From 650d0b46633e933c01bbf5719a8267c6c1e39b6a Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Thu, 25 Apr 2019 10:28:02 -0400 Subject: [PATCH] IBM20190425-10282 Added CVE-2019-4222, CVE-2019-4075, CVE-2019-4074, CVE-2019-4077, CVE-2019-4076, CVE-2018-1720, CVE-2019-4092, CVE-2019-4146, CVE-2019-4238, CVE-2019-4033, CVE-2019-4073, CVE-2019-4148 --- 2018/1xxx/CVE-2018-1720.json | 111 ++++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4033.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4073.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4074.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4075.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4076.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4077.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4092.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4146.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4148.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4222.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4238.json | 108 +++++++++++++++++++++++++++++----- 12 files changed, 1089 insertions(+), 180 deletions(-) diff --git a/2018/1xxx/CVE-2018-1720.json b/2018/1xxx/CVE-2018-1720.json index 7f6ada9d1ed..35fd4e39800 100644 --- a/2018/1xxx/CVE-2018-1720.json +++ b/2018/1xxx/CVE-2018-1720.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1720", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Sterling B2B Integrator", + "version" : { + "version_data" : [ + { + "version_value" : "5.2.0.1" + }, + { + "version_value" : "6.0.0.0" + }, + { + "version_value" : "5.2.6.3_6" + }, + { + "version_value" : "6.0.0.1" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0.0, and 6.0.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 147294." + } + ] + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-04-20T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2018-1720" + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "C" : "H", + "SCORE" : "5.900", + "I" : "N", + "UI" : "N", + "A" : "N", + "AV" : "N", + "PR" : "N", + "S" : "U", + "AC" : "H" + } + } + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880601", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880601", + "title" : "IBM Security Bulletin 880601 (Sterling B2B Integrator)" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147294", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-sterling-cve20181720-info-disc (147294)" + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4033.json b/2019/4xxx/CVE-2019-4033.json index cfebc99d303..5a58b760065 100644 --- a/2019/4xxx/CVE-2019-4033.json +++ b/2019/4xxx/CVE-2019-4033.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4033", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155999." + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Content Navigator", + "version" : { + "version_data" : [ + { + "version_value" : "2.0.3" + }, + { + "version_value" : "3.0CD" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-04-19T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4033" + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "H" + }, + "BM" : { + "I" : "L", + "SCORE" : "5.400", + "C" : "L", + "AC" : "L", + "S" : "C", + "PR" : "L", + "A" : "N", + "AV" : "N", + "UI" : "R" + } + } + }, + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10869046", + "title" : "IBM Security Bulletin 869046 (Content Navigator)", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10869046", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155999", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-content-cve20194033-xss (155999)" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4073.json b/2019/4xxx/CVE-2019-4073.json index dd532adfd73..6dff1a3f4b5 100644 --- a/2019/4xxx/CVE-2019-4073.json +++ b/2019/4xxx/CVE-2019-4073.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4073", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_version" : "4.0", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-04-20T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4073" + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157107." + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "6.0.0.0" + }, + { + "version_value" : "6.0.0.1" + } + ] + }, + "product_name" : "Sterling B2B Integrator" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591", + "title" : "IBM Security Bulletin 880591 (Sterling B2B Integrator)", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157107", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-sterling-cve20194073-xss (157107)", + "refsource" : "XF" + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "I" : "L", + "SCORE" : "5.400", + "C" : "L", + "AC" : "L", + "S" : "C", + "PR" : "L", + "A" : "N", + "AV" : "N", + "UI" : "R" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "H" + } + } + } +} diff --git a/2019/4xxx/CVE-2019-4074.json b/2019/4xxx/CVE-2019-4074.json index 251e635257b..c336ba8fdbf 100644 --- a/2019/4xxx/CVE-2019-4074.json +++ b/2019/4xxx/CVE-2019-4074.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4074", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_version" : "4.0", + "CVE_data_meta" : { + "ID" : "CVE-2019-4074", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-04-20T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Sterling B2B Integrator", + "version" : { + "version_data" : [ + { + "version_value" : "6.0.0.0" + }, + { + "version_value" : "6.0.0.1" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157108.", + "lang" : "eng" + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591", + "title" : "IBM Security Bulletin 880591 (Sterling B2B Integrator)", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157108", + "name" : "ibm-sterling-cve20194074-xss (157108)" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "I" : "L", + "SCORE" : "5.400", + "C" : "L", + "AC" : "L", + "AV" : "N", + "A" : "N", + "S" : "C", + "PR" : "L", + "UI" : "R" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + } + } + } +} diff --git a/2019/4xxx/CVE-2019-4075.json b/2019/4xxx/CVE-2019-4075.json index b76be7e1355..7a36989577f 100644 --- a/2019/4xxx/CVE-2019-4075.json +++ b/2019/4xxx/CVE-2019-4075.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4075", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591", + "title" : "IBM Security Bulletin 880591 (Sterling B2B Integrator)", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591", + "refsource" : "CONFIRM" + }, + { + "name" : "ibm-sterling-cve20194075-xss (157109)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157109", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "AC" : "L", + "S" : "C", + "PR" : "L", + "A" : "N", + "AV" : "N", + "UI" : "R", + "I" : "L", + "SCORE" : "5.400", + "C" : "L" + } + } + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-04-20T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4075" + }, + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157109.", + "lang" : "eng" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "6.0.0.0" + }, + { + "version_value" : "6.0.0.1" + } + ] + }, + "product_name" : "Sterling B2B Integrator" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2019/4xxx/CVE-2019-4076.json b/2019/4xxx/CVE-2019-4076.json index de2f9c286b8..2a06eefbab6 100644 --- a/2019/4xxx/CVE-2019-4076.json +++ b/2019/4xxx/CVE-2019-4076.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4076", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Sterling B2B Integrator", + "version" : { + "version_data" : [ + { + "version_value" : "6.0.0.0" + }, + { + "version_value" : "6.0.0.1" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157110.", + "lang" : "eng" + } + ] + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-04-20T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4076" + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "L", + "SCORE" : "5.400", + "I" : "L", + "UI" : "R", + "S" : "C", + "PR" : "L", + "AV" : "N", + "A" : "N", + "AC" : "L" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 880591 (Sterling B2B Integrator)", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591" + }, + { + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157110", + "name" : "ibm-sterling-cve20194076-xss (157110)", + "refsource" : "XF" + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Cross-Site Scripting", + "lang" : "eng" + } + ] + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4077.json b/2019/4xxx/CVE-2019-4077.json index 4592aae75f0..b9e6926586f 100644 --- a/2019/4xxx/CVE-2019-4077.json +++ b/2019/4xxx/CVE-2019-4077.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4077", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "UI" : "R", + "AC" : "L", + "S" : "C", + "PR" : "L", + "AV" : "N", + "A" : "N", + "C" : "L", + "I" : "L", + "SCORE" : "5.400" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + } + } + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 880591 (Sterling B2B Integrator)", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591", + "refsource" : "CONFIRM" + }, + { + "name" : "ibm-sterling-cve20194077-xss (157111)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157111", + "refsource" : "XF" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Sterling B2B Integrator", + "version" : { + "version_data" : [ + { + "version_value" : "6.0.0.0" + }, + { + "version_value" : "6.0.0.1" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157111." + } + ] + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "ID" : "CVE-2019-4077", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-04-20T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + } +} diff --git a/2019/4xxx/CVE-2019-4092.json b/2019/4xxx/CVE-2019-4092.json index 7e740cea894..959024d9627 100644 --- a/2019/4xxx/CVE-2019-4092.json +++ b/2019/4xxx/CVE-2019-4092.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4092", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 874754 (Content Navigator)", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10874754", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10874754" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157654", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-content-cve20194092-open-redirect (157654)", + "refsource" : "XF" + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "UI" : "R", + "AC" : "L", + "AV" : "N", + "A" : "N", + "PR" : "L", + "S" : "C", + "C" : "N", + "I" : "H", + "SCORE" : "6.800" + } + } + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "ID" : "CVE-2019-4092", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-04-22T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Content Navigator", + "version" : { + "version_data" : [ + { + "version_value" : "2.0.3" + }, + { + "version_value" : "3.0CD" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 157654.", + "lang" : "eng" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4146.json b/2019/4xxx/CVE-2019-4146.json index 2b3c1e0b1e1..eca0f99fe88 100644 --- a/2019/4xxx/CVE-2019-4146.json +++ b/2019/4xxx/CVE-2019-4146.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4146", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "AV" : "N", + "A" : "N", + "S" : "U", + "PR" : "L", + "AC" : "H", + "UI" : "N", + "SCORE" : "3.100", + "I" : "N", + "C" : "L" + } + } + }, + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 880595 (Sterling B2B Integrator)", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880595", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880595" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158401", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-sterling-cve20194146-info-disc (158401)", + "refsource" : "XF" + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Sterling B2B Integrator", + "version" : { + "version_data" : [ + { + "version_value" : "6.0.0.0" + }, + { + "version_value" : "6.0.0.1" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to obtain sensitive document information under unusual circumstances. IBM X-Force ID: 158401." + } + ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-04-20T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4146", + "STATE" : "PUBLIC" + }, + "data_version" : "4.0" +} diff --git a/2019/4xxx/CVE-2019-4148.json b/2019/4xxx/CVE-2019-4148.json index d88f7df2ec9..52e961aea00 100644 --- a/2019/4xxx/CVE-2019-4148.json +++ b/2019/4xxx/CVE-2019-4148.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4148", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158414.", + "lang" : "eng" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "6.0.0.0" + }, + { + "version_value" : "6.0.0.1" + } + ] + }, + "product_name" : "Sterling B2B Integrator" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-04-20T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4148", + "STATE" : "PUBLIC" + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "H", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "AC" : "H", + "AV" : "N", + "A" : "N", + "PR" : "H", + "S" : "C", + "UI" : "R", + "I" : "L", + "SCORE" : "4.000", + "C" : "L" + } + } + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591", + "title" : "IBM Security Bulletin 880591 (Sterling B2B Integrator)", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591", + "refsource" : "CONFIRM" + }, + { + "name" : "ibm-sterling-cve20194148-xss (158414)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158414", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4222.json b/2019/4xxx/CVE-2019-4222.json index 0801c0058fa..1539e3ed69d 100644 --- a/2019/4xxx/CVE-2019-4222.json +++ b/2019/4xxx/CVE-2019-4222.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4222", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + }, + "BM" : { + "UI" : "N", + "A" : "N", + "AV" : "N", + "S" : "U", + "PR" : "L", + "AC" : "L", + "C" : "L", + "SCORE" : "4.300", + "I" : "N" + } + } + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 880595 (Sterling B2B Integrator)", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880595", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880595" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159231", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-sterling-cve20194222-info-disc (159231)", + "refsource" : "XF" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Sterling B2B Integrator", + "version" : { + "version_data" : [ + { + "version_value" : "6.0.0.0" + }, + { + "version_value" : "6.0.0.1" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to view process definition of a business process without permission. IBM X-Force ID: 159231.", + "lang" : "eng" + } + ] + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-04-20T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4222", + "STATE" : "PUBLIC" + } +} diff --git a/2019/4xxx/CVE-2019-4238.json b/2019/4xxx/CVE-2019-4238.json index 8b73d9a3b2b..2f187cdede7 100644 --- a/2019/4xxx/CVE-2019-4238.json +++ b/2019/4xxx/CVE-2019-4238.json @@ -1,18 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4238", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464." + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "11.3" + }, + { + "version_value" : "11.5" + }, + { + "version_value" : "11.7" + } + ] + }, + "product_name" : "InfoSphere Information Server" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-04-19T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4238", + "STATE" : "PUBLIC" + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "AC" : "L", + "PR" : "L", + "S" : "C", + "AV" : "N", + "A" : "N", + "UI" : "R", + "I" : "L", + "SCORE" : "5.400", + "C" : "L" + }, + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + } + } + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 881165 (InfoSphere Information Server)", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10881165", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10881165", + "refsource" : "CONFIRM" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159464", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-infosphere-cve20194238-xss (159464)", + "refsource" : "XF" + } + ] + } +}