diff --git a/2018/1xxx/CVE-2018-1712.json b/2018/1xxx/CVE-2018-1712.json index faa87f9668a..95b8dbf2050 100644 --- a/2018/1xxx/CVE-2018-1712.json +++ b/2018/1xxx/CVE-2018-1712.json @@ -1,63 +1,18 @@ { "CVE_data_meta" : { - "DATE_PUBLIC" : "2018-08-15T00:00:00", - "STATE" : "PUBLIC", "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1712" - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10716169", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 0716169", - "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10716169" - }, - { - "name" : "ibm-api-cve20181712-ssrf (146370)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/146370", - "refsource" : "XF" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "I" : "L", - "S" : "U", - "C" : "H", - "AC" : "L", - "UI" : "N", - "PR" : "N", - "AV" : "N", - "SCORE" : "8.600", - "A" : "L" - } - } + "DATE_PUBLIC" : "2018-08-15T00:00:00", + "ID" : "CVE-2018-1712", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "API Connect", "version" : { "version_data" : [ { @@ -124,15 +79,46 @@ "version_value" : "5.0.8.3" } ] - }, - "product_name" : "API Connect" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "L", + "AC" : "L", + "AV" : "N", + "C" : "H", + "I" : "L", + "PR" : "N", + "S" : "U", + "SCORE" : "8.600", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { @@ -145,6 +131,18 @@ } ] }, - "data_type" : "CVE", - "data_format" : "MITRE" + "references" : { + "reference_data" : [ + { + "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10716169", + "refsource" : "CONFIRM", + "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10716169" + }, + { + "name" : "ibm-api-cve20181712-ssrf(146370)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/146370" + } + ] + } }