admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20210514-121245

Browse Source 
Added CVE-2021-20565, CVE-2021-20392, CVE-2021-20393, CVE-2020-4811, CVE-2021-20564, CVE-2021-20429, CVE-2021-20391, CVE-2020-4985
This commit is contained in:
Scott Moore - IBM 2021-05-14 12:12:45 -04:00
parent 2a41b92680
commit 81a4b2d2dc
No known key found for this signature in database
GPG Key ID: 8E6C411D57F2D75C
8 changed files with 744 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
2020/4xxx/CVE-2020-4811.json
View File

@ -1,18 +1,102 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4811",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"A" : "N",
"C" : "N",
"S" : "U",
"PR" : "H",
"SCORE" : "2.400",
"UI" : "R",
"I" : "L",
"AC" : "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.4.0.0"
},
{
"version_value" : "1.6.0.0"
},
{
"version_value" : "1.5.0.1"
},
{
"version_value" : "1.5.0.0"
},
{
"version_value" : "1.6.0.1"
}
]
},
"product_name" : "Cloud Pak for Security"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6453115 (Cloud Pak for Security)",
"name" : "https://www.ibm.com/support/pages/node/6453115",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6453115"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189635",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-cp4s-cve20204811-input-validation (189635)"
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Data Manipulation",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4811",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-05-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_format" : "MITRE"
}

102
2020/4xxx/CVE-2020-4985.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4985",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Planning Analytics Local",
"version" : {
"version_data" : [
{
"version_value" : "2.0"
}
]
}
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642."
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6452743",
"title" : "IBM Security Bulletin 6452743 (Planning Analytics Local)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6452743"
},
{
"name" : "ibm-planning-cve20204985-info-disc (192642)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/192642",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "L",
"A" : "N",
"AV" : "N",
"S" : "U",
"PR" : "N",
"AC" : "H",
"I" : "N",
"SCORE" : "3.700",
"UI" : "N"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4985",
"DATE_PUBLIC" : "2021-05-13T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
}
}

105
2021/20xxx/CVE-2021-20391.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20391",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-05-13T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2021-20391"
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"S" : "U",
"C" : "L",
"A" : "N",
"AV" : "L",
"UI" : "N",
"SCORE" : "4.000",
"AC" : "L",
"I" : "N",
"PR" : "N"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.0.0"
},
{
"version_value" : "4.1.1"
}
]
},
"product_name" : "QRadar SIEM"
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999."
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6453103",
"title" : "IBM Security Bulletin 6453103 (QRadar SIEM)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6453103"
},
{
"name" : "ibm-qradar-cve202120391-info-disc (195999)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/195999",
"refsource" : "XF"
}
]
}
}

105
2021/20xxx/CVE-2021-20392.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20392",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.0.0"
},
{
"version_value" : "4.1.1"
}
]
},
"product_name" : "QRadar SIEM"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6453105",
"title" : "IBM Security Bulletin 6453105 (QRadar SIEM)",
"name" : "https://www.ibm.com/support/pages/node/6453105"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-qradar-cve202120392-xss (196000)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196000",
"refsource" : "XF"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
},
"BM" : {
"I" : "L",
"AC" : "L",
"UI" : "R",
"SCORE" : "6.100",
"PR" : "N",
"S" : "C",
"AV" : "N",
"C" : "L",
"A" : "N"
}
}
},
"CVE_data_meta" : {
"ID" : "CVE-2021-20392",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-05-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
}
}

105
2021/20xxx/CVE-2021-20393.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20393",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_format" : "MITRE",
"CVE_data_meta" : {
"ID" : "CVE-2021-20393",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-05-13T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6453109",
"name" : "https://www.ibm.com/support/pages/node/6453109",
"title" : "IBM Security Bulletin 6453109 (QRadar SIEM)"
},
{
"name" : "ibm-qradar-cve202120393-info-disc (196001)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196001",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "QRadar SIEM",
"version" : {
"version_data" : [
{
"version_value" : "1.0.0"
},
{
"version_value" : "4.1.1"
}
]
}
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196001."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"C" : "L",
"A" : "N",
"S" : "U",
"PR" : "N",
"I" : "N",
"AC" : "L",
"SCORE" : "5.300",
"UI" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
}
}

105
2021/20xxx/CVE-2021-20429.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20429",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-05-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-20429"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"C" : "L",
"A" : "N",
"AV" : "N",
"S" : "U",
"PR" : "N",
"AC" : "H",
"I" : "N",
"SCORE" : "3.700",
"UI" : "N"
}
}
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6453107",
"title" : "IBM Security Bulletin 6453107 (QRadar SIEM)",
"name" : "https://www.ibm.com/support/pages/node/6453107"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196334",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-qradar-cve202120429-info-disc (196334)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.0.0"
},
{
"version_value" : "4.1.1"
}
]
},
"product_name" : "QRadar SIEM"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334.",
"lang" : "eng"
}
]
}
}

114
2021/20xxx/CVE-2021-20564.json
View File

@ -1,18 +1,102 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20564",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6453115",
"title" : "IBM Security Bulletin 6453115 (Cloud Pak for Security)",
"name" : "https://www.ibm.com/support/pages/node/6453115"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199235",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-cp4s-cve202120564-info-disc (199235)"
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 199235."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.4.0.0"
},
{
"version_value" : "1.6.0.0"
},
{
"version_value" : "1.5.0.1"
},
{
"version_value" : "1.5.0.0"
},
{
"version_value" : "1.6.0.1"
}
]
},
"product_name" : "Cloud Pak for Security"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"PR" : "N",
"UI" : "N",
"SCORE" : "5.900",
"I" : "N",
"AC" : "H",
"AV" : "N",
"C" : "H",
"A" : "N",
"S" : "U"
}
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ID" : "CVE-2021-20564",
"DATE_PUBLIC" : "2021-05-13T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_type" : "CVE"
}

114
2021/20xxx/CVE-2021-20565.json
View File

@ -1,18 +1,102 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20565",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"ID" : "CVE-2021-20565",
"DATE_PUBLIC" : "2021-05-13T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Cloud Pak for Security",
"version" : {
"version_data" : [
{
"version_value" : "1.4.0.0"
},
{
"version_value" : "1.6.0.0"
},
{
"version_value" : "1.5.0.1"
},
{
"version_value" : "1.5.0.0"
},
{
"version_value" : "1.6.0.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. IBM X-Force ID: 199236."
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6453115",
"name" : "https://www.ibm.com/support/pages/node/6453115",
"title" : "IBM Security Bulletin 6453115 (Cloud Pak for Security)"
},
{
"name" : "ibm-cp4s-cve202120565-improper-input (199236)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199236"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"PR" : "N",
"UI" : "R",
"SCORE" : "4.600",
"AC" : "L",
"I" : "L",
"C" : "N",
"A" : "L",
"AV" : "A",
"S" : "U"
}
}
}
}