admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-11-22 16:02:02 +00:00
parent c96f2d5d82
commit 67f33be396
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
16 changed files with 806 additions and 595 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2018/19xxx/CVE-2018-19130.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file."
"value": "** DISPUTED ** In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. NOTE: This may be a duplicate of CVE-2017-17127."
}
]
},

2
2019/14xxx/CVE-2019-14441.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c."
"value": "** DISPUTED ** An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c. NOTE: This may be a duplicate of CVE-2018-19129."
}
]
},

10
2019/15xxx/CVE-2019-15071.json
View File

@ -99,6 +99,16 @@
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201909001",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201909001"
},
{
"refsource": "MISC",
"name": "https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-004.pdf",
"url": "https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-004.pdf"
},
{
"refsource": "MISC",
"name": "https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-005.pdf",
"url": "https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-005.pdf"
}
]
},

10
2019/16xxx/CVE-2019-16863.json
View File

@ -71,6 +71,16 @@
"refsource": "CONFIRM",
"name": "https://support.lenovo.com/us/en/product_security/LEN-29406",
"url": "https://support.lenovo.com/us/en/product_security/LEN-29406"
},
{
"refsource": "CONFIRM",
"name": "https://www.st.com/content/st_com/en/campaigns/tpm-update.html",
"url": "https://www.st.com/content/st_com/en/campaigns/tpm-update.html"
},
{
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190024",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190024"
}
]
}

5
2019/19xxx/CVE-2019-19006.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772",
"url": "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772"
},
{
"refsource": "MISC",
"name": "https://pastebin.com/2CdsQMKW",
"url": "https://pastebin.com/2CdsQMKW"
}
]
}

62
2019/19xxx/CVE-2019-19013.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/155426/Pagekit-CMS-1.0.17-Cross-Site-Request-Forgery.html",
"url": "https://packetstormsecurity.com/files/155426/Pagekit-CMS-1.0.17-Cross-Site-Request-Forgery.html"
}
]
}
}

18
2019/19xxx/CVE-2019-19228.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19228",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/19xxx/CVE-2019-19229.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19229",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

58
2019/3xxx/CVE-2019-3427.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3427",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3427",
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ZTE",
"product": {
"product_data": [
{
"product_name": "ZXCDN IAMWEB",
"version": {
"version_data": [
{
"version_value": "ZXCDN-IAMWEBV6.01.03.01"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011863",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011863"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. An attacker could exploit the vulnerability to inject malicious code into the management page, resulting in users\u2019 information leakage."
}
]
}

58
2019/3xxx/CVE-2019-3428.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3428",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3428",
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ZTE",
"product": {
"product_data": [
{
"product_name": "ZXCDN IAMWEB",
"version": {
"version_data": [
{
"version_value": "AllZXCDN-IAMWEBV6.01.03.01"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "configuration error"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011863",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011863"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users\u2019 information leakage."
}
]
}

200
2019/4xxx/CVE-2019-4214.json
View File

@ -1,102 +1,102 @@
{
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "L",
"A" : "N",
"SCORE" : "3.700",
"UI" : "N",
"PR" : "N",
"AC" : "H",
"S" : "U",
"I" : "N",
"AV" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.3.1"
},
{
"version_value" : "1.3.2"
},
{
"version_value" : "1.3.3"
},
{
"version_value" : "1.3.4"
},
{
"version_value" : "1.3.5"
}
]
},
"product_name" : "SmartCloud Analytics"
}
]
},
"vendor_name" : "IBM"
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"C": "L",
"A": "N",
"SCORE": "3.700",
"UI": "N",
"PR": "N",
"AC": "H",
"S": "U",
"I": "N",
"AV": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-11-21T00:00:00",
"ID" : "CVE-2019-4214",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_version" : "4.0",
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 1110171 (SmartCloud Analytics)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1110171",
"url" : "https://www.ibm.com/support/pages/node/1110171"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159185",
"name" : "ibm-smartcloud-cve20194214-info-disc (159185)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.3.1"
},
{
"version_value": "1.3.2"
},
{
"version_value": "1.3.3"
},
{
"version_value": "1.3.4"
},
{
"version_value": "1.3.5"
}
]
},
"product_name": "SmartCloud Analytics"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-11-21T00:00:00",
"ID": "CVE-2019-4214",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_version": "4.0",
"data_type": "CVE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 1110171 (SmartCloud Analytics)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/1110171",
"url": "https://www.ibm.com/support/pages/node/1110171"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159185",
"name": "ibm-smartcloud-cve20194214-info-disc (159185)",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
}
}

200
2019/4xxx/CVE-2019-4215.json
View File

@ -1,102 +1,102 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"AC" : "L",
"UI" : "R",
"I" : "L",
"S" : "C",
"AV" : "N",
"C" : "L",
"SCORE" : "6.100",
"A" : "N"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4215",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-11-20T00:00:00"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159186."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.3.1"
},
{
"version_value" : "1.3.2"
},
{
"version_value" : "1.3.3"
},
{
"version_value" : "1.3.4"
},
{
"version_value" : "1.3.5"
}
]
},
"product_name" : "SmartCloud Analytics"
}
]
}
"impact": {
"cvssv3": {
"BM": {
"PR": "N",
"AC": "L",
"UI": "R",
"I": "L",
"S": "C",
"AV": "N",
"C": "L",
"SCORE": "6.100",
"A": "N"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
]
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 1109769 (SmartCloud Analytics)",
"name" : "https://www.ibm.com/support/pages/node/1109769",
"url" : "https://www.ibm.com/support/pages/node/1109769",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-smartcloud-cve20194215-clickjacking (159186)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159186"
}
]
}
}
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4215",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-11-20T00:00:00"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159186."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.3.1"
},
{
"version_value": "1.3.2"
},
{
"version_value": "1.3.3"
},
{
"version_value": "1.3.4"
},
{
"version_value": "1.3.5"
}
]
},
"product_name": "SmartCloud Analytics"
}
]
}
}
]
}
},
"data_version": "4.0",
"data_type": "CVE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 1109769 (SmartCloud Analytics)",
"name": "https://www.ibm.com/support/pages/node/1109769",
"url": "https://www.ibm.com/support/pages/node/1109769",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-smartcloud-cve20194215-clickjacking (159186)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159186"
}
]
}
}

200
2019/4xxx/CVE-2019-4216.json
View File

@ -1,102 +1,102 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"A" : "N",
"SCORE" : "4.600",
"C" : "L",
"AV" : "N",
"S" : "U",
"I" : "L",
"UI" : "R",
"PR" : "L",
"AC" : "L"
}
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.3.1"
},
{
"version_value" : "1.3.2"
},
{
"version_value" : "1.3.3"
},
{
"version_value" : "1.3.4"
},
{
"version_value" : "1.3.5"
}
]
},
"product_name" : "SmartCloud Analytics"
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"A": "N",
"SCORE": "4.600",
"C": "L",
"AV": "N",
"S": "U",
"I": "L",
"UI": "R",
"PR": "L",
"AC": "L"
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-11-20T00:00:00",
"ID" : "CVE-2019-4216",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_version" : "4.0",
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1109745",
"name" : "https://www.ibm.com/support/pages/node/1109745",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 1109745 (SmartCloud Analytics)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159187",
"name" : "ibm-smartcloud-cve20194216-header-injection (159187)",
"title" : "X-Force Vulnerability Report"
}
]
}
}
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.3.1"
},
{
"version_value": "1.3.2"
},
{
"version_value": "1.3.3"
},
{
"version_value": "1.3.4"
},
{
"version_value": "1.3.5"
}
]
},
"product_name": "SmartCloud Analytics"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-11-20T00:00:00",
"ID": "CVE-2019-4216",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_version": "4.0",
"data_type": "CVE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/1109745",
"name": "https://www.ibm.com/support/pages/node/1109745",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1109745 (SmartCloud Analytics)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159187",
"name": "ibm-smartcloud-cve20194216-header-injection (159187)",
"title": "X-Force Vulnerability Report"
}
]
}
}

196
2019/4xxx/CVE-2019-4243.json
View File

@ -1,102 +1,102 @@
{
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/1109721",
"name" : "https://www.ibm.com/support/pages/node/1109721",
"title" : "IBM Security Bulletin 1109721 (SmartCloud Analytics)"
},
{
"name" : "ibm-smartcloud-cve20194243-weak-security (159517)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159517",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized disclosure of information like accessing solrconfig.xml and could allow an attacker to perform disruptive administrator tasks. IBM X-Force ID: 159517.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.3.1"
},
{
"version_value" : "1.3.2"
},
{
"version_value" : "1.3.3"
},
{
"version_value" : "1.3.4"
},
{
"version_value" : "1.3.5"
}
]
},
"product_name" : "SmartCloud Analytics"
}
]
}
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/1109721",
"name": "https://www.ibm.com/support/pages/node/1109721",
"title": "IBM Security Bulletin 1109721 (SmartCloud Analytics)"
},
{
"name": "ibm-smartcloud-cve20194243-weak-security (159517)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159517",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4243",
"DATE_PUBLIC" : "2019-11-20T00:00:00",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"SCORE" : "5.100",
"C" : "L",
"AV" : "L",
"S" : "U",
"I" : "L",
"UI" : "N",
"PR" : "N",
"AC" : "L"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
},
"data_version": "4.0",
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized disclosure of information like accessing solrconfig.xml and could allow an attacker to perform disruptive administrator tasks. IBM X-Force ID: 159517.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.3.1"
},
{
"version_value": "1.3.2"
},
{
"version_value": "1.3.3"
},
{
"version_value": "1.3.4"
},
{
"version_value": "1.3.5"
}
]
},
"product_name": "SmartCloud Analytics"
}
]
}
}
]
}
]
}
}
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4243",
"DATE_PUBLIC": "2019-11-20T00:00:00",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"SCORE": "5.100",
"C": "L",
"AV": "L",
"S": "U",
"I": "L",
"UI": "N",
"PR": "N",
"AC": "L"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
}
}

180
2019/4xxx/CVE-2019-4569.json
View File

@ -1,93 +1,93 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "L",
"S" : "C",
"AV" : "N",
"PR" : "L",
"AC" : "L",
"UI" : "R",
"SCORE" : "5.400",
"A" : "N",
"C" : "L"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ID" : "CVE-2019-4569",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-11-20T00:00:00"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.1.0"
},
{
"version_value" : "7.1.0.16"
}
]
},
"product_name" : "Tivoli Netcool Impact"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.16 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166719.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/1110135",
"url" : "https://www.ibm.com/support/pages/node/1110135",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 1110135 (Tivoli Netcool Impact)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/166719",
"name" : "ibm-tivoli-cve20194569-xss (166719)",
"refsource" : "XF"
}
]
}
}
]
},
"impact": {
"cvssv3": {
"BM": {
"I": "L",
"S": "C",
"AV": "N",
"PR": "L",
"AC": "L",
"UI": "R",
"SCORE": "5.400",
"A": "N",
"C": "L"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-4569",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-11-20T00:00:00"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.1.0"
},
{
"version_value": "7.1.0.16"
}
]
},
"product_name": "Tivoli Netcool Impact"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"value": "IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.16 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166719.",
"lang": "eng"
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1110135",
"url": "https://www.ibm.com/support/pages/node/1110135",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1110135 (Tivoli Netcool Impact)"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166719",
"name": "ibm-tivoli-cve20194569-xss (166719)",
"refsource": "XF"
}
]
}
}

182
2019/4xxx/CVE-2019-4570.json
View File

@ -1,93 +1,93 @@
{
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"PR" : "N",
"AC" : "H",
"UI" : "N",
"AV" : "N",
"I" : "N",
"S" : "U",
"C" : "L",
"SCORE" : "3.700",
"A" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 166720.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.1.0"
},
{
"version_value" : "7.1.0.16"
}
]
},
"product_name" : "Tivoli Netcool Impact"
}
]
}
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"PR": "N",
"AC": "H",
"UI": "N",
"AV": "N",
"I": "N",
"S": "U",
"C": "L",
"SCORE": "3.700",
"A": "N"
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4570",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-11-20T00:00:00"
},
"data_version" : "4.0",
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 1110141 (Tivoli Netcool Impact)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/1110141",
"name" : "https://www.ibm.com/support/pages/node/1110141"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/166720",
"name" : "ibm-tivoli-cve20194570-info-disc (166720)",
"refsource" : "XF"
}
]
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 166720.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.1.0"
},
{
"version_value": "7.1.0.16"
}
]
},
"product_name": "Tivoli Netcool Impact"
}
]
}
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2019-4570",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-11-20T00:00:00"
},
"data_version": "4.0",
"data_type": "CVE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 1110141 (Tivoli Netcool Impact)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/1110141",
"name": "https://www.ibm.com/support/pages/node/1110141"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166720",
"name": "ibm-tivoli-cve20194570-info-disc (166720)",
"refsource": "XF"
}
]
}
}