admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-06-26 15:01:07 +00:00 committed by Nayan Chandni
parent 35955e5a88
commit 6a619b882e
10 changed files with 1011 additions and 1006 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

216
2019/4xxx/CVE-2019-4224.json
View File

@ -1,111 +1,111 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "L",
"S" : "U",
"PR" : "L",
"AV" : "N",
"C" : "L",
"UI" : "N",
"SCORE" : "6.300",
"I" : "L",
"AC" : "L"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4224",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-05-31T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title" : "IBM Security Bulletin 885602 (PureApplication System)",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-pure-cve20194224-sql-injection (159240)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159240",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "PureApplication System",
"version" : {
"version_data" : [
{
"version_value" : "2.2.3.0"
},
{
"version_value" : "2.2.3.1"
},
{
"version_value" : "2.2.3.2"
},
{
"version_value" : "2.2.4.0"
},
{
"version_value" : "2.2.5.0"
},
{
"version_value" : "2.2.5.1"
},
{
"version_value" : "2.2.5.2"
},
{
"version_value" : "2.2.5.3"
}
]
}
}
]
}
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"S": "U",
"PR": "L",
"AV": "N",
"C": "L",
"UI": "N",
"SCORE": "6.300",
"I": "L",
"AC": "L"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
]
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Data Manipulation",
"lang" : "eng"
}
}
},
"description": {
"description_data": [
{
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.",
"lang": "eng"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4224",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-05-31T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title": "IBM Security Bulletin 885602 (PureApplication System)",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-pure-cve20194224-sql-injection (159240)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159240",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "PureApplication System",
"version": {
"version_data": [
{
"version_value": "2.2.3.0"
},
{
"version_value": "2.2.3.1"
},
{
"version_value": "2.2.3.2"
},
{
"version_value": "2.2.4.0"
},
{
"version_value": "2.2.5.0"
},
{
"version_value": "2.2.5.1"
},
{
"version_value": "2.2.5.2"
},
{
"version_value": "2.2.5.3"
}
]
}
}
]
}
}
]
}
]
},
"data_version" : "4.0"
}
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Data Manipulation",
"lang": "eng"
}
]
}
]
},
"data_version": "4.0"
}

216
2019/4xxx/CVE-2019-4225.json
View File

@ -1,111 +1,111 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title" : "IBM Security Bulletin 885602 (PureApplication System)",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159242",
"name" : "ibm-pure-cve20194225-info-disc (159242)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "PureApplication System",
"version" : {
"version_data" : [
{
"version_value" : "2.2.3.0"
},
{
"version_value" : "2.2.3.1"
},
{
"version_value" : "2.2.3.2"
},
{
"version_value" : "2.2.4.0"
},
{
"version_value" : "2.2.5.0"
},
{
"version_value" : "2.2.5.1"
},
{
"version_value" : "2.2.5.2"
},
{
"version_value" : "2.2.5.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2019-4225",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-05-31T00:00:00",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"UI" : "N",
"SCORE" : "4.400",
"I" : "N",
"AC" : "L",
"A" : "N",
"S" : "U",
"PR" : "H",
"AV" : "L",
"C" : "H"
}
}
}
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title": "IBM Security Bulletin 885602 (PureApplication System)",
"refsource": "CONFIRM"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159242",
"name": "ibm-pure-cve20194225-info-disc (159242)"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PureApplication System",
"version": {
"version_data": [
{
"version_value": "2.2.3.0"
},
{
"version_value": "2.2.3.1"
},
{
"version_value": "2.2.3.2"
},
{
"version_value": "2.2.4.0"
},
{
"version_value": "2.2.5.0"
},
{
"version_value": "2.2.5.1"
},
{
"version_value": "2.2.5.2"
},
{
"version_value": "2.2.5.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"CVE_data_meta": {
"ID": "CVE-2019-4225",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-05-31T00:00:00",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"UI": "N",
"SCORE": "4.400",
"I": "N",
"AC": "L",
"A": "N",
"S": "U",
"PR": "H",
"AV": "L",
"C": "H"
}
}
}
}

216
2019/4xxx/CVE-2019-4234.json
View File

@ -1,111 +1,111 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.2.3.0"
},
{
"version_value" : "2.2.3.1"
},
{
"version_value" : "2.2.3.2"
},
{
"version_value" : "2.2.4.0"
},
{
"version_value" : "2.2.5.0"
},
{
"version_value" : "2.2.5.1"
},
{
"version_value" : "2.2.5.2"
},
{
"version_value" : "2.2.5.3"
}
]
},
"product_name" : "PureApplication System"
}
]
}
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
}
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title" : "IBM Security Bulletin 885602 (PureApplication System)",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159416",
"name" : "ibm-pure-cve20194234-gain-access (159416)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-05-31T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4234"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "N",
"AV" : "N",
"S" : "U",
"PR" : "L",
"A" : "N",
"AC" : "L",
"I" : "L",
"UI" : "N",
"SCORE" : "4.300"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
}
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.2.3.0"
},
{
"version_value": "2.2.3.1"
},
{
"version_value": "2.2.3.2"
},
{
"version_value": "2.2.4.0"
},
{
"version_value": "2.2.5.0"
},
{
"version_value": "2.2.5.1"
},
{
"version_value": "2.2.5.2"
},
{
"version_value": "2.2.5.3"
}
]
},
"product_name": "PureApplication System"
}
]
}
}
]
}
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title": "IBM Security Bulletin 885602 (PureApplication System)",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159416",
"name": "ibm-pure-cve20194234-gain-access (159416)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-05-31T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4234"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"C": "N",
"AV": "N",
"S": "U",
"PR": "L",
"A": "N",
"AC": "L",
"I": "L",
"UI": "N",
"SCORE": "4.300"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
}
}

218
2019/4xxx/CVE-2019-4235.json
View File

@ -1,111 +1,111 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"AC" : "H",
"I" : "N",
"UI" : "N",
"SCORE" : "5.900",
"C" : "H",
"AV" : "N",
"S" : "U",
"PR" : "N",
"A" : "N"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417."
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2019-4235",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-05-31T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title" : "IBM Security Bulletin 885602 (PureApplication System)"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-pure-cve20194235-info-disc (159417)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159417"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PureApplication System",
"version" : {
"version_data" : [
{
"version_value" : "2.2.3.0"
},
{
"version_value" : "2.2.3.1"
},
{
"version_value" : "2.2.3.2"
},
{
"version_value" : "2.2.4.0"
},
{
"version_value" : "2.2.5.0"
},
{
"version_value" : "2.2.5.1"
},
{
"version_value" : "2.2.5.2"
},
{
"version_value" : "2.2.5.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"AC": "H",
"I": "N",
"UI": "N",
"SCORE": "5.900",
"C": "H",
"AV": "N",
"S": "U",
"PR": "N",
"A": "N"
}
]
}
}
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417."
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"ID": "CVE-2019-4235",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-05-31T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title": "IBM Security Bulletin 885602 (PureApplication System)"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-pure-cve20194235-info-disc (159417)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159417"
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PureApplication System",
"version": {
"version_data": [
{
"version_value": "2.2.3.0"
},
{
"version_value": "2.2.3.1"
},
{
"version_value": "2.2.3.2"
},
{
"version_value": "2.2.4.0"
},
{
"version_value": "2.2.5.0"
},
{
"version_value": "2.2.5.1"
},
{
"version_value": "2.2.5.2"
},
{
"version_value": "2.2.5.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

216
2019/4xxx/CVE-2019-4241.json
View File

@ -1,111 +1,111 @@
{
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-05-31T00:00:00",
"ID" : "CVE-2019-4241"
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Bypass Security"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 885602 (PureApplication System)",
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159467",
"name" : "ibm-pure-cve20194241-auth-bypass (159467)",
"title" : "X-Force Vulnerability Report"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-05-31T00:00:00",
"ID": "CVE-2019-4241"
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.2.3.0"
},
{
"version_value" : "2.2.3.1"
},
{
"version_value" : "2.2.3.2"
},
{
"version_value" : "2.2.4.0"
},
{
"version_value" : "2.2.5.0"
},
{
"version_value" : "2.2.5.1"
},
{
"version_value" : "2.2.5.2"
},
{
"version_value" : "2.2.5.3"
}
]
},
"product_name" : "PureApplication System"
}
]
}
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
}
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"C" : "H",
"AV" : "L",
"S" : "U",
"PR" : "N",
"A" : "H",
"AC" : "L",
"I" : "H",
"UI" : "N",
"SCORE" : "8.400"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467."
}
]
}
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 885602 (PureApplication System)",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159467",
"name": "ibm-pure-cve20194241-auth-bypass (159467)",
"title": "X-Force Vulnerability Report"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.2.3.0"
},
{
"version_value": "2.2.3.1"
},
{
"version_value": "2.2.3.2"
},
{
"version_value": "2.2.4.0"
},
{
"version_value": "2.2.5.0"
},
{
"version_value": "2.2.5.1"
},
{
"version_value": "2.2.5.2"
},
{
"version_value": "2.2.5.3"
}
]
},
"product_name": "PureApplication System"
}
]
}
}
]
}
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"C": "H",
"AV": "L",
"S": "U",
"PR": "N",
"A": "H",
"AC": "L",
"I": "H",
"UI": "N",
"SCORE": "8.400"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467."
}
]
}
}

187
2019/6xxx/CVE-2019-6163.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System Update",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "5.07.0084"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow log files to be written to non-standard locations."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System Update",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "5.07.0084"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-27348"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)."
}
],
"source": {
"advisory": "LEN-27348",
"discovery": "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow log files to be written to non-standard locations."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27348",
"name": "https://support.lenovo.com/solutions/LEN-27348"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)."
}
],
"source": {
"advisory": "LEN-27348",
"discovery": "UNKNOWN"
}
}

187
2019/6xxx/CVE-2019-6166.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cross-site request forgery"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27725",
"name": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}

187
2019/6xxx/CVE-2019-6167.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27725",
"name": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}

187
2019/6xxx/CVE-2019-6168.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27725",
"name": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}

187
2019/6xxx/CVE-2019-6169.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unencrypted downloads over FTP"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unencrypted downloads over FTP"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27725",
"name": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}