From 691d11ec974bbbc64883b89668a03de05cde6c5b Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Wed, 7 Feb 2018 10:40:56 -0500 Subject: [PATCH] IBM20180207 Added CVE-2017-1692, CVE-2017-1785, CVE-2018-1366, CVE-2018-1382, CVE-2018-1388. --- 2017/1xxx/CVE-2017-1692.json | 67 ++++++++++++++++++-- 2017/1xxx/CVE-2017-1785.json | 74 +++++++++++++++++++--- 2018/1xxx/CVE-2018-1366.json | 77 ++++++++++++++++++++--- 2018/1xxx/CVE-2018-1382.json | 116 ++++++++++++++++++++++++++++++++--- 2018/1xxx/CVE-2018-1388.json | 100 ++++++++++++++++++++++++++++-- 5 files changed, 400 insertions(+), 34 deletions(-) diff --git a/2017/1xxx/CVE-2017-1692.json b/2017/1xxx/CVE-2017-1692.json index f7bea6befad..e0c0d299be0 100644 --- a/2017/1xxx/CVE-2017-1692.json +++ b/2017/1xxx/CVE-2017-1692.json @@ -1,17 +1,74 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1692", - "STATE" : "RESERVED" + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2018-02-05T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2017-1692" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "AIX", + "version" : { + "version_data" : [ + { + "version_value" : "6.1" + }, + { + "version_value" : "5.3" + }, + { + "version_value" : "7.1" + }, + { + "version_value" : "7.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references" : { + "reference_data" : [ + { + "name" : "IBM AIX Security Advisory", + "url" : "http://aix.software.ibm.com/aix/efixes/security/suid_advisory.asc" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134067", + "name" : "X-Force Vulnerability Report" + } + ] }, "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] + } + ] + }, "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM X-Force ID: 134067.", + "lang" : "eng" } ] } diff --git a/2017/1xxx/CVE-2017-1785.json b/2017/1xxx/CVE-2017-1785.json index 347243229bb..c51d7511e56 100644 --- a/2017/1xxx/CVE-2017-1785.json +++ b/2017/1xxx/CVE-2017-1785.json @@ -1,18 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1785", - "STATE" : "RESERVED" + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "API Connect", + "version" : { + "version_data" : [ + { + "version_value" : "5.0.7.0" + }, + { + "version_value" : "5.0.7.1" + }, + { + "version_value" : "5.0.7.2" + }, + { + "version_value" : "5.0.8.0" + }, + { + "version_value" : "5.0.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013061", + "name" : "IBM Security Bulletin 2013061 (API Connect)" + }, + { + "name" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136859" + } + ] }, "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859." } ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2018-02-02T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2017-1785" } } diff --git a/2018/1xxx/CVE-2018-1366.json b/2018/1xxx/CVE-2018-1366.json index dfba4945e37..885523d213d 100644 --- a/2018/1xxx/CVE-2018-1366.json +++ b/2018/1xxx/CVE-2018-1366.json @@ -1,17 +1,80 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", "ID" : "CVE-2018-1366", - "STATE" : "RESERVED" + "DATE_PUBLIC" : "2018-01-25T00:00:00" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "3.0.0" + }, + { + "version_value" : "3.0.1" + }, + { + "version_value" : "2.0.2.8" + }, + { + "version_value" : "3.0.2" + }, + { + "version_value" : "3.0.3" + }, + { + "version_value" : "2.0.2.7" + } + ] + }, + "product_name" : "Content Navigator" + } + ] + }, + "vendor_name" : "IBM" + } + ] + } }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452.", + "lang" : "eng" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Access", + "lang" : "eng" + } + ] + } + ] + }, + "data_version" : "4.0", + "data_type" : "CVE", + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "name" : "IBM Security Bulletin 2012674 (Content Navigator)", + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012674" + }, + { + "name" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137452" } ] } diff --git a/2018/1xxx/CVE-2018-1382.json b/2018/1xxx/CVE-2018-1382.json index 91c09aed395..8e15509c0c0 100644 --- a/2018/1xxx/CVE-2018-1382.json +++ b/2018/1xxx/CVE-2018-1382.json @@ -1,18 +1,114 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1382", - "STATE" : "RESERVED" + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Cross-Site Scripting", + "lang" : "eng" + } + ] + } + ] }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138079.", + "lang" : "eng" } ] - } + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013054", + "name" : "IBM Security Bulletin 2013054 (API Connect)" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138079", + "name" : "X-Force Vulnerability Report" + } + ] + }, + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "API Connect", + "version" : { + "version_data" : [ + { + "version_value" : "5.0.1.0" + }, + { + "version_value" : "5.0.0.0" + }, + { + "version_value" : "5.0.0.1" + }, + { + "version_value" : "5.0.2.0" + }, + { + "version_value" : "5.0.5.0" + }, + { + "version_value" : "5.0.6.0" + }, + { + "version_value" : "5.0.6.1" + }, + { + "version_value" : "5.0.6.2" + }, + { + "version_value" : "5.0.7.0" + }, + { + "version_value" : "5.0.7.1" + }, + { + "version_value" : "5.0.3.0" + }, + { + "version_value" : "5.0.4.0" + }, + { + "version_value" : "5.0.7.2" + }, + { + "version_value" : "5.0.6.3" + }, + { + "version_value" : "5.0.6.4" + }, + { + "version_value" : "5.0.8.0" + }, + { + "version_value" : "5.0.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ID" : "CVE-2018-1382", + "DATE_PUBLIC" : "2018-02-02T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "data_type" : "CVE" } diff --git a/2018/1xxx/CVE-2018-1388.json b/2018/1xxx/CVE-2018-1388.json index b1a2565f5c5..702f21bf50b 100644 --- a/2018/1xxx/CVE-2018-1388.json +++ b/2018/1xxx/CVE-2018-1388.json @@ -1,17 +1,107 @@ { + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "data_version" : "4.0", "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-1388", - "STATE" : "RESERVED" + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-02-01T00:00:00" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "7.0.1.1" + }, + { + "version_value" : "7.0.1.2" + }, + { + "version_value" : "7.0.1.3" + }, + { + "version_value" : "7.0.1.4" + }, + { + "version_value" : "7.0.1" + }, + { + "version_value" : "7.0.1.5" + }, + { + "version_value" : "7.0.1.6" + }, + { + "version_value" : "7.0.1.8" + }, + { + "version_value" : "7.0.1.7" + }, + { + "version_value" : "7.0.1.9" + }, + { + "version_value" : "7.0.1.10" + }, + { + "version_value" : "7.0.1.11" + }, + { + "version_value" : "7.0.1.12" + }, + { + "version_value" : "7.0.1.13" + }, + { + "version_value" : "7.0.1.14" + } + ] + }, + "product_name" : "WebSphere MQ" + } + ] + }, + "vendor_name" : "IBM" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "GSKit V7 may disclose side channel information via discrepencies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212.", + "lang" : "eng" + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013022", + "name" : "IBM Security Bulletin 2013022 (WebSphere MQ)" + }, + { + "name" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138212" } ] }