diff --git a/2013/4xxx/CVE-2013-4658.json b/2013/4xxx/CVE-2013-4658.json index 45c43f3cea9..953a52d073a 100644 --- a/2013/4xxx/CVE-2013-4658.json +++ b/2013/4xxx/CVE-2013-4658.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4658", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ise.io/casestudies/exploiting-soho-routers/", + "refsource": "MISC", + "name": "https://www.ise.io/casestudies/exploiting-soho-routers/" + }, + { + "url": "https://www.ise.io/soho_service_hacks/", + "refsource": "MISC", + "name": "https://www.ise.io/soho_service_hacks/" + }, + { + "refsource": "MISC", + "name": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", + "url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf" } ] } diff --git a/2013/4xxx/CVE-2013-4848.json b/2013/4xxx/CVE-2013-4848.json index e2a76e3f7a1..76e72fa2793 100644 --- a/2013/4xxx/CVE-2013-4848.json +++ b/2013/4xxx/CVE-2013-4848.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4848", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ise.io/casestudies/exploiting-soho-routers/", + "refsource": "MISC", + "name": "https://www.ise.io/casestudies/exploiting-soho-routers/" + }, + { + "url": "https://www.ise.io/soho_service_hacks/", + "refsource": "MISC", + "name": "https://www.ise.io/soho_service_hacks/" + }, + { + "refsource": "MISC", + "name": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", + "url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/62884/info", + "url": "https://www.securityfocus.com/bid/62884/info" + }, + { + "refsource": "MISC", + "name": "https://vuldb.com/?id.10495", + "url": "https://vuldb.com/?id.10495" } ] } diff --git a/2019/14xxx/CVE-2019-14451.json b/2019/14xxx/CVE-2019-14451.json new file mode 100644 index 00000000000..9aeda5f9393 --- /dev/null +++ b/2019/14xxx/CVE-2019-14451.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an \"external command\" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.repetier-server.com/manuals/0.91/index.html", + "refsource": "MISC", + "name": "https://www.repetier-server.com/manuals/0.91/index.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.repetier-server.com/knowledgebase/security-advisory/", + "url": "https://www.repetier-server.com/knowledgebase/security-advisory/" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16265.json b/2019/16xxx/CVE-2019-16265.json new file mode 100644 index 00000000000..caf7b680408 --- /dev/null +++ b/2019/16xxx/CVE-2019-16265.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "3S-Smart CODESYS V2.3 ENI server V3.2.2.23 has a Buffer Overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.codesys.com", + "refsource": "MISC", + "name": "https://www.codesys.com" + }, + { + "refsource": "CONFIRM", + "name": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-09_LCDS-319.pdf", + "url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-09_LCDS-319.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4036.json b/2019/4xxx/CVE-2019-4036.json index 7fc3f1687d6..5172fbef791 100644 --- a/2019/4xxx/CVE-2019-4036.json +++ b/2019/4xxx/CVE-2019-4036.json @@ -1,90 +1,90 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Access Manager", - "version" : { - "version_data" : [ - { - "version_value" : " " - } - ] - } - } - ] - } - } - ] - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2019-4036", - "DATE_PUBLIC" : "2019-09-09T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "C" : "N", - "UI" : "N", - "A" : "H", - "PR" : "N", - "AV" : "N", - "SCORE" : "7.500", - "AC" : "L", - "I" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Access Manager", + "version": { + "version_data": [ + { + "version_value": " " + } + ] + } + } + ] + } + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/1072704", - "title" : "IBM Security Bulletin 1072704 (Security Access Manager)", - "url" : "https://www.ibm.com/support/pages/node/1072704" - }, - { - "refsource" : "XF", - "name" : "ibm-sam-cve20194036-dos (156159)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/156159" - } - ] - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0" -} + } + }, + "CVE_data_meta": { + "ID": "CVE-2019-4036", + "DATE_PUBLIC": "2019-09-09T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "C": "N", + "UI": "N", + "A": "H", + "PR": "N", + "AV": "N", + "SCORE": "7.500", + "AC": "L", + "I": "N" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1072704", + "title": "IBM Security Bulletin 1072704 (Security Access Manager)", + "url": "https://www.ibm.com/support/pages/node/1072704" + }, + { + "refsource": "XF", + "name": "ibm-sam-cve20194036-dos (156159)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156159" + } + ] + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "value": "IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.", + "lang": "eng" + } + ] + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4394.json b/2019/4xxx/CVE-2019-4394.json index 5296aa52372..bdc1fbc2e81 100644 --- a/2019/4xxx/CVE-2019-4394.json +++ b/2019/4xxx/CVE-2019-4394.json @@ -1,135 +1,135 @@ { - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "AV" : "L", - "SCORE" : "2.300", - "AC" : "L", - "I" : "L", - "PR" : "H", - "A" : "N", - "UI" : "N", - "S" : "U", - "C" : "N" - } - } - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Orchestrator", - "version" : { - "version_data" : [ - { - "version_value" : "2.4" - }, - { - "version_value" : "2.4.0.1" - }, - { - "version_value" : "2.4.0.2" - }, - { - "version_value" : "2.5" - }, - { - "version_value" : "2.5.0.1" - }, - { - "version_value" : "2.4.0.3" - }, - { - "version_value" : "2.5.0.2" - }, - { - "version_value" : "2.4.0.4" - }, - { - "version_value" : "2.5.0.3" - }, - { - "version_value" : "2.5.0.4" - }, - { - "version_value" : "2.4.0.5" - }, - { - "version_value" : "2.5.0.5" - }, - { - "version_value" : "2.5.0.6" - }, - { - "version_value" : "2.5.0.7" - }, - { - "version_value" : "2.5.0.8" - }, - { - "version_value" : "2.5.0.9" - } - ] - } - } - ] - } + "value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232.", + "lang": "eng" } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-10-23T00:00:00", - "ID" : "CVE-2019-4394" - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/1097301", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/1097301", - "title" : "IBM Security Bulletin 1097301 (Cloud Orchestrator)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162232", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-co-cve20194394-sec-bypass (162232)", - "refsource" : "XF" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Bypass Security" - } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "AV": "L", + "SCORE": "2.300", + "AC": "L", + "I": "L", + "PR": "H", + "A": "N", + "UI": "N", + "S": "U", + "C": "N" + } + } + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cloud Orchestrator", + "version": { + "version_data": [ + { + "version_value": "2.4" + }, + { + "version_value": "2.4.0.1" + }, + { + "version_value": "2.4.0.2" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.5.0.1" + }, + { + "version_value": "2.4.0.3" + }, + { + "version_value": "2.5.0.2" + }, + { + "version_value": "2.4.0.4" + }, + { + "version_value": "2.5.0.3" + }, + { + "version_value": "2.5.0.4" + }, + { + "version_value": "2.4.0.5" + }, + { + "version_value": "2.5.0.5" + }, + { + "version_value": "2.5.0.6" + }, + { + "version_value": "2.5.0.7" + }, + { + "version_value": "2.5.0.8" + }, + { + "version_value": "2.5.0.9" + } + ] + } + } + ] + } + } ] - } - ] - } -} + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-10-23T00:00:00", + "ID": "CVE-2019-4394" + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1097301", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1097301", + "title": "IBM Security Bulletin 1097301 (Cloud Orchestrator)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162232", + "title": "X-Force Vulnerability Report", + "name": "ibm-co-cve20194394-sec-bypass (162232)", + "refsource": "XF" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Bypass Security" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4395.json b/2019/4xxx/CVE-2019-4395.json index 7c7e54eea92..b084d366a26 100644 --- a/2019/4xxx/CVE-2019-4395.json +++ b/2019/4xxx/CVE-2019-4395.json @@ -1,135 +1,135 @@ { - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333." - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/1097175", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/1097175", - "title" : "IBM Security Bulletin 1097175 (Cloud Orchestrator)" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-co-cve20194395-info-disc (162233)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162233" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "C" : "L", - "A" : "N", - "UI" : "N", - "AC" : "L", - "SCORE" : "4.000", - "I" : "N", - "AV" : "L", - "PR" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.4" - }, - { - "version_value" : "2.4.0.1" - }, - { - "version_value" : "2.4.0.2" - }, - { - "version_value" : "2.5" - }, - { - "version_value" : "2.5.0.1" - }, - { - "version_value" : "2.4.0.3" - }, - { - "version_value" : "2.5.0.2" - }, - { - "version_value" : "2.4.0.4" - }, - { - "version_value" : "2.5.0.3" - }, - { - "version_value" : "2.5.0.4" - }, - { - "version_value" : "2.4.0.5" - }, - { - "version_value" : "2.5.0.5" - }, - { - "version_value" : "2.5.0.6" - }, - { - "version_value" : "2.5.0.7" - }, - { - "version_value" : "2.5.0.8" - }, - { - "version_value" : "2.5.0.9" - } - ] - }, - "product_name" : "Cloud Orchestrator" - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333." } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-10-23T00:00:00", - "ID" : "CVE-2019-4395" - } -} + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1097175", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1097175", + "title": "IBM Security Bulletin 1097175 (Cloud Orchestrator)" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-co-cve20194395-info-disc (162233)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162233" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "C": "L", + "A": "N", + "UI": "N", + "AC": "L", + "SCORE": "4.000", + "I": "N", + "AV": "L", + "PR": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.4" + }, + { + "version_value": "2.4.0.1" + }, + { + "version_value": "2.4.0.2" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.5.0.1" + }, + { + "version_value": "2.4.0.3" + }, + { + "version_value": "2.5.0.2" + }, + { + "version_value": "2.4.0.4" + }, + { + "version_value": "2.5.0.3" + }, + { + "version_value": "2.5.0.4" + }, + { + "version_value": "2.4.0.5" + }, + { + "version_value": "2.5.0.5" + }, + { + "version_value": "2.5.0.6" + }, + { + "version_value": "2.5.0.7" + }, + { + "version_value": "2.5.0.8" + }, + { + "version_value": "2.5.0.9" + } + ] + }, + "product_name": "Cloud Orchestrator" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-10-23T00:00:00", + "ID": "CVE-2019-4395" + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4396.json b/2019/4xxx/CVE-2019-4396.json index e5a80961d86..7d607d506c3 100644 --- a/2019/4xxx/CVE-2019-4396.json +++ b/2019/4xxx/CVE-2019-4396.json @@ -1,135 +1,135 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/1096354", - "name" : "https://www.ibm.com/support/pages/node/1096354", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 1096354 (Cloud Orchestrator)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162236", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-co-cve20194396-http-response (162236)" - } - ] - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.4" - }, - { - "version_value" : "2.4.0.1" - }, - { - "version_value" : "2.4.0.2" - }, - { - "version_value" : "2.5" - }, - { - "version_value" : "2.5.0.1" - }, - { - "version_value" : "2.4.0.3" - }, - { - "version_value" : "2.5.0.2" - }, - { - "version_value" : "2.4.0.4" - }, - { - "version_value" : "2.5.0.3" - }, - { - "version_value" : "2.5.0.4" - }, - { - "version_value" : "2.4.0.5" - }, - { - "version_value" : "2.5.0.5" - }, - { - "version_value" : "2.5.0.6" - }, - { - "version_value" : "2.5.0.7" - }, - { - "version_value" : "2.5.0.8" - }, - { - "version_value" : "2.5.0.9" - } - ] - }, - "product_name" : "Cloud Orchestrator" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] } - ] - } - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2019-10-23T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4396" - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "SCORE" : "5.400", - "AC" : "L", - "I" : "L", - "PR" : "L", - "A" : "N", - "UI" : "R", - "C" : "L", - "S" : "C" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0" -} + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1096354", + "name": "https://www.ibm.com/support/pages/node/1096354", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1096354 (Cloud Orchestrator)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162236", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-co-cve20194396-http-response (162236)" + } + ] + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.4" + }, + { + "version_value": "2.4.0.1" + }, + { + "version_value": "2.4.0.2" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.5.0.1" + }, + { + "version_value": "2.4.0.3" + }, + { + "version_value": "2.5.0.2" + }, + { + "version_value": "2.4.0.4" + }, + { + "version_value": "2.5.0.3" + }, + { + "version_value": "2.5.0.4" + }, + { + "version_value": "2.4.0.5" + }, + { + "version_value": "2.5.0.5" + }, + { + "version_value": "2.5.0.6" + }, + { + "version_value": "2.5.0.7" + }, + { + "version_value": "2.5.0.8" + }, + { + "version_value": "2.5.0.9" + } + ] + }, + "product_name": "Cloud Orchestrator" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2019-10-23T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4396" + }, + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "SCORE": "5.400", + "AC": "L", + "I": "L", + "PR": "L", + "A": "N", + "UI": "R", + "C": "L", + "S": "C" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "data_type": "CVE", + "description": { + "description_data": [ + { + "value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236.", + "lang": "eng" + } + ] + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4399.json b/2019/4xxx/CVE-2019-4399.json index 50a0473aa17..af50950d2e0 100644 --- a/2019/4xxx/CVE-2019-4399.json +++ b/2019/4xxx/CVE-2019-4399.json @@ -1,135 +1,135 @@ { - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260.", - "lang" : "eng" - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/1097307", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 1097307 (Cloud Orchestrator)", - "url" : "https://www.ibm.com/support/pages/node/1097307" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162260", - "name" : "ibm-co-cve20194399-info-disc (162260)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "I" : "N", - "SCORE" : "5.900", - "AV" : "N", - "AC" : "H", - "PR" : "N", - "S" : "U", - "C" : "H", - "A" : "N", - "UI" : "N" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Orchestrator", - "version" : { - "version_data" : [ - { - "version_value" : "2.4" - }, - { - "version_value" : "2.4.0.1" - }, - { - "version_value" : "2.4.0.2" - }, - { - "version_value" : "2.5" - }, - { - "version_value" : "2.5.0.1" - }, - { - "version_value" : "2.4.0.3" - }, - { - "version_value" : "2.5.0.2" - }, - { - "version_value" : "2.4.0.4" - }, - { - "version_value" : "2.5.0.3" - }, - { - "version_value" : "2.5.0.4" - }, - { - "version_value" : "2.4.0.5" - }, - { - "version_value" : "2.5.0.5" - }, - { - "version_value" : "2.5.0.6" - }, - { - "version_value" : "2.5.0.7" - }, - { - "version_value" : "2.5.0.8" - }, - { - "version_value" : "2.5.0.9" - } - ] - } - } - ] - } + "value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260.", + "lang": "eng" } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-10-23T00:00:00", - "ID" : "CVE-2019-4399" - } -} + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/1097307", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1097307 (Cloud Orchestrator)", + "url": "https://www.ibm.com/support/pages/node/1097307" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162260", + "name": "ibm-co-cve20194399-info-disc (162260)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "I": "N", + "SCORE": "5.900", + "AV": "N", + "AC": "H", + "PR": "N", + "S": "U", + "C": "H", + "A": "N", + "UI": "N" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cloud Orchestrator", + "version": { + "version_data": [ + { + "version_value": "2.4" + }, + { + "version_value": "2.4.0.1" + }, + { + "version_value": "2.4.0.2" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.5.0.1" + }, + { + "version_value": "2.4.0.3" + }, + { + "version_value": "2.5.0.2" + }, + { + "version_value": "2.4.0.4" + }, + { + "version_value": "2.5.0.3" + }, + { + "version_value": "2.5.0.4" + }, + { + "version_value": "2.4.0.5" + }, + { + "version_value": "2.5.0.5" + }, + { + "version_value": "2.5.0.6" + }, + { + "version_value": "2.5.0.7" + }, + { + "version_value": "2.5.0.8" + }, + { + "version_value": "2.5.0.9" + } + ] + } + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-10-23T00:00:00", + "ID": "CVE-2019-4399" + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4400.json b/2019/4xxx/CVE-2019-4400.json index a53967de840..5ca8db99e5d 100644 --- a/2019/4xxx/CVE-2019-4400.json +++ b/2019/4xxx/CVE-2019-4400.json @@ -1,135 +1,135 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/1077129", - "title" : "IBM Security Bulletin 1077129 (Cloud Orchestrator)", - "name" : "https://www.ibm.com/support/pages/node/1077129", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162261", - "name" : "ibm-co-cve20194400-info-disc (162261)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Orchestrator", - "version" : { - "version_data" : [ - { - "version_value" : "2.4" - }, - { - "version_value" : "2.4.0.1" - }, - { - "version_value" : "2.4.0.2" - }, - { - "version_value" : "2.5" - }, - { - "version_value" : "2.5.0.1" - }, - { - "version_value" : "2.4.0.3" - }, - { - "version_value" : "2.5.0.2" - }, - { - "version_value" : "2.4.0.4" - }, - { - "version_value" : "2.5.0.3" - }, - { - "version_value" : "2.5.0.4" - }, - { - "version_value" : "2.4.0.5" - }, - { - "version_value" : "2.5.0.5" - }, - { - "version_value" : "2.5.0.6" - }, - { - "version_value" : "2.5.0.7" - }, - { - "version_value" : "2.5.0.8" - }, - { - "version_value" : "2.5.0.9" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-10-23T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4400" - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "SCORE" : "4.300", - "AC" : "L", - "AV" : "N", - "I" : "N", - "PR" : "L", - "C" : "L", - "S" : "U", - "A" : "N", - "UI" : "N" - } - } - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162261." - } - ] - } -} + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1077129", + "title": "IBM Security Bulletin 1077129 (Cloud Orchestrator)", + "name": "https://www.ibm.com/support/pages/node/1077129", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162261", + "name": "ibm-co-cve20194400-info-disc (162261)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Orchestrator", + "version": { + "version_data": [ + { + "version_value": "2.4" + }, + { + "version_value": "2.4.0.1" + }, + { + "version_value": "2.4.0.2" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.5.0.1" + }, + { + "version_value": "2.4.0.3" + }, + { + "version_value": "2.5.0.2" + }, + { + "version_value": "2.4.0.4" + }, + { + "version_value": "2.5.0.3" + }, + { + "version_value": "2.5.0.4" + }, + { + "version_value": "2.4.0.5" + }, + { + "version_value": "2.5.0.5" + }, + { + "version_value": "2.5.0.6" + }, + { + "version_value": "2.5.0.7" + }, + { + "version_value": "2.5.0.8" + }, + { + "version_value": "2.5.0.9" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-10-23T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4400" + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "SCORE": "4.300", + "AC": "L", + "AV": "N", + "I": "N", + "PR": "L", + "C": "L", + "S": "U", + "A": "N", + "UI": "N" + } + } + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162261." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4461.json b/2019/4xxx/CVE-2019-4461.json index 00bc5b2bd92..bbe5a0dbf84 100644 --- a/2019/4xxx/CVE-2019-4461.json +++ b/2019/4xxx/CVE-2019-4461.json @@ -1,135 +1,135 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Orchestrator", - "version" : { - "version_data" : [ - { - "version_value" : "2.4" - }, - { - "version_value" : "2.4.0.1" - }, - { - "version_value" : "2.4.0.2" - }, - { - "version_value" : "2.5" - }, - { - "version_value" : "2.5.0.1" - }, - { - "version_value" : "2.4.0.3" - }, - { - "version_value" : "2.5.0.2" - }, - { - "version_value" : "2.4.0.4" - }, - { - "version_value" : "2.5.0.3" - }, - { - "version_value" : "2.5.0.4" - }, - { - "version_value" : "2.4.0.5" - }, - { - "version_value" : "2.5.0.5" - }, - { - "version_value" : "2.5.0.6" - }, - { - "version_value" : "2.5.0.7" - }, - { - "version_value" : "2.5.0.8" - }, - { - "version_value" : "2.5.0.9" - } - ] - } - } - ] - } - } - ] - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2019-4461", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-10-23T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "AV" : "N", - "SCORE" : "5.400", - "AC" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "C" : "L", - "A" : "N", - "UI" : "R" - } - } - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cloud Orchestrator", + "version": { + "version_data": [ + { + "version_value": "2.4" + }, + { + "version_value": "2.4.0.1" + }, + { + "version_value": "2.4.0.2" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.5.0.1" + }, + { + "version_value": "2.4.0.3" + }, + { + "version_value": "2.5.0.2" + }, + { + "version_value": "2.4.0.4" + }, + { + "version_value": "2.5.0.3" + }, + { + "version_value": "2.5.0.4" + }, + { + "version_value": "2.4.0.5" + }, + { + "version_value": "2.5.0.5" + }, + { + "version_value": "2.5.0.6" + }, + { + "version_value": "2.5.0.7" + }, + { + "version_value": "2.5.0.8" + }, + { + "version_value": "2.5.0.9" + } + ] + } + } + ] + } + } ] - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/1072684", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/1072684", - "title" : "IBM Security Bulletin 1072684 (Cloud Orchestrator)" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-co-cve20194461-response-splitting (163682)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163682" - } - ] - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682.", - "lang" : "eng" - } - ] - } -} + } + }, + "CVE_data_meta": { + "ID": "CVE-2019-4461", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-10-23T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "AV": "N", + "SCORE": "5.400", + "AC": "L", + "I": "L", + "PR": "L", + "S": "C", + "C": "L", + "A": "N", + "UI": "R" + } + } + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1072684", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1072684", + "title": "IBM Security Bulletin 1072684 (Cloud Orchestrator)" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-co-cve20194461-response-splitting (163682)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163682" + } + ] + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682.", + "lang": "eng" + } + ] + } +} \ No newline at end of file