admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-06-30 17:00:51 +00:00
parent 2d96b2de36
commit 6cef474c0b
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 734 additions and 729 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/1xxx/CVE-2020-1712.json
View File

@ -73,6 +73,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d",
"url": "https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220630 [SECURITY] [DLA 3063-1] systemd security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html"
}
]
},

178
2021/38xxx/CVE-2021-38941.json
View File

@ -1,93 +1,93 @@
{
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6599639",
"title" : "IBM Security Bulletin 6599639 (Cloud Pak for Multicloud Management Monitoring)",
"url" : "https://www.ibm.com/support/pages/node/6599639"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/211048",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-cpmm-cve202138941-priv-escalation (211048)",
"refsource" : "XF"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2021-38941",
"DATE_PUBLIC" : "2022-06-29T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Cloud Pak for Multicloud Management Monitoring",
"version" : {
"version_data" : [
{
"version_value" : "2.0"
},
{
"version_value" : "2.3.FixPack4"
}
]
}
}
]
},
"vendor_name" : "IBM"
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6599639",
"title": "IBM Security Bulletin 6599639 (Cloud Pak for Multicloud Management Monitoring)",
"url": "https://www.ibm.com/support/pages/node/6599639"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211048",
"title": "X-Force Vulnerability Report",
"name": "ibm-cpmm-cve202138941-priv-escalation (211048)",
"refsource": "XF"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2021-38941",
"DATE_PUBLIC": "2022-06-29T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak for Multicloud Management Monitoring",
"version": {
"version_data": [
{
"version_value": "2.0"
},
{
"version_value": "2.3.FixPack4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"PR" : "L",
"AV" : "N",
"S" : "U",
"C" : "N",
"AC" : "H",
"A" : "N",
"UI" : "N",
"I" : "H",
"SCORE" : "5.300"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"data_version": "4.0",
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"PR": "L",
"AV": "N",
"S": "U",
"C": "N",
"AC": "H",
"A": "N",
"UI": "N",
"I": "H",
"SCORE": "5.300"
}
}
},
"description": {
"description_data": [
{
"value": "IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048.",
"lang": "eng"
}
]
},
"data_format": "MITRE"
}

194
2021/38xxx/CVE-2021-38954.json
View File

@ -1,99 +1,99 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.1.1.0"
},
{
"version_value" : "6.0.3.5"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2021-38954",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2022-06-29T00:00:00"
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value": "6.0.0.0"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.1.1.0"
},
{
"version_value": "6.0.3.5"
}
]
}
}
]
}
}
]
}
]
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID: 211414.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"A" : "N",
"UI" : "N",
"SCORE" : "4.300",
"I" : "N",
"PR" : "L",
"AV" : "N",
"S" : "U",
"AC" : "L",
"C" : "L"
}
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6599607",
"name" : "https://www.ibm.com/support/pages/node/6599607",
"title" : "IBM Security Bulletin 6599607 (Sterling B2B Integrator)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/211414",
"name" : "ibm-sterling-cve202138954-info-disc (211414)",
"refsource" : "XF"
}
]
}
}
}
},
"CVE_data_meta": {
"ID": "CVE-2021-38954",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2022-06-29T00:00:00"
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID: 211414.",
"lang": "eng"
}
]
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"A": "N",
"UI": "N",
"SCORE": "4.300",
"I": "N",
"PR": "L",
"AV": "N",
"S": "U",
"AC": "L",
"C": "L"
}
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6599607",
"name": "https://www.ibm.com/support/pages/node/6599607",
"title": "IBM Security Bulletin 6599607 (Sterling B2B Integrator)"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211414",
"name": "ibm-sterling-cve202138954-info-disc (211414)",
"refsource": "XF"
}
]
}
}

188
2022/22xxx/CVE-2022-22472.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"DATE_PUBLIC" : "2022-06-29T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2022-22472"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Plus",
"version" : {
"version_data" : [
{
"version_value" : "10.1.5"
},
{
"version_value" : "10.1.7"
},
{
"version_value" : "10.1.10.2"
}
]
}
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
"CVE_data_meta": {
"DATE_PUBLIC": "2022-06-29T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2022-22472"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Plus",
"version": {
"version_data": [
{
"version_value": "10.1.5"
},
{
"version_value": "10.1.7"
},
{
"version_value": "10.1.10.2"
}
]
}
}
]
}
}
]
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"I" : "L",
"SCORE" : "6.000",
"UI" : "N",
"A" : "L",
"C" : "L",
"AC" : "H",
"S" : "C",
"AV" : "N",
"PR" : "L"
}
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the permissions of the IBM Spectrum Protect Plus user to the vulnerable Spectrum Protect Plus server software. IBM X-Force ID: 225340."
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6596907",
"title" : "IBM Security Bulletin 6596907 (Spectrum Protect Plus)",
"url" : "https://www.ibm.com/support/pages/node/6596907"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/225340",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-spectrum-cve202222472-priv-escalation (225340)",
"refsource" : "XF"
}
]
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"data_version": "4.0",
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"I": "L",
"SCORE": "6.000",
"UI": "N",
"A": "L",
"C": "L",
"AC": "H",
"S": "C",
"AV": "N",
"PR": "L"
}
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the permissions of the IBM Spectrum Protect Plus user to the vulnerable Spectrum Protect Plus server software. IBM X-Force ID: 225340."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6596907",
"title": "IBM Security Bulletin 6596907 (Spectrum Protect Plus)",
"url": "https://www.ibm.com/support/pages/node/6596907"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225340",
"title": "X-Force Vulnerability Report",
"name": "ibm-spectrum-cve202222472-priv-escalation (225340)",
"refsource": "XF"
}
]
}
}

180
2022/22xxx/CVE-2022-22474.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ID" : "CVE-2022-22474",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-06-29T00:00:00",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348."
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"ID": "CVE-2022-22474",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-29T00:00:00",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Client",
"version" : {
"version_data" : [
{
"version_value" : "8.1.0.0"
},
{
"version_value" : "8.1.14.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6596741",
"name" : "https://www.ibm.com/support/pages/node/6596741",
"title" : "IBM Security Bulletin 6596741 (Spectrum Protect Client)",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-spectrum-cve202222474-dos (225348)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/225348"
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"A" : "H",
"S" : "U",
"SCORE" : "5.900",
"AV" : "N",
"UI" : "N",
"AC" : "H",
"C" : "N",
"I" : "N",
"PR" : "N"
}
}
}
}
]
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348."
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Client",
"version": {
"version_data": [
{
"version_value": "8.1.0.0"
},
{
"version_value": "8.1.14.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6596741",
"name": "https://www.ibm.com/support/pages/node/6596741",
"title": "IBM Security Bulletin 6596741 (Spectrum Protect Client)",
"refsource": "CONFIRM"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-spectrum-cve202222474-dos (225348)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225348"
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"A": "H",
"S": "U",
"SCORE": "5.900",
"AV": "N",
"UI": "N",
"AC": "H",
"C": "N",
"I": "N",
"PR": "N"
}
}
}
}

180
2022/22xxx/CVE-2022-22478.json
View File

@ -1,93 +1,93 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "H",
"I" : "N",
"PR" : "N",
"AV" : "L",
"AC" : "L",
"UI" : "N",
"S" : "U",
"A" : "N",
"SCORE" : "6.200"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.1.0.0"
},
{
"version_value" : "8.1.14.0"
}
]
},
"product_name" : "Spectrum Protect Client"
}
]
}
"impact": {
"cvssv3": {
"BM": {
"C": "H",
"I": "N",
"PR": "N",
"AV": "L",
"AC": "L",
"UI": "N",
"S": "U",
"A": "N",
"SCORE": "6.200"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
]
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6596741",
"title" : "IBM Security Bulletin 6596741 (Spectrum Protect Client)",
"url" : "https://www.ibm.com/support/pages/node/6596741"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/225886",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-spectrum-cve202222478-info-disc (225886)"
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886."
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
}
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.1.0.0"
},
{
"version_value": "8.1.14.0"
}
]
},
"product_name": "Spectrum Protect Client"
}
]
}
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2022-22478",
"DATE_PUBLIC" : "2022-06-29T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
}
}
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6596741",
"title": "IBM Security Bulletin 6596741 (Spectrum Protect Client)",
"url": "https://www.ibm.com/support/pages/node/6596741"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225886",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-spectrum-cve202222478-info-disc (225886)"
}
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886."
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"CVE_data_meta": {
"ID": "CVE-2022-22478",
"DATE_PUBLIC": "2022-06-29T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
}
}

180
2022/22xxx/CVE-2022-22487.json
View File

@ -1,93 +1,93 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"S" : "U",
"A" : "N",
"SCORE" : "5.900",
"AV" : "N",
"AC" : "H",
"UI" : "N",
"PR" : "N",
"I" : "N",
"C" : "H"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Server",
"version" : {
"version_data" : [
{
"version_value" : "8.1.0.000"
},
{
"version_value" : "8.1.14"
}
]
}
}
]
}
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"S": "U",
"A": "N",
"SCORE": "5.900",
"AV": "N",
"AC": "H",
"UI": "N",
"PR": "N",
"I": "N",
"C": "H"
}
]
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6596881",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6596881 (Spectrum Protect Server)",
"name" : "https://www.ibm.com/support/pages/node/6596881"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/226326",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-spectrum-cve202222487-info-disc (226326)",
"refsource" : "XF"
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326."
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
}
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Server",
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.14"
}
]
}
}
]
}
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2022-22487",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2022-06-29T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
}
}
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6596881",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6596881 (Spectrum Protect Server)",
"name": "https://www.ibm.com/support/pages/node/6596881"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226326",
"title": "X-Force Vulnerability Report",
"name": "ibm-spectrum-cve202222487-info-disc (226326)",
"refsource": "XF"
}
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326."
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"ID": "CVE-2022-22487",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2022-06-29T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
}
}

178
2022/22xxx/CVE-2022-22494.json
View File

@ -1,93 +1,93 @@
{
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6596883 (Spectrum Protect Operations Center)",
"name" : "https://www.ibm.com/support/pages/node/6596883",
"url" : "https://www.ibm.com/support/pages/node/6596883",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"name" : "ibm-spectrum-cve202222494-info-disc (226940)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/226940",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"PR" : "N",
"AV" : "N",
"S" : "U",
"AC" : "H",
"C" : "L",
"A" : "N",
"UI" : "N",
"SCORE" : "3.700",
"I" : "N"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.1.0.000"
},
{
"version_value" : "8.1.14"
}
]
},
"product_name" : "Spectrum Protect Operations Center"
}
]
},
"vendor_name" : "IBM"
"title": "IBM Security Bulletin 6596883 (Spectrum Protect Operations Center)",
"name": "https://www.ibm.com/support/pages/node/6596883",
"url": "https://www.ibm.com/support/pages/node/6596883",
"refsource": "CONFIRM"
},
{
"refsource": "XF",
"name": "ibm-spectrum-cve202222494-info-disc (226940)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226940",
"title": "X-Force Vulnerability Report"
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2022-06-29T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2022-22494"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
},
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940.",
"lang": "eng"
}
]
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"PR": "N",
"AV": "N",
"S": "U",
"AC": "H",
"C": "L",
"A": "N",
"UI": "N",
"SCORE": "3.700",
"I": "N"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.14"
}
]
},
"product_name": "Spectrum Protect Operations Center"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_version" : "4.0"
}
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2022-06-29T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2022-22494"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_version": "4.0"
}

180
2022/22xxx/CVE-2022-22496.json
View File

@ -1,93 +1,93 @@
{
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2022-06-29T00:00:00",
"ID" : "CVE-2022-22496"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"A" : "N",
"S" : "U",
"SCORE" : "5.300",
"C" : "H",
"PR" : "N",
"I" : "N",
"AV" : "A",
"UI" : "N",
"AC" : "H"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6596881",
"name" : "https://www.ibm.com/support/pages/node/6596881",
"title" : "IBM Security Bulletin 6596881 (Spectrum Protect Server)",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/226942",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-spectrum-cve202222496-info-disc (226942)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2022-06-29T00:00:00",
"ID": "CVE-2022-22496"
},
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Server",
"version" : {
"version_data" : [
{
"version_value" : "8.1.0.000"
},
{
"version_value" : "8.1.14"
}
]
}
}
]
}
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
}
}
]
},
"description": {
"description_data": [
{
"value": "While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942.",
"lang": "eng"
}
]
},
"data_version": "4.0",
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"A": "N",
"S": "U",
"SCORE": "5.300",
"C": "H",
"PR": "N",
"I": "N",
"AV": "A",
"UI": "N",
"AC": "H"
}
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6596881",
"name": "https://www.ibm.com/support/pages/node/6596881",
"title": "IBM Security Bulletin 6596881 (Spectrum Protect Server)",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226942",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-spectrum-cve202222496-info-disc (226942)"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Server",
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.14"
}
]
}
}
]
}
}
]
}
}
}