version_data": [ + { + "version_value": "2018.4.1.0" + }, + { + "version_value": "2018.4.1.12" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - } -} + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6334703", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6334703 (DataPower Gateway)", + "url": "https://www.ibm.com/support/pages/node/6334703" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184438", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-datapower-cve20204579-dos (184438)" + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-09-18T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2020-4579" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4580.json b/2020/4xxx/CVE-2020-4580.json index 53f8ea36adc..4f589113b09 100644 --- a/2020/4xxx/CVE-2020-4580.json +++ b/2020/4xxx/CVE-2020-4580.json @@ -1,93 +1,93 @@ { - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "PR" : "N", - "SCORE" : "7.500", - "I" : "N", - "A" : "H", - "AV" : "N", - "UI" : "N", - "AC" : "L", - "C" : "N", - "S" : "U" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "data_version" : "4.0", - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "value" : "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. IBM X-Force ID: 184439.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6334705", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6334705 (DataPower Gateway)", - "url" : "https://www.ibm.com/support/pages/node/6334705" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-datapower-cve20204580-dos (184439)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184439" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2018.4.1.0" - }, - { - "version_value" : "2018.4.1.12" - } - ] - }, - "product_name" : "DataPower Gateway" - } - ] - }, - "vendor_name" : "IBM" + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "PR": "N", + "SCORE": "7.500", + "I": "N", + "A": "H", + "AV": "N", + "UI": "N", + "AC": "L", + "C": "N", + "S": "U" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" } - ] - } - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-09-18T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4580", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + } + }, + "data_version": "4.0", + "data_type": "CVE", + "description": { + "description_data": [ + { + "value": "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. IBM X-Force ID: 184439.", + "lang": "eng" + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6334705", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6334705 (DataPower Gateway)", + "url": "https://www.ibm.com/support/pages/node/6334705" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-datapower-cve20204580-dos (184439)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184439" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2018.4.1.0" + }, + { + "version_value": "2018.4.1.12" + } + ] + }, + "product_name": "DataPower Gateway" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - } -} + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-09-18T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2020-4580", + "ASSIGNER": "psirt@us.ibm.com" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4581.json b/2020/4xxx/CVE-2020-4581.json index a0aea140796..f614359460e 100644 --- a/2020/4xxx/CVE-2020-4581.json +++ b/2020/4xxx/CVE-2020-4581.json @@ -1,93 +1,93 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "UI" : "N", - "AC" : "L", - "C" : "N", - "SCORE" : "7.500", - "I" : "N", - "PR" : "N", - "A" : "H", - "AV" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6334707", - "title" : "IBM Security Bulletin 6334707 (DataPower Gateway)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6334707" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184441", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-datapower-cve20204581-dos (184441)" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2018.4.1.0" - }, - { - "version_value" : "2018.4.1.12" - } - ] - }, - "product_name" : "DataPower Gateway" - } - ] - } + "value": "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441.", + "lang": "eng" } - ] - } - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4581", - "DATE_PUBLIC" : "2020-09-18T00:00:00" - } -} + ] + }, + "data_version": "4.0", + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "UI": "N", + "AC": "L", + "C": "N", + "SCORE": "7.500", + "I": "N", + "PR": "N", + "A": "H", + "AV": "N" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6334707", + "title": "IBM Security Bulletin 6334707 (DataPower Gateway)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6334707" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184441", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-datapower-cve20204581-dos (184441)" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2018.4.1.0" + }, + { + "version_value": "2018.4.1.12" + } + ] + }, + "product_name": "DataPower Gateway" + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4581", + "DATE_PUBLIC": "2020-09-18T00:00:00" + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4590.json b/2020/4xxx/CVE-2020-4590.json index a5d3b989c2a..e4144b0ba4f 100644 --- a/2020/4xxx/CVE-2020-4590.json +++ b/2020/4xxx/CVE-2020-4590.json @@ -1,93 +1,93 @@ { - "data_type" : "CVE", - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "UI" : "N", - "AC" : "H", - "C" : "N", - "PR" : "L", - "SCORE" : "5.300", - "I" : "N", - "AV" : "N", - "A" : "H" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.", - "lang" : "eng" - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-09-16T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4590" - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6333623 (WebSphere Application Server Liberty)", - "name" : "https://www.ibm.com/support/pages/node/6333623", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6333623" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184650", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-websphere-cve20204590-dos (184650)", - "refsource" : "XF" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "17.0.0.3" - }, - { - "version_value" : "20.0.0.9" - } - ] - }, - "product_name" : "WebSphere Application Server Liberty" - } - ] - } + "data_type": "CVE", + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "UI": "N", + "AC": "H", + "C": "N", + "PR": "L", + "SCORE": "5.300", + "I": "N", + "AV": "N", + "A": "H" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + } + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "value": "IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.", + "lang": "eng" + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-09-16T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2020-4590" + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6333623 (WebSphere Application Server Liberty)", + "name": "https://www.ibm.com/support/pages/node/6333623", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6333623" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184650", + "title": "X-Force Vulnerability Report", + "name": "ibm-websphere-cve20204590-dos (184650)", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "17.0.0.3" + }, + { + "version_value": "20.0.0.9" + } + ] + }, + "product_name": "WebSphere Application Server Liberty" + } + ] + } + } ] - } - ] - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4731.json b/2020/4xxx/CVE-2020-4731.json index 5b97a2fecba..60047fe9327 100644 --- a/2020/4xxx/CVE-2020-4731.json +++ b/2020/4xxx/CVE-2020-4731.json @@ -1,90 +1,90 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Aspera Shares", - "version" : { - "version_data" : [ - { - "version_value" : "1.9.14.PL1" - } - ] - } - } - ] - } - } - ] - } - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6326929", - "title" : "IBM Security Bulletin 6326929 (Aspera Shares)", - "url" : "https://www.ibm.com/support/pages/node/6326929" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/188055", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-aspera-cve20204731-xss (188055)" - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4731", - "DATE_PUBLIC" : "2020-09-16T00:00:00" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Aspera Shares", + "version": { + "version_data": [ + { + "version_value": "1.9.14.PL1" + } + ] + } + } + ] + } + } ] - } - ] - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "UI" : "R", - "AC" : "L", - "C" : "L", - "S" : "C", - "SCORE" : "6.100", - "I" : "L", - "PR" : "N", - "A" : "N", - "AV" : "N" - } - } - }, - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055." - } - ] - } -} + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6326929", + "title": "IBM Security Bulletin 6326929 (Aspera Shares)", + "url": "https://www.ibm.com/support/pages/node/6326929" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188055", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-aspera-cve20204731-xss (188055)" + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4731", + "DATE_PUBLIC": "2020-09-16T00:00:00" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "data_version": "4.0", + "data_format": "MITRE", + "impact": { + "cvssv3": { + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + }, + "BM": { + "UI": "R", + "AC": "L", + "C": "L", + "S": "C", + "SCORE": "6.100", + "I": "L", + "PR": "N", + "A": "N", + "AV": "N" + } + } + }, + "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055." + } + ] + } +} \ No newline at end of file