admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#327

Browse Source 
Auto-merge PR#327
This commit is contained in:
CVE Team 2020-12-21 12:55:20 -05:00 committed by GitHub
commit 69d88e7233
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 450 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

156
2020/4xxx/CVE-2020-4555.json
View File

@ -1,18 +1,144 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4555",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Financial Transaction Manager",
"version" : {
"version_data" : [
{
"version_value" : "3.0.2"
},
{
"version_value" : "2.1.1"
},
{
"version_value" : "3.1.0"
},
{
"version_value" : "3.0.5"
},
{
"version_value" : "3.0.6"
},
{
"version_value" : "3.0.0"
},
{
"version_value" : "3.2.2"
},
{
"version_value" : "3.2.3"
},
{
"version_value" : "3.2.4"
}
]
}
}
]
}
}
]
}
}
]
}
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"UI" : "N",
"AV" : "N",
"PR" : "L",
"AC" : "L",
"I" : "L",
"C" : "L",
"SCORE" : "6.300",
"A" : "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6388702",
"title" : "IBM Security Bulletin 6388702 (Financial Transaction Manager)",
"url" : "https://www.ibm.com/support/pages/node/6388702"
},
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6388744",
"title" : "IBM Security Bulletin 6388744 (Financial Transaction Manager)",
"url" : "https://www.ibm.com/support/pages/node/6388744"
},
{
"title" : "IBM Security Bulletin 6388708 (Financial Transaction Manager)",
"url" : "https://www.ibm.com/support/pages/node/6388708",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6388708"
},
{
"title" : "IBM Security Bulletin 6388706 (Financial Transaction Manager)",
"url" : "https://www.ibm.com/support/pages/node/6388706",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6388706"
},
{
"url" : "https://www.ibm.com/support/pages/node/6388704",
"title" : "IBM Security Bulletin 6388704 (Financial Transaction Manager)",
"name" : "https://www.ibm.com/support/pages/node/6388704",
"refsource" : "CONFIRM"
},
{
"url" : "https://www.ibm.com/support/pages/node/6388722",
"title" : "IBM Security Bulletin 6388722 (Financial Transaction Manager)",
"name" : "https://www.ibm.com/support/pages/node/6388722",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/183328",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-ftm-cve20204555-session-fixation (183328)",
"refsource" : "XF"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4555",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-12-18T00:00:00",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328.",
"lang" : "eng"
}
]
}
}

102
2020/4xxx/CVE-2020-4757.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4757",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Content Navigator",
"version" : {
"version_data" : [
{
"version_value" : "3.0.CD"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"C" : "L",
"I" : "L",
"A" : "N",
"SCORE" : "6.400",
"UI" : "N",
"AV" : "N",
"S" : "C",
"PR" : "L",
"AC" : "L"
}
}
},
"data_type" : "CVE",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6388806",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6388806",
"title" : "IBM Security Bulletin 6388806 (Content Navigator)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/188600",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-filenet-cve20204757-xss (188600)",
"refsource" : "XF"
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-12-18T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4757"
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188600.",
"lang" : "eng"
}
]
}
}

134
2020/4xxx/CVE-2020-4794.json
View File

@ -1,18 +1,122 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4794",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6359463 (Automation Workstream Services)",
"url" : "https://www.ibm.com/support/pages/node/6359463",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6359463"
},
{
"name" : "ibm-icp4a-cve20204794-input-validation (189445)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189445",
"title" : "X-Force Vulnerability Report"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4794",
"DATE_PUBLIC" : "2020-12-18T00:00:00",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Automation Workstream Services",
"version" : {
"version_data" : [
{
"version_value" : "19.0.3"
},
{
"version_value" : "20.0.1"
},
{
"version_value" : "20.0.2"
}
]
}
},
{
"product_name" : "Business Process Manager",
"version" : {
"version_data" : [
{
"version_value" : "8.6"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "19.0"
},
{
"version_value" : "20.0"
},
{
"version_value" : "18.0"
}
]
},
"product_name" : "Business Automation Workflow"
}
]
}
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"SCORE" : "5.400",
"A" : "L",
"I" : "N",
"C" : "L",
"AC" : "L",
"PR" : "L",
"S" : "U",
"AV" : "N",
"UI" : "N"
}
}
},
"data_type" : "CVE",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
}
]
}
}

118
2020/4xxx/CVE-2020-4870.json
View File

@ -1,18 +1,106 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4870",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833."
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2020-4870",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-12-18T00:00:00",
"STATE" : "PUBLIC"
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6380742",
"title" : "IBM Security Bulletin 6380742 (MQ Appliance)",
"name" : "https://www.ibm.com/support/pages/node/6380742",
"refsource" : "CONFIRM"
},
{
"url" : "https://www.ibm.com/support/pages/node/6386466",
"title" : "IBM Security Bulletin 6386466 (MQ)",
"name" : "https://www.ibm.com/support/pages/node/6386466",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190833",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-mq-cve20204870-dos (190833)",
"refsource" : "XF"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"PR" : "N",
"AC" : "H",
"S" : "U",
"UI" : "N",
"AV" : "N",
"SCORE" : "5.900",
"A" : "H",
"I" : "N",
"C" : "N"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.2.0"
}
]
},
"product_name" : "MQ"
},
{
"version" : {
"version_data" : [
{
"version_value" : "9.2.0.0"
}
]
},
"product_name" : "MQ Appliance"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
}
}