IBM20210113-123428

Added CVE-2019-4702, CVE-2019-4160, CVE-2019-4687
2025-07-29 05:56:59 +00:00 · 2021-01-13 12:34:28 -05:00 · 2021-01-13 12:34:28 -05:00 · 6cca20456e
commit 6cca20456e
parent 0fbfebe476
3 changed files with 261 additions and 45 deletions
--- a/2019/4xxx/CVE-2019-4160.json
+++ b/2019/4xxx/CVE-2019-4160.json
@ -1,18 +1,90 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-4160",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
-    "data_type": "CVE",
-    "data_version": "4.0",
-    "description": {
-        "description_data": [
+   "impact" : {
+      "cvssv3" : {
+         "BM" : {
+            "AC" : "H",
+            "C" : "H",
+            "A" : "N",
+            "UI" : "N",
+            "S" : "U",
+            "AV" : "N",
+            "PR" : "N",
+            "SCORE" : "5.900",
+            "I" : "N"
+         },
+         "TM" : {
+            "RL" : "O",
+            "E" : "U",
+            "RC" : "C"
+         }
+      }
+   },
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.  IBM X-Force ID:  158577."
+         }
+      ]
+   },
+   "data_version" : "4.0",
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "product" : {
+                  "product_data" : [
+                     {
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "3.0.0.2"
+                              }
+                           ]
+                        },
+                        "product_name" : "Security Guardium Data Encryption"
+                     }
+                  ]
+               },
+               "vendor_name" : "IBM"
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "name" : "https://www.ibm.com/support/pages/node/6403331",
+            "refsource" : "CONFIRM",
+            "url" : "https://www.ibm.com/support/pages/node/6403331",
+            "title" : "IBM Security Bulletin 6403331 (Security Guardium Data Encryption)"
+         },
+         {
+            "name" : "ibm-gde-cve20194160-info-disc (158577)",
+            "refsource" : "XF",
+            "title" : "X-Force Vulnerability Report",
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158577"
+         }
+      ]
+   },
+   "data_type" : "CVE",
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "value" : "Obtain Information",
+                  "lang" : "eng"
+               }
+            ]
+         }
+      ]
+   },
+   "data_format" : "MITRE",
+   "CVE_data_meta" : {
+      "ASSIGNER" : "psirt@us.ibm.com",
+      "STATE" : "PUBLIC",
+      "ID" : "CVE-2019-4160",
+      "DATE_PUBLIC" : "2021-01-12T00:00:00"
+   }
+}
--- a/2019/4xxx/CVE-2019-4687.json
+++ b/2019/4xxx/CVE-2019-4687.json
@ -1,18 +1,90 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-4687",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
-    "data_type": "CVE",
-    "data_version": "4.0",
-    "description": {
-        "description_data": [
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.  IBM X-Force ID:  171823."
+         }
+      ]
+   },
+   "data_version" : "4.0",
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "vendor_name" : "IBM",
+               "product" : {
+                  "product_data" : [
+                     {
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "3.0.0.2"
+                              }
+                           ]
+                        },
+                        "product_name" : "Security Guardium Data Encryption"
+                     }
+                  ]
+               }
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "impact" : {
+      "cvssv3" : {
+         "BM" : {
+            "A" : "N",
+            "AC" : "H",
+            "C" : "L",
+            "AV" : "N",
+            "I" : "N",
+            "PR" : "N",
+            "SCORE" : "3.700",
+            "UI" : "N",
+            "S" : "U"
+         },
+         "TM" : {
+            "RC" : "C",
+            "RL" : "O",
+            "E" : "U"
+         }
+      }
+   },
+   "data_type" : "CVE",
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "value" : "Obtain Information",
+                  "lang" : "eng"
+               }
+            ]
+         }
+      ]
+   },
+   "data_format" : "MITRE",
+   "CVE_data_meta" : {
+      "ASSIGNER" : "psirt@us.ibm.com",
+      "STATE" : "PUBLIC",
+      "DATE_PUBLIC" : "2021-01-12T00:00:00",
+      "ID" : "CVE-2019-4687"
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "refsource" : "CONFIRM",
+            "name" : "https://www.ibm.com/support/pages/node/6403331",
+            "url" : "https://www.ibm.com/support/pages/node/6403331",
+            "title" : "IBM Security Bulletin 6403331 (Security Guardium Data Encryption)"
+         },
+         {
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/171823",
+            "title" : "X-Force Vulnerability Report",
+            "name" : "ibm-gde-cve20194687-info-disc (171823)",
+            "refsource" : "XF"
+         }
+      ]
+   }
+}
--- a/2019/4xxx/CVE-2019-4702.json
+++ b/2019/4xxx/CVE-2019-4702.json
@ -1,18 +1,90 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-4702",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
-    "data_type": "CVE",
-    "data_version": "4.0",
-    "description": {
-        "description_data": [
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "vendor_name" : "IBM",
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "Security Guardium Data Encryption",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "3.0.0.2"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               }
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "description" : {
+      "description_data" : [
+         {
+            "value" : "IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.",
+            "lang" : "eng"
+         }
+      ]
+   },
+   "data_version" : "4.0",
+   "impact" : {
+      "cvssv3" : {
+         "BM" : {
+            "AV" : "N",
+            "PR" : "L",
+            "SCORE" : "4.200",
+            "I" : "L",
+            "UI" : "N",
+            "S" : "U",
+            "A" : "N",
+            "AC" : "H",
+            "C" : "L"
+         },
+         "TM" : {
+            "RC" : "C",
+            "E" : "U",
+            "RL" : "O"
+         }
+      }
+   },
+   "data_type" : "CVE",
+   "CVE_data_meta" : {
+      "ASSIGNER" : "psirt@us.ibm.com",
+      "DATE_PUBLIC" : "2021-01-12T00:00:00",
+      "STATE" : "PUBLIC",
+      "ID" : "CVE-2019-4702"
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "value" : "Gain Access",
+                  "lang" : "eng"
+               }
+            ]
+         }
+      ]
+   },
+   "data_format" : "MITRE",
+   "references" : {
+      "reference_data" : [
+         {
+            "title" : "IBM Security Bulletin 6403331 (Security Guardium Data Encryption)",
+            "url" : "https://www.ibm.com/support/pages/node/6403331",
+            "refsource" : "CONFIRM",
+            "name" : "https://www.ibm.com/support/pages/node/6403331"
+         },
+         {
+            "refsource" : "XF",
+            "name" : "ibm-gde-cve20194702-weak-security (171937)",
+            "title" : "X-Force Vulnerability Report",
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/171937"
+         }
+      ]
+   }
+}