From 71f71a403bc3c2475ec84c8fa1e284a4a38d7d88 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Dec 2021 19:01:17 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/4xxx/CVE-2020-4496.json | 178 +++++++++++++++---------------- 2021/31xxx/CVE-2021-31924.json | 5 + 2021/32xxx/CVE-2021-32024.json | 50 ++++++++- 2021/38xxx/CVE-2021-38901.json | 174 +++++++++++++++--------------- 2021/39xxx/CVE-2021-39048.json | 180 +++++++++++++++---------------- 2021/39xxx/CVE-2021-39049.json | 186 ++++++++++++++++---------------- 2021/39xxx/CVE-2021-39050.json | 188 ++++++++++++++++----------------- 2021/39xxx/CVE-2021-39057.json | 178 +++++++++++++++---------------- 2021/39xxx/CVE-2021-39063.json | 178 +++++++++++++++---------------- 2021/45xxx/CVE-2021-45039.json | 18 ++++ 2021/45xxx/CVE-2021-45040.json | 18 ++++ 11 files changed, 719 insertions(+), 634 deletions(-) create mode 100644 2021/45xxx/CVE-2021-45039.json create mode 100644 2021/45xxx/CVE-2021-45040.json diff --git a/2020/4xxx/CVE-2020-4496.json b/2020/4xxx/CVE-2020-4496.json index 4a9e78addb4..d1833953439 100644 --- a/2020/4xxx/CVE-2020-4496.json +++ b/2020/4xxx/CVE-2020-4496.json @@ -1,93 +1,93 @@ { - "description" : { - "description_data" : [ - { - "value" : "The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.", - "lang" : "eng" - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2021-12-10T00:00:00", - "ID" : "CVE-2020-4496", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0.0" - }, - { - "version_value" : "10.1.8.0" - } - ] - }, - "product_name" : "Spectrum Protect Plus" - } - ] - } + "value": "The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.", + "lang": "eng" } - ] - } - }, - "data_type" : "CVE", - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6525346", - "url" : "https://www.ibm.com/support/pages/node/6525346", - "title" : "IBM Security Bulletin 6525346 (Spectrum Protect Plus)" - }, - { - "refsource" : "XF", - "name" : "ibm-spectrum-cve20204496-info-disc (182046)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/182046", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "H", - "I" : "N", - "UI" : "N", - "AV" : "N", - "AC" : "H", - "S" : "C", - "PR" : "N", - "A" : "N", - "SCORE" : "6.800" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-12-10T00:00:00", + "ID": "CVE-2020-4496", + "ASSIGNER": "psirt@us.ibm.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.1.0.0" + }, + { + "version_value": "10.1.8.0" + } + ] + }, + "product_name": "Spectrum Protect Plus" + } + ] + } + } ] - } - ] - } -} + } + }, + "data_type": "CVE", + "data_version": "4.0", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6525346", + "url": "https://www.ibm.com/support/pages/node/6525346", + "title": "IBM Security Bulletin 6525346 (Spectrum Protect Plus)" + }, + { + "refsource": "XF", + "name": "ibm-spectrum-cve20204496-info-disc (182046)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182046", + "title": "X-Force Vulnerability Report" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "C": "H", + "I": "N", + "UI": "N", + "AV": "N", + "AC": "H", + "S": "C", + "PR": "N", + "A": "N", + "SCORE": "6.800" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31924.json b/2021/31xxx/CVE-2021-31924.json index 4a8f83b26b7..6f3924d3e10 100644 --- a/2021/31xxx/CVE-2021-31924.json +++ b/2021/31xxx/CVE-2021-31924.json @@ -61,6 +61,11 @@ "url": "https://developers.yubico.com/pam-u2f/", "refsource": "MISC", "name": "https://developers.yubico.com/pam-u2f/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-a52d48b1c2", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRBVOZEMVO72FV4Z5O4GBGSURXHWRGD3/" } ] } diff --git a/2021/32xxx/CVE-2021-32024.json b/2021/32xxx/CVE-2021-32024.json index e1404655ed0..e28a5db24d0 100644 --- a/2021/32xxx/CVE-2021-32024.json +++ b/2021/32xxx/CVE-2021-32024.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32024", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@blackberry.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BlackBerry QNX Software Development Platform (SDP)", + "version": { + "version_data": [ + { + "version_value": "QNX SDP 6.4 to 7.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042", + "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process." } ] } diff --git a/2021/38xxx/CVE-2021-38901.json b/2021/38xxx/CVE-2021-38901.json index b65d50b9d1d..9ede99843da 100644 --- a/2021/38xxx/CVE-2021-38901.json +++ b/2021/38xxx/CVE-2021-38901.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6524924 (Spectrum Protect Operations Center)", - "url" : "https://www.ibm.com/support/pages/node/6524924", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6524924" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-spectrum-cve202138901-info-disc (209610)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/209610" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "H", - "A" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "5.100", - "C" : "H", - "I" : "N", - "AV" : "L", - "UI" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.1" - } - ] - }, - "product_name" : "Spectrum Protect Operations Center" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] } - ] - } - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610.", - "lang" : "eng" - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-38901", - "DATE_PUBLIC" : "2021-12-10T00:00:00", - "STATE" : "PUBLIC" - } -} + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6524924 (Spectrum Protect Operations Center)", + "url": "https://www.ibm.com/support/pages/node/6524924", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6524924" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-spectrum-cve202138901-info-disc (209610)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209610" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AC": "H", + "A": "N", + "PR": "N", + "S": "U", + "SCORE": "5.100", + "C": "H", + "I": "N", + "AV": "L", + "UI": "N" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.1" + } + ] + }, + "product_name": "Spectrum Protect Operations Center" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "value": "IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610.", + "lang": "eng" + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-38901", + "DATE_PUBLIC": "2021-12-10T00:00:00", + "STATE": "PUBLIC" + } +} \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39048.json b/2021/39xxx/CVE-2021-39048.json index c7a251744e1..f3d773888ef 100644 --- a/2021/39xxx/CVE-2021-39048.json +++ b/2021/39xxx/CVE-2021-39048.json @@ -1,93 +1,93 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } - ] - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6524706 (Spectrum Protect)", - "name" : "https://www.ibm.com/support/pages/node/6524706", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6524706" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/214438", - "name" : "ibm-spectrum-cve202139048-bo (214438)", - "refsource" : "XF" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "UI" : "N", - "AV" : "L", - "C" : "N", - "I" : "N", - "S" : "U", - "PR" : "N", - "A" : "H", - "SCORE" : "6.200", - "AC" : "L" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.1" - }, - { - "version_value" : "8.1" - } - ] - }, - "product_name" : "Spectrum Protect" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] } - ] - } - }, - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438.", - "lang" : "eng" - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2021-39048", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2021-12-10T00:00:00" - } -} + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6524706 (Spectrum Protect)", + "name": "https://www.ibm.com/support/pages/node/6524706", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6524706" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214438", + "name": "ibm-spectrum-cve202139048-bo (214438)", + "refsource": "XF" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "UI": "N", + "AV": "L", + "C": "N", + "I": "N", + "S": "U", + "PR": "N", + "A": "H", + "SCORE": "6.200", + "AC": "L" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.1" + }, + { + "version_value": "8.1" + } + ] + }, + "product_name": "Spectrum Protect" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "value": "IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438.", + "lang": "eng" + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2021-39048", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-12-10T00:00:00" + } +} \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39049.json b/2021/39xxx/CVE-2021-39049.json index 79cf75b90fb..c83ea97a6dc 100644 --- a/2021/39xxx/CVE-2021-39049.json +++ b/2021/39xxx/CVE-2021-39049.json @@ -1,96 +1,96 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439." - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-39049", - "DATE_PUBLIC" : "2021-12-10T00:00:00", - "STATE" : "PUBLIC" - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "i2 Analyst's Notebook", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0" - }, - { - "version_value" : "9.2.1" - }, - { - "version_value" : "9.2.2" - } - ] - } - } - ] - } + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] } - ] - } - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6525256 (i2 Analyst's Notebook)", - "url" : "https://www.ibm.com/support/pages/node/6525256", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6525256" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/214439", - "name" : "ibm-i2-cve202139049-bo (214439)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "AC" : "L", - "A" : "L", - "PR" : "N", - "S" : "U", - "SCORE" : "5.300", - "C" : "L", - "I" : "L", - "AV" : "L", - "UI" : "R" - } - } - }, - "data_format" : "MITRE" -} + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439." + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-39049", + "DATE_PUBLIC": "2021-12-10T00:00:00", + "STATE": "PUBLIC" + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "i2 Analyst's Notebook", + "version": { + "version_data": [ + { + "version_value": "9.2.0" + }, + { + "version_value": "9.2.1" + }, + { + "version_value": "9.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6525256 (i2 Analyst's Notebook)", + "url": "https://www.ibm.com/support/pages/node/6525256", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6525256" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214439", + "name": "ibm-i2-cve202139049-bo (214439)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "AC": "L", + "A": "L", + "PR": "N", + "S": "U", + "SCORE": "5.300", + "C": "L", + "I": "L", + "AV": "L", + "UI": "R" + } + } + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39050.json b/2021/39xxx/CVE-2021-39050.json index a06bde3ae76..76385c55f91 100644 --- a/2021/39xxx/CVE-2021-39050.json +++ b/2021/39xxx/CVE-2021-39050.json @@ -1,96 +1,96 @@ { - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0" - }, - { - "version_value" : "9.2.1" - }, - { - "version_value" : "9.2.2" - } - ] - }, - "product_name" : "i2 Analyst's Notebook" - } - ] - } - } - ] - } - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-12-10T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-39050" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214440." - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6525258", - "name" : "https://www.ibm.com/support/pages/node/6525258", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6525258 (i2 Analyst's Notebook)" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-i2-cve202139050-bo (214440)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/214440" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "A" : "L", - "S" : "U", - "PR" : "N", - "SCORE" : "5.300", - "C" : "L", - "I" : "L", - "AV" : "L", - "UI" : "R" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "9.2.0" + }, + { + "version_value": "9.2.1" + }, + { + "version_value": "9.2.2" + } + ] + }, + "product_name": "i2 Analyst's Notebook" + } + ] + } + } ] - } - ] - } -} + } + }, + "data_version": "4.0", + "CVE_data_meta": { + "DATE_PUBLIC": "2021-12-10T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-39050" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214440." + } + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6525258", + "name": "https://www.ibm.com/support/pages/node/6525258", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6525258 (i2 Analyst's Notebook)" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-i2-cve202139050-bo (214440)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214440" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AC": "L", + "A": "L", + "S": "U", + "PR": "N", + "SCORE": "5.300", + "C": "L", + "I": "L", + "AV": "L", + "UI": "R" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39057.json b/2021/39xxx/CVE-2021-39057.json index 8be6b80f85c..242af700548 100644 --- a/2021/39xxx/CVE-2021-39057.json +++ b/2021/39xxx/CVE-2021-39057.json @@ -1,93 +1,93 @@ { - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6525346 (Spectrum Protect Plus)", - "url" : "https://www.ibm.com/support/pages/node/6525346", - "name" : "https://www.ibm.com/support/pages/node/6525346", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/214616", - "name" : "ibm-spectrum-cve202139057-ssrf (214616)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "UI" : "N", - "C" : "L", - "I" : "L", - "A" : "N", - "S" : "U", - "PR" : "L", - "SCORE" : "4.200", - "AC" : "H" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Spectrum Protect Plus", - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0.0" - }, - { - "version_value" : "10.1.8.0" - } - ] - } - } - ] - } + "title": "IBM Security Bulletin 6525346 (Spectrum Protect Plus)", + "url": "https://www.ibm.com/support/pages/node/6525346", + "name": "https://www.ibm.com/support/pages/node/6525346", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214616", + "name": "ibm-spectrum-cve202139057-ssrf (214616)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" } - ] - } - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-39057", - "DATE_PUBLIC" : "2021-12-10T00:00:00", - "STATE" : "PUBLIC" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616.", - "lang" : "eng" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "UI": "N", + "C": "L", + "I": "L", + "A": "N", + "S": "U", + "PR": "L", + "SCORE": "4.200", + "AC": "H" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Spectrum Protect Plus", + "version": { + "version_data": [ + { + "version_value": "10.1.0.0" + }, + { + "version_value": "10.1.8.0" + } + ] + } + } + ] + } + } ] - } - ] - } -} + } + }, + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-39057", + "DATE_PUBLIC": "2021-12-10T00:00:00", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "value": "IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616.", + "lang": "eng" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39063.json b/2021/39xxx/CVE-2021-39063.json index 725e85d0ecd..cf79b290520 100644 --- a/2021/39xxx/CVE-2021-39063.json +++ b/2021/39xxx/CVE-2021-39063.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ID" : "CVE-2021-39063", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2021-12-10T00:00:00" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ID": "CVE-2021-39063", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-12-10T00:00:00" + }, + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Spectrum Protect Plus", - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0.0" - }, - { - "version_value" : "10.1.8.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "value": "IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956.", + "lang": "eng" } - ] - } - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6525346", - "name" : "https://www.ibm.com/support/pages/node/6525346", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6525346 (Spectrum Protect Plus)" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/214956", - "refsource" : "XF", - "name" : "ibm-spectrum-cve202139063-cors (214956)" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "UI" : "N", - "C" : "L", - "I" : "L", - "A" : "N", - "S" : "U", - "PR" : "N", - "SCORE" : "6.500", - "AC" : "L" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spectrum Protect Plus", + "version": { + "version_data": [ + { + "version_value": "10.1.0.0" + }, + { + "version_value": "10.1.8.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - } -} + } + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6525346", + "name": "https://www.ibm.com/support/pages/node/6525346", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6525346 (Spectrum Protect Plus)" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214956", + "refsource": "XF", + "name": "ibm-spectrum-cve202139063-cors (214956)" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "UI": "N", + "C": "L", + "I": "L", + "A": "N", + "S": "U", + "PR": "N", + "SCORE": "6.500", + "AC": "L" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2021/45xxx/CVE-2021-45039.json b/2021/45xxx/CVE-2021-45039.json new file mode 100644 index 00000000000..64a7f74f0d7 --- /dev/null +++ b/2021/45xxx/CVE-2021-45039.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-45039", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/45xxx/CVE-2021-45040.json b/2021/45xxx/CVE-2021-45040.json new file mode 100644 index 00000000000..91468c93d09 --- /dev/null +++ b/2021/45xxx/CVE-2021-45040.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-45040", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file