From 6165c334c2a81ae9a01e19add287e9689ca137f4 Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Thu, 11 Jul 2019 15:50:25 -0400 Subject: [PATCH] IBM20190711-155025 Added CVE-2019-4118, CVE-2018-1968, CVE-2019-4193, CVE-2019-4131, CVE-2019-4263 --- 2018/1xxx/CVE-2018-1968.json | 102 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4118.json | 108 ++++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4131.json | 102 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4193.json | 105 +++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4263.json | 102 ++++++++++++++++++++++++++++----- 5 files changed, 444 insertions(+), 75 deletions(-) diff --git a/2018/1xxx/CVE-2018-1968.json b/2018/1xxx/CVE-2018-1968.json index bdd0b999410..a8183fcb8bd 100644 --- a/2018/1xxx/CVE-2018-1968.json +++ b/2018/1xxx/CVE-2018-1968.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1968", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-07-02T00:00:00", + "ID" : "CVE-2018-1968", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10958077", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 958077 (Security Identity Manager)", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10958077" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153749", + "name" : "ibm-sim-cve20181968-info-disc (153749)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "A" : "N", + "SCORE" : "5.300", + "UI" : "N", + "C" : "L", + "AC" : "L", + "AV" : "N", + "I" : "N", + "S" : "U", + "PR" : "N" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "7.0.1" + } + ] + }, + "product_name" : "Security Identity Manager" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "value" : "IBM Security Identity Manager 7.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153749.", + "lang" : "eng" + } + ] + }, + "data_format" : "MITRE" +} diff --git a/2019/4xxx/CVE-2019-4118.json b/2019/4xxx/CVE-2019-4118.json index c3efe7d1db2..667c8659f3c 100644 --- a/2019/4xxx/CVE-2019-4118.json +++ b/2019/4xxx/CVE-2019-4118.json @@ -1,18 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4118", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "3.1.0" + }, + { + "version_value" : "3.1.1" + }, + { + "version_value" : "3.1.2" + } + ] + }, + "product_name" : "Multicloud Manager" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "value" : "IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could allow a local attacker with admin privileges to obtain highly sensitive information upon deployment. IBM X-Force ID: 158144.", + "lang" : "eng" + } + ] + }, + "data_version" : "4.0", + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-07-08T00:00:00", + "ID" : "CVE-2019-4118", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC" + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "SCORE" : "4.400", + "UI" : "N", + "AC" : "L", + "C" : "H", + "AV" : "L", + "I" : "N", + "PR" : "H", + "S" : "U" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + } + } + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10885290", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10885290", + "title" : "IBM Security Bulletin 885290 (Multicloud Manager)", + "refsource" : "CONFIRM" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158144", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-mcm-cve20194118-info-disc (158144)", + "refsource" : "XF" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4131.json b/2019/4xxx/CVE-2019-4131.json index 12c1f5a24e1..60213501c3b 100644 --- a/2019/4xxx/CVE-2019-4131.json +++ b/2019/4xxx/CVE-2019-4131.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4131", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270." + } + ] + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Monitoring", + "version" : { + "version_data" : [ + { + "version_value" : "8.1.4" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "BM" : { + "UI" : "N", + "A" : "N", + "SCORE" : "5.300", + "I" : "L", + "S" : "U", + "PR" : "N", + "C" : "N", + "AC" : "L", + "AV" : "N" + }, + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + } + } + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 957121 (Monitoring)", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10957121", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10957121" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-apm-cve20194131-dns (158270)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158270" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Other" + } + ] + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "ID" : "CVE-2019-4131", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-07-01T00:00:00" + } +} diff --git a/2019/4xxx/CVE-2019-4193.json b/2019/4xxx/CVE-2019-4193.json index 2439d6d4599..4e8db185a91 100644 --- a/2019/4xxx/CVE-2019-4193.json +++ b/2019/4xxx/CVE-2019-4193.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4193", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "1.1.3" + }, + { + "version_value" : "1.1.3.2" + } + ] + }, + "product_name" : "Jazz for Service Management" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "value" : "IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-force ID: 159032.", + "lang" : "eng" + } + ] + }, + "data_version" : "4.0", + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4193", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-07-05T00:00:00" + }, + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "H", + "AC" : "H", + "AV" : "N", + "I" : "N", + "PR" : "N", + "S" : "U", + "A" : "N", + "SCORE" : "5.900", + "UI" : "N" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + } + } + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10885985", + "title" : "IBM Security Bulletin 0885985 (Jazz for Service Management)", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10885985" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159032", + "refsource" : "XF", + "name" : "ibm-jazz-cve20194193-info-disc (159032)", + "title" : "X-Force Vulnerability Report" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4263.json b/2019/4xxx/CVE-2019-4263.json index 98cefbe679c..0308a90c973 100644 --- a/2019/4xxx/CVE-2019-4263.json +++ b/2019/4xxx/CVE-2019-4263.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4263", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015." + } + ] + }, + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "3.0CD" + } + ] + }, + "product_name" : "Content Navigator" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10882412", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10882412", + "title" : "IBM Security Bulletin 882412 (Content Navigator)", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "name" : "ibm-cn-cve20194263-info-disc (160015)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160015" + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "I" : "N", + "PR" : "L", + "S" : "U", + "AC" : "L", + "C" : "L", + "AV" : "N", + "UI" : "N", + "A" : "N", + "SCORE" : "4.300" + } + } + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4263", + "DATE_PUBLIC" : "2019-07-01T00:00:00" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "data_type" : "CVE" +}