admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-10-25 17:01:12 +00:00
parent a95e3c138c
commit 813e86eb81
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
11 changed files with 1136 additions and 884 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2013/4xxx/CVE-2013-4658.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4658",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/",
"refsource": "MISC",
"name": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"url": "https://www.ise.io/soho_service_hacks/",
"refsource": "MISC",
"name": "https://www.ise.io/soho_service_hacks/"
},
{
"refsource": "MISC",
"name": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
"url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf"
}
]
}

68
2013/4xxx/CVE-2013-4848.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4848",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/",
"refsource": "MISC",
"name": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"url": "https://www.ise.io/soho_service_hacks/",
"refsource": "MISC",
"name": "https://www.ise.io/soho_service_hacks/"
},
{
"refsource": "MISC",
"name": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
"url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf"
},
{
"refsource": "MISC",
"name": "https://www.securityfocus.com/bid/62884/info",
"url": "https://www.securityfocus.com/bid/62884/info"
},
{
"refsource": "MISC",
"name": "https://vuldb.com/?id.10495",
"url": "https://vuldb.com/?id.10495"
}
]
}

67
2019/14xxx/CVE-2019-14451.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an \"external command\" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.repetier-server.com/manuals/0.91/index.html",
"refsource": "MISC",
"name": "https://www.repetier-server.com/manuals/0.91/index.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.repetier-server.com/knowledgebase/security-advisory/",
"url": "https://www.repetier-server.com/knowledgebase/security-advisory/"
}
]
}
}

67
2019/16xxx/CVE-2019-16265.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "3S-Smart CODESYS V2.3 ENI server V3.2.2.23 has a Buffer Overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.codesys.com",
"refsource": "MISC",
"name": "https://www.codesys.com"
},
{
"refsource": "CONFIRM",
"name": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-09_LCDS-319.pdf",
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-09_LCDS-319.pdf"
}
]
}
}

176
2019/4xxx/CVE-2019-4036.json
View File

@ -1,90 +1,90 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager",
"version" : {
"version_data" : [
{
"version_value" : " "
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4036",
"DATE_PUBLIC" : "2019-09-09T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"C" : "N",
"UI" : "N",
"A" : "H",
"PR" : "N",
"AV" : "N",
"SCORE" : "7.500",
"AC" : "L",
"I" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": " "
}
]
}
}
]
}
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1072704",
"title" : "IBM Security Bulletin 1072704 (Security Access Manager)",
"url" : "https://www.ibm.com/support/pages/node/1072704"
},
{
"refsource" : "XF",
"name" : "ibm-sam-cve20194036-dos (156159)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/156159"
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.",
"lang" : "eng"
}
]
},
"data_version" : "4.0"
}
}
},
"CVE_data_meta": {
"ID": "CVE-2019-4036",
"DATE_PUBLIC": "2019-09-09T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"C": "N",
"UI": "N",
"A": "H",
"PR": "N",
"AV": "N",
"SCORE": "7.500",
"AC": "L",
"I": "N"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/1072704",
"title": "IBM Security Bulletin 1072704 (Security Access Manager)",
"url": "https://www.ibm.com/support/pages/node/1072704"
},
{
"refsource": "XF",
"name": "ibm-sam-cve20194036-dos (156159)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156159"
}
]
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"value": "IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.",
"lang": "eng"
}
]
},
"data_version": "4.0"
}

262
2019/4xxx/CVE-2019-4394.json
View File

@ -1,135 +1,135 @@
{
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"AV" : "L",
"SCORE" : "2.300",
"AC" : "L",
"I" : "L",
"PR" : "H",
"A" : "N",
"UI" : "N",
"S" : "U",
"C" : "N"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Cloud Orchestrator",
"version" : {
"version_data" : [
{
"version_value" : "2.4"
},
{
"version_value" : "2.4.0.1"
},
{
"version_value" : "2.4.0.2"
},
{
"version_value" : "2.5"
},
{
"version_value" : "2.5.0.1"
},
{
"version_value" : "2.4.0.3"
},
{
"version_value" : "2.5.0.2"
},
{
"version_value" : "2.4.0.4"
},
{
"version_value" : "2.5.0.3"
},
{
"version_value" : "2.5.0.4"
},
{
"version_value" : "2.4.0.5"
},
{
"version_value" : "2.5.0.5"
},
{
"version_value" : "2.5.0.6"
},
{
"version_value" : "2.5.0.7"
},
{
"version_value" : "2.5.0.8"
},
{
"version_value" : "2.5.0.9"
}
]
}
}
]
}
"value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232.",
"lang": "eng"
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-10-23T00:00:00",
"ID" : "CVE-2019-4394"
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1097301",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1097301",
"title" : "IBM Security Bulletin 1097301 (Cloud Orchestrator)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162232",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-co-cve20194394-sec-bypass (162232)",
"refsource" : "XF"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Bypass Security"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"AV": "L",
"SCORE": "2.300",
"AC": "L",
"I": "L",
"PR": "H",
"A": "N",
"UI": "N",
"S": "U",
"C": "N"
}
}
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Cloud Orchestrator",
"version": {
"version_data": [
{
"version_value": "2.4"
},
{
"version_value": "2.4.0.1"
},
{
"version_value": "2.4.0.2"
},
{
"version_value": "2.5"
},
{
"version_value": "2.5.0.1"
},
{
"version_value": "2.4.0.3"
},
{
"version_value": "2.5.0.2"
},
{
"version_value": "2.4.0.4"
},
{
"version_value": "2.5.0.3"
},
{
"version_value": "2.5.0.4"
},
{
"version_value": "2.4.0.5"
},
{
"version_value": "2.5.0.5"
},
{
"version_value": "2.5.0.6"
},
{
"version_value": "2.5.0.7"
},
{
"version_value": "2.5.0.8"
},
{
"version_value": "2.5.0.9"
}
]
}
}
]
}
}
]
}
]
}
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-10-23T00:00:00",
"ID": "CVE-2019-4394"
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/1097301",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/1097301",
"title": "IBM Security Bulletin 1097301 (Cloud Orchestrator)"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162232",
"title": "X-Force Vulnerability Report",
"name": "ibm-co-cve20194394-sec-bypass (162232)",
"refsource": "XF"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
}
}

264
2019/4xxx/CVE-2019-4395.json
View File

@ -1,135 +1,135 @@
{
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333."
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1097175",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1097175",
"title" : "IBM Security Bulletin 1097175 (Cloud Orchestrator)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-co-cve20194395-info-disc (162233)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162233"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"C" : "L",
"A" : "N",
"UI" : "N",
"AC" : "L",
"SCORE" : "4.000",
"I" : "N",
"AV" : "L",
"PR" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.4"
},
{
"version_value" : "2.4.0.1"
},
{
"version_value" : "2.4.0.2"
},
{
"version_value" : "2.5"
},
{
"version_value" : "2.5.0.1"
},
{
"version_value" : "2.4.0.3"
},
{
"version_value" : "2.5.0.2"
},
{
"version_value" : "2.4.0.4"
},
{
"version_value" : "2.5.0.3"
},
{
"version_value" : "2.5.0.4"
},
{
"version_value" : "2.4.0.5"
},
{
"version_value" : "2.5.0.5"
},
{
"version_value" : "2.5.0.6"
},
{
"version_value" : "2.5.0.7"
},
{
"version_value" : "2.5.0.8"
},
{
"version_value" : "2.5.0.9"
}
]
},
"product_name" : "Cloud Orchestrator"
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333."
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-10-23T00:00:00",
"ID" : "CVE-2019-4395"
}
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/1097175",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/1097175",
"title": "IBM Security Bulletin 1097175 (Cloud Orchestrator)"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-co-cve20194395-info-disc (162233)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162233"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"C": "L",
"A": "N",
"UI": "N",
"AC": "L",
"SCORE": "4.000",
"I": "N",
"AV": "L",
"PR": "N"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.4"
},
{
"version_value": "2.4.0.1"
},
{
"version_value": "2.4.0.2"
},
{
"version_value": "2.5"
},
{
"version_value": "2.5.0.1"
},
{
"version_value": "2.4.0.3"
},
{
"version_value": "2.5.0.2"
},
{
"version_value": "2.4.0.4"
},
{
"version_value": "2.5.0.3"
},
{
"version_value": "2.5.0.4"
},
{
"version_value": "2.4.0.5"
},
{
"version_value": "2.5.0.5"
},
{
"version_value": "2.5.0.6"
},
{
"version_value": "2.5.0.7"
},
{
"version_value": "2.5.0.8"
},
{
"version_value": "2.5.0.9"
}
]
},
"product_name": "Cloud Orchestrator"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-10-23T00:00:00",
"ID": "CVE-2019-4395"
}
}

264
2019/4xxx/CVE-2019-4396.json
View File

@ -1,135 +1,135 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1096354",
"name" : "https://www.ibm.com/support/pages/node/1096354",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 1096354 (Cloud Orchestrator)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162236",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-co-cve20194396-http-response (162236)"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.4"
},
{
"version_value" : "2.4.0.1"
},
{
"version_value" : "2.4.0.2"
},
{
"version_value" : "2.5"
},
{
"version_value" : "2.5.0.1"
},
{
"version_value" : "2.4.0.3"
},
{
"version_value" : "2.5.0.2"
},
{
"version_value" : "2.4.0.4"
},
{
"version_value" : "2.5.0.3"
},
{
"version_value" : "2.5.0.4"
},
{
"version_value" : "2.4.0.5"
},
{
"version_value" : "2.5.0.5"
},
{
"version_value" : "2.5.0.6"
},
{
"version_value" : "2.5.0.7"
},
{
"version_value" : "2.5.0.8"
},
{
"version_value" : "2.5.0.9"
}
]
},
"product_name" : "Cloud Orchestrator"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-10-23T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4396"
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"SCORE" : "5.400",
"AC" : "L",
"I" : "L",
"PR" : "L",
"A" : "N",
"UI" : "R",
"C" : "L",
"S" : "C"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236.",
"lang" : "eng"
}
]
},
"data_version" : "4.0"
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/1096354",
"name": "https://www.ibm.com/support/pages/node/1096354",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1096354 (Cloud Orchestrator)"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162236",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-co-cve20194396-http-response (162236)"
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.4"
},
{
"version_value": "2.4.0.1"
},
{
"version_value": "2.4.0.2"
},
{
"version_value": "2.5"
},
{
"version_value": "2.5.0.1"
},
{
"version_value": "2.4.0.3"
},
{
"version_value": "2.5.0.2"
},
{
"version_value": "2.4.0.4"
},
{
"version_value": "2.5.0.3"
},
{
"version_value": "2.5.0.4"
},
{
"version_value": "2.4.0.5"
},
{
"version_value": "2.5.0.5"
},
{
"version_value": "2.5.0.6"
},
{
"version_value": "2.5.0.7"
},
{
"version_value": "2.5.0.8"
},
{
"version_value": "2.5.0.9"
}
]
},
"product_name": "Cloud Orchestrator"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2019-10-23T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4396"
},
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"SCORE": "5.400",
"AC": "L",
"I": "L",
"PR": "L",
"A": "N",
"UI": "R",
"C": "L",
"S": "C"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236.",
"lang": "eng"
}
]
},
"data_version": "4.0"
}

264
2019/4xxx/CVE-2019-4399.json
View File

@ -1,135 +1,135 @@
{
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/1097307",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 1097307 (Cloud Orchestrator)",
"url" : "https://www.ibm.com/support/pages/node/1097307"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162260",
"name" : "ibm-co-cve20194399-info-disc (162260)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"I" : "N",
"SCORE" : "5.900",
"AV" : "N",
"AC" : "H",
"PR" : "N",
"S" : "U",
"C" : "H",
"A" : "N",
"UI" : "N"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Cloud Orchestrator",
"version" : {
"version_data" : [
{
"version_value" : "2.4"
},
{
"version_value" : "2.4.0.1"
},
{
"version_value" : "2.4.0.2"
},
{
"version_value" : "2.5"
},
{
"version_value" : "2.5.0.1"
},
{
"version_value" : "2.4.0.3"
},
{
"version_value" : "2.5.0.2"
},
{
"version_value" : "2.4.0.4"
},
{
"version_value" : "2.5.0.3"
},
{
"version_value" : "2.5.0.4"
},
{
"version_value" : "2.4.0.5"
},
{
"version_value" : "2.5.0.5"
},
{
"version_value" : "2.5.0.6"
},
{
"version_value" : "2.5.0.7"
},
{
"version_value" : "2.5.0.8"
},
{
"version_value" : "2.5.0.9"
}
]
}
}
]
}
"value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260.",
"lang": "eng"
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-10-23T00:00:00",
"ID" : "CVE-2019-4399"
}
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1097307",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1097307 (Cloud Orchestrator)",
"url": "https://www.ibm.com/support/pages/node/1097307"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162260",
"name": "ibm-co-cve20194399-info-disc (162260)",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"I": "N",
"SCORE": "5.900",
"AV": "N",
"AC": "H",
"PR": "N",
"S": "U",
"C": "H",
"A": "N",
"UI": "N"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Cloud Orchestrator",
"version": {
"version_data": [
{
"version_value": "2.4"
},
{
"version_value": "2.4.0.1"
},
{
"version_value": "2.4.0.2"
},
{
"version_value": "2.5"
},
{
"version_value": "2.5.0.1"
},
{
"version_value": "2.4.0.3"
},
{
"version_value": "2.5.0.2"
},
{
"version_value": "2.4.0.4"
},
{
"version_value": "2.5.0.3"
},
{
"version_value": "2.5.0.4"
},
{
"version_value": "2.4.0.5"
},
{
"version_value": "2.5.0.5"
},
{
"version_value": "2.5.0.6"
},
{
"version_value": "2.5.0.7"
},
{
"version_value": "2.5.0.8"
},
{
"version_value": "2.5.0.9"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-10-23T00:00:00",
"ID": "CVE-2019-4399"
}
}

264
2019/4xxx/CVE-2019-4400.json
View File

@ -1,135 +1,135 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1077129",
"title" : "IBM Security Bulletin 1077129 (Cloud Orchestrator)",
"name" : "https://www.ibm.com/support/pages/node/1077129",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162261",
"name" : "ibm-co-cve20194400-info-disc (162261)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Cloud Orchestrator",
"version" : {
"version_data" : [
{
"version_value" : "2.4"
},
{
"version_value" : "2.4.0.1"
},
{
"version_value" : "2.4.0.2"
},
{
"version_value" : "2.5"
},
{
"version_value" : "2.5.0.1"
},
{
"version_value" : "2.4.0.3"
},
{
"version_value" : "2.5.0.2"
},
{
"version_value" : "2.4.0.4"
},
{
"version_value" : "2.5.0.3"
},
{
"version_value" : "2.5.0.4"
},
{
"version_value" : "2.4.0.5"
},
{
"version_value" : "2.5.0.5"
},
{
"version_value" : "2.5.0.6"
},
{
"version_value" : "2.5.0.7"
},
{
"version_value" : "2.5.0.8"
},
{
"version_value" : "2.5.0.9"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-10-23T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4400"
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"SCORE" : "4.300",
"AC" : "L",
"AV" : "N",
"I" : "N",
"PR" : "L",
"C" : "L",
"S" : "U",
"A" : "N",
"UI" : "N"
}
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162261."
}
]
}
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/1077129",
"title": "IBM Security Bulletin 1077129 (Cloud Orchestrator)",
"name": "https://www.ibm.com/support/pages/node/1077129",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162261",
"name": "ibm-co-cve20194400-info-disc (162261)",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Orchestrator",
"version": {
"version_data": [
{
"version_value": "2.4"
},
{
"version_value": "2.4.0.1"
},
{
"version_value": "2.4.0.2"
},
{
"version_value": "2.5"
},
{
"version_value": "2.5.0.1"
},
{
"version_value": "2.4.0.3"
},
{
"version_value": "2.5.0.2"
},
{
"version_value": "2.4.0.4"
},
{
"version_value": "2.5.0.3"
},
{
"version_value": "2.5.0.4"
},
{
"version_value": "2.4.0.5"
},
{
"version_value": "2.5.0.5"
},
{
"version_value": "2.5.0.6"
},
{
"version_value": "2.5.0.7"
},
{
"version_value": "2.5.0.8"
},
{
"version_value": "2.5.0.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-10-23T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4400"
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"SCORE": "4.300",
"AC": "L",
"AV": "N",
"I": "N",
"PR": "L",
"C": "L",
"S": "U",
"A": "N",
"UI": "N"
}
}
},
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162261."
}
]
}
}

266
2019/4xxx/CVE-2019-4461.json
View File

@ -1,135 +1,135 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Cloud Orchestrator",
"version" : {
"version_data" : [
{
"version_value" : "2.4"
},
{
"version_value" : "2.4.0.1"
},
{
"version_value" : "2.4.0.2"
},
{
"version_value" : "2.5"
},
{
"version_value" : "2.5.0.1"
},
{
"version_value" : "2.4.0.3"
},
{
"version_value" : "2.5.0.2"
},
{
"version_value" : "2.4.0.4"
},
{
"version_value" : "2.5.0.3"
},
{
"version_value" : "2.5.0.4"
},
{
"version_value" : "2.4.0.5"
},
{
"version_value" : "2.5.0.5"
},
{
"version_value" : "2.5.0.6"
},
{
"version_value" : "2.5.0.7"
},
{
"version_value" : "2.5.0.8"
},
{
"version_value" : "2.5.0.9"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4461",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-10-23T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"AV" : "N",
"SCORE" : "5.400",
"AC" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"C" : "L",
"A" : "N",
"UI" : "R"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Cloud Orchestrator",
"version": {
"version_data": [
{
"version_value": "2.4"
},
{
"version_value": "2.4.0.1"
},
{
"version_value": "2.4.0.2"
},
{
"version_value": "2.5"
},
{
"version_value": "2.5.0.1"
},
{
"version_value": "2.4.0.3"
},
{
"version_value": "2.5.0.2"
},
{
"version_value": "2.4.0.4"
},
{
"version_value": "2.5.0.3"
},
{
"version_value": "2.5.0.4"
},
{
"version_value": "2.4.0.5"
},
{
"version_value": "2.5.0.5"
},
{
"version_value": "2.5.0.6"
},
{
"version_value": "2.5.0.7"
},
{
"version_value": "2.5.0.8"
},
{
"version_value": "2.5.0.9"
}
]
}
}
]
}
}
]
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1072684",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1072684",
"title" : "IBM Security Bulletin 1072684 (Cloud Orchestrator)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-co-cve20194461-response-splitting (163682)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163682"
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682.",
"lang" : "eng"
}
]
}
}
}
},
"CVE_data_meta": {
"ID": "CVE-2019-4461",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-10-23T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"AV": "N",
"SCORE": "5.400",
"AC": "L",
"I": "L",
"PR": "L",
"S": "C",
"C": "L",
"A": "N",
"UI": "R"
}
}
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/1072684",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/1072684",
"title": "IBM Security Bulletin 1072684 (Cloud Orchestrator)"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-co-cve20194461-response-splitting (163682)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163682"
}
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682.",
"lang": "eng"
}
]
}
}