admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-01 16:01:01 +00:00
parent 66fb17fee7
commit 84ec286fa1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
20 changed files with 1699 additions and 1549 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
2016/5xxx/CVE-2016-5235.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5235",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, aka F5 WebSafe Alert Server, allows an unauthenticated user to inject HTML via a crafted alert."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K48572812",
"url": "https://support.f5.com/csp/article/K48572812"
}
]
}

48
2016/5xxx/CVE-2016-5236.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5236",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K55922302",
"url": "https://support.f5.com/csp/article/K55922302"
}
]
}

62
2019/13xxx/CVE-2019-13131.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.exploit-db.com/exploits/47030",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/47030"
}
]
}
}

192
2019/4xxx/CVE-2019-4057.json
View File

@ -1,99 +1,99 @@
{
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 880735 (DB2 for Linux, UNIX and Windows)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880735",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880735"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-db2-cve20194057-priv-escalation (156567)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/156567"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"S" : "U",
"A" : "H",
"I" : "H",
"UI" : "N",
"PR" : "H",
"C" : "H",
"SCORE" : "6.700",
"AC" : "L",
"AV" : "L"
}
}
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4057",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-06-27T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "DB2 for Linux, UNIX and Windows",
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "10.1"
},
{
"version_value" : "9.7"
},
{
"version_value" : "11.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"title": "IBM Security Bulletin 880735 (DB2 for Linux, UNIX and Windows)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880735",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880735"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-db2-cve20194057-priv-escalation (156567)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156567"
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567."
}
]
}
}
]
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"S": "U",
"A": "H",
"I": "H",
"UI": "N",
"PR": "H",
"C": "H",
"SCORE": "6.700",
"AC": "L",
"AV": "L"
}
}
},
"CVE_data_meta": {
"ID": "CVE-2019-4057",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-06-27T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux, UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "10.5"
},
{
"version_value": "10.1"
},
{
"version_value": "9.7"
},
{
"version_value": "11.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567."
}
]
}
}

184
2019/4xxx/CVE-2019-4101.json
View File

@ -1,96 +1,96 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "DB2 for Linux, UNIX and Windows",
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "10.1"
},
{
"version_value" : "11.1"
}
]
}
}
]
}
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091."
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-06-27T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4101",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "DB2 for Linux, UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "10.5"
},
{
"version_value": "10.1"
},
{
"version_value": "11.1"
}
]
}
}
]
}
}
]
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"UI" : "N",
"I" : "N",
"AV" : "L",
"AC" : "L",
"SCORE" : "6.200",
"C" : "N",
"PR" : "N",
"A" : "H",
"S" : "U"
}
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 880741 (DB2 for Linux, UNIX and Windows)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880741",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880741"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158091",
"name" : "ibm-db2-cve20194101-dos (158091)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE"
}
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2019-06-27T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4101",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Denial of Service",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"UI": "N",
"I": "N",
"AV": "L",
"AC": "L",
"SCORE": "6.200",
"C": "N",
"PR": "N",
"A": "H",
"S": "U"
}
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 880741 (DB2 for Linux, UNIX and Windows)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880741",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880741"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158091",
"name": "ibm-db2-cve20194101-dos (158091)",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"data_format": "MITRE"
}

192
2019/4xxx/CVE-2019-4102.json
View File

@ -1,99 +1,99 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880743",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880743",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 880743 (DB2 for Linux, UNIX and Windows)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158092",
"name" : "ibm-db2-cve20194102-info-disc (158092)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"A" : "N",
"S" : "U",
"I" : "N",
"UI" : "N",
"SCORE" : "5.900",
"C" : "H",
"PR" : "N",
"AC" : "H",
"AV" : "N"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4102",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-27T00:00:00"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "10.1"
},
{
"version_value" : "9.7"
},
{
"version_value" : "11.1"
}
]
},
"product_name" : "DB2 for Linux, UNIX and Windows"
}
]
}
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880743",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880743",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880743 (DB2 for Linux, UNIX and Windows)"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158092",
"name": "ibm-db2-cve20194102-info-disc (158092)",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
}
}
}
]
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"A": "N",
"S": "U",
"I": "N",
"UI": "N",
"SCORE": "5.900",
"C": "H",
"PR": "N",
"AC": "H",
"AV": "N"
}
}
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-4102",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-27T00:00:00"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.5"
},
{
"version_value": "10.1"
},
{
"version_value": "9.7"
},
{
"version_value": "11.1"
}
]
},
"product_name": "DB2 for Linux, UNIX and Windows"
}
]
}
}
]
}
}
}

192
2019/4xxx/CVE-2019-4154.json
View File

@ -1,99 +1,99 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880737",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880737",
"title" : "IBM Security Bulletin 880737 (DB2 for Linux, UNIX and Windows)",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158519",
"name" : "ibm-db2-cve20194154-bo (158519)"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"S" : "U",
"A" : "H",
"AV" : "L",
"AC" : "L",
"PR" : "N",
"SCORE" : "8.400",
"C" : "H",
"UI" : "N",
"I" : "H"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-06-27T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4154"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "DB2 for Linux, UNIX and Windows",
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "10.1"
},
{
"version_value" : "9.7"
},
{
"version_value" : "11.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880737",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880737",
"title": "IBM Security Bulletin 880737 (DB2 for Linux, UNIX and Windows)",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158519",
"name": "ibm-db2-cve20194154-bo (158519)"
}
]
}
}
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"S": "U",
"A": "H",
"AV": "L",
"AC": "L",
"PR": "N",
"SCORE": "8.400",
"C": "H",
"UI": "N",
"I": "H"
}
}
},
"data_version": "4.0",
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2019-06-27T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2019-4154"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux, UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "10.5"
},
{
"version_value": "10.1"
},
{
"version_value": "9.7"
},
{
"version_value": "11.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

186
2019/4xxx/CVE-2019-4237.json
View File

@ -1,96 +1,96 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 879825 (InfoSphere Information Server)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10879825",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10879825"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159419",
"name" : "ibm-infosphere-cve20194237-cfs (159419)"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"UI" : "R",
"I" : "L",
"AV" : "N",
"AC" : "L",
"PR" : "L",
"SCORE" : "5.400",
"C" : "L",
"S" : "C",
"A" : "N"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-06-27T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4237"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11.3"
},
{
"version_value" : "11.5"
},
{
"version_value" : "11.7"
}
]
},
"product_name" : "InfoSphere Information Server"
}
]
}
"title": "IBM Security Bulletin 879825 (InfoSphere Information Server)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10879825",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10879825"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159419",
"name": "ibm-infosphere-cve20194237-cfs (159419)"
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419."
}
]
}
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"UI": "R",
"I": "L",
"AV": "N",
"AC": "L",
"PR": "L",
"SCORE": "5.400",
"C": "L",
"S": "C",
"A": "N"
}
}
},
"data_version": "4.0",
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2019-06-27T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2019-4237"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "11.3"
},
{
"version_value": "11.5"
},
{
"version_value": "11.7"
}
]
},
"product_name": "InfoSphere Information Server"
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419."
}
]
}
}

174
2019/4xxx/CVE-2019-4295.json
View File

@ -1,90 +1,90 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884840",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884840",
"title" : "IBM Security Bulletin 884840 (Robotic Process Automation with Automation Anywhere)",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160758",
"name" : "ibm-rpa-cve20194295-info-disc (160758)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"S" : "U",
"AV" : "N",
"AC" : "L",
"C" : "H",
"SCORE" : "4.900",
"PR" : "H",
"UI" : "N",
"I" : "N"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-28T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4295"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11"
}
]
},
"product_name" : "Robotic Process Automation with Automation Anywhere"
}
]
},
"vendor_name" : "IBM"
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10884840",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10884840",
"title": "IBM Security Bulletin 884840 (Robotic Process Automation with Automation Anywhere)",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160758",
"name": "ibm-rpa-cve20194295-info-disc (160758)",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. IBM X-Force ID: 160758.",
"lang" : "eng"
}
]
}
}
]
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"S": "U",
"AV": "N",
"AC": "L",
"C": "H",
"SCORE": "4.900",
"PR": "H",
"UI": "N",
"I": "N"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-28T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4295"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "11"
}
]
},
"product_name": "Robotic Process Automation with Automation Anywhere"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"value": "IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. IBM X-Force ID: 160758.",
"lang": "eng"
}
]
}
}

174
2019/4xxx/CVE-2019-4296.json
View File

@ -1,90 +1,90 @@
{
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 884844 (Robotic Process Automation with Automation Anywhere)",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884844",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884844"
},
{
"name" : "ibm-rpa-cve20194296-info-disc (160759)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160759",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"A" : "N",
"S" : "U",
"AC" : "L",
"AV" : "L",
"SCORE" : "4.000",
"C" : "L",
"PR" : "N",
"UI" : "N",
"I" : "N"
}
}
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2019-4296",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-28T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Robotic Process Automation with Automation Anywhere",
"version" : {
"version_data" : [
{
"version_value" : "11"
}
]
}
}
]
}
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 884844 (Robotic Process Automation with Automation Anywhere)",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10884844",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10884844"
},
{
"name": "ibm-rpa-cve20194296-info-disc (160759)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160759",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759.",
"lang" : "eng"
}
]
}
}
]
},
"data_format": "MITRE",
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"A": "N",
"S": "U",
"AC": "L",
"AV": "L",
"SCORE": "4.000",
"C": "L",
"PR": "N",
"UI": "N",
"I": "N"
}
}
},
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-4296",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-28T00:00:00"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Robotic Process Automation with Automation Anywhere",
"version": {
"version_data": [
{
"version_value": "11"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"value": "IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759.",
"lang": "eng"
}
]
}
}

174
2019/4xxx/CVE-2019-4297.json
View File

@ -1,90 +1,90 @@
{
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "6.400",
"C" : "L",
"PR" : "L",
"AV" : "N",
"AC" : "L",
"I" : "L",
"UI" : "N",
"A" : "N",
"S" : "C"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 884826 (Robotic Process Automation with Automation Anywhere)",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884826",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884826"
},
{
"name" : "ibm-rpa-cve20194297-ldap-injection (160761)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160761",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Robotic Process Automation with Automation Anywhere",
"version" : {
"version_data" : [
{
"version_value" : "11"
}
]
}
}
]
}
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"SCORE": "6.400",
"C": "L",
"PR": "L",
"AV": "N",
"AC": "L",
"I": "L",
"UI": "N",
"A": "N",
"S": "C"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM X-Force ID: 160761."
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-28T00:00:00",
"ID" : "CVE-2019-4297",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 884826 (Robotic Process Automation with Automation Anywhere)",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10884826",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10884826"
},
{
"name": "ibm-rpa-cve20194297-ldap-injection (160761)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160761",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Robotic Process Automation with Automation Anywhere",
"version": {
"version_data": [
{
"version_value": "11"
}
]
}
}
]
}
}
]
}
]
}
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM X-Force ID: 160761."
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-28T00:00:00",
"ID": "CVE-2019-4297",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
}
}

172
2019/4xxx/CVE-2019-4298.json
View File

@ -1,90 +1,90 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11"
}
]
},
"product_name" : "Robotic Process Automation with Automation Anywhere"
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764."
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Data Manipulation"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "11"
}
]
},
"product_name": "Robotic Process Automation with Automation Anywhere"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4298",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-28T00:00:00"
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"A" : "N",
"PR" : "N",
"C" : "H",
"SCORE" : "7.700",
"AC" : "L",
"AV" : "L",
"I" : "H",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_type" : "CVE",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884820",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884820",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 884820 (Robotic Process Automation with Automation Anywhere)"
},
{
"name" : "ibm-rpa-cve20194298-priv-escalation (160764)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160764",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4298",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-28T00:00:00"
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"A": "N",
"PR": "N",
"C": "H",
"SCORE": "7.700",
"AC": "L",
"AV": "L",
"I": "H",
"UI": "N"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"data_type": "CVE",
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10884820",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10884820",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 884820 (Robotic Process Automation with Automation Anywhere)"
},
{
"name": "ibm-rpa-cve20194298-priv-escalation (160764)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160764",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
}
}

174
2019/4xxx/CVE-2019-4299.json
View File

@ -1,90 +1,90 @@
{
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 884842 (Robotic Process Automation with Automation Anywhere)",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884842",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884842"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-rpa-cve20194299-info-disc (160765)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160765"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"I" : "N",
"AC" : "H",
"AV" : "L",
"PR" : "N",
"SCORE" : "5.100",
"C" : "H",
"S" : "U",
"A" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-28T00:00:00",
"ID" : "CVE-2019-4299",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Robotic Process Automation with Automation Anywhere",
"version" : {
"version_data" : [
{
"version_value" : "11"
}
]
}
}
]
},
"vendor_name" : "IBM"
"title": "IBM Security Bulletin 884842 (Robotic Process Automation with Automation Anywhere)",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10884842",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10884842"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-rpa-cve20194299-info-disc (160765)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160765"
}
]
}
}
}
]
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"I": "N",
"AC": "H",
"AV": "L",
"PR": "N",
"SCORE": "5.100",
"C": "H",
"S": "U",
"A": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-28T00:00:00",
"ID": "CVE-2019-4299",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Robotic Process Automation with Automation Anywhere",
"version": {
"version_data": [
{
"version_value": "11"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

192
2019/4xxx/CVE-2019-4322.json
View File

@ -1,99 +1,99 @@
{
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"A" : "H",
"UI" : "N",
"I" : "H",
"AC" : "L",
"AV" : "L",
"PR" : "N",
"C" : "H",
"SCORE" : "8.400"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10884444",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10884444",
"title" : "IBM Security Bulletin 884444 (DB2 for Linux, UNIX and Windows)",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161202",
"name" : "ibm-db2-cve20194322-bo (161202)"
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "10.1"
},
{
"version_value" : "9.7"
},
{
"version_value" : "11.1"
}
]
},
"product_name" : "DB2 for Linux, UNIX and Windows"
}
]
},
"vendor_name" : "IBM"
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"A": "H",
"UI": "N",
"I": "H",
"AC": "L",
"AV": "L",
"PR": "N",
"C": "H",
"SCORE": "8.400"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4322",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-27T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10884444",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10884444",
"title": "IBM Security Bulletin 884444 (DB2 for Linux, UNIX and Windows)",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161202",
"name": "ibm-db2-cve20194322-bo (161202)"
}
]
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.5"
},
{
"version_value": "10.1"
},
{
"version_value": "9.7"
},
{
"version_value": "11.1"
}
]
},
"product_name": "DB2 for Linux, UNIX and Windows"
}
]
},
"vendor_name": "IBM"
}
]
}
]
}
}
}
},
"CVE_data_meta": {
"ID": "CVE-2019-4322",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-27T00:00:00"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
}
}

176
2019/4xxx/CVE-2019-4336.json
View File

@ -1,90 +1,90 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Robotic Process Automation with Automation Anywhere",
"version" : {
"version_data" : [
{
"version_value" : "11"
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Robotic Process Automation with Automation Anywhere",
"version": {
"version_data": [
{
"version_value": "11"
}
]
}
}
]
}
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4336",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-06-28T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"C" : "H",
"SCORE" : "7.500",
"AV" : "N",
"AC" : "L",
"I" : "N",
"UI" : "N",
"S" : "U",
"A" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884848",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884848",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 884848 (Robotic Process Automation with Automation Anywhere)"
},
{
"name" : "ibm-robotic-cve20194336-info-disc (161411)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161411",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
}
}
}
},
"description": {
"description_data": [
{
"value": "IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4336",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-06-28T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"impact": {
"cvssv3": {
"BM": {
"PR": "N",
"C": "H",
"SCORE": "7.500",
"AV": "N",
"AC": "L",
"I": "N",
"UI": "N",
"S": "U",
"A": "N"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10884848",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10884848",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 884848 (Robotic Process Automation with Automation Anywhere)"
},
{
"name": "ibm-robotic-cve20194336-info-disc (161411)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161411",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
}
}

172
2019/4xxx/CVE-2019-4337.json
View File

@ -1,90 +1,90 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. IBM X-Force ID: 161412.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11"
}
]
},
"product_name" : "Robotic Process Automation with Automation Anywhere"
}
]
},
"vendor_name" : "IBM"
"value": "IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. IBM X-Force ID: 161412.",
"lang": "eng"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "11"
}
]
},
"product_name": "Robotic Process Automation with Automation Anywhere"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4337",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-28T00:00:00"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"S" : "U",
"A" : "N",
"I" : "N",
"UI" : "N",
"PR" : "N",
"C" : "L",
"SCORE" : "5.300",
"AC" : "L",
"AV" : "N"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 884850 (Robotic Process Automation with Automation Anywhere)",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884850",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884850"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-robotic-cve20194337-missing-auth (161412)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161412"
}
]
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4337",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-28T00:00:00"
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"S": "U",
"A": "N",
"I": "N",
"UI": "N",
"PR": "N",
"C": "L",
"SCORE": "5.300",
"AC": "L",
"AV": "N"
}
}
},
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 884850 (Robotic Process Automation with Automation Anywhere)",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10884850",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10884850"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-robotic-cve20194337-missing-auth (161412)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161412"
}
]
}
}

184
2019/4xxx/CVE-2019-4357.json
View File

@ -1,96 +1,96 @@
{
"description" : {
"description_data" : [
{
"value" : "When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667,",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Plus",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.2"
},
{
"version_value" : "10.1.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
"value": "When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667,",
"lang": "eng"
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4357",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-27T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Plus",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.2"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"A" : "H",
"S" : "C",
"I" : "H",
"UI" : "N",
"SCORE" : "8.200",
"C" : "H",
"PR" : "H",
"AC" : "L",
"AV" : "L"
}
}
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10886111",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10886111",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 886111 (Spectrum Protect Plus)"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161667",
"name" : "ibm-spectrum-cve20194357-code-exec (161667)"
}
]
},
"data_format" : "MITRE"
}
}
},
"CVE_data_meta": {
"ID": "CVE-2019-4357",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-27T00:00:00"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"A": "H",
"S": "C",
"I": "H",
"UI": "N",
"SCORE": "8.200",
"C": "H",
"PR": "H",
"AC": "L",
"AV": "L"
}
}
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10886111",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10886111",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 886111 (Spectrum Protect Plus)"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161667",
"name": "ibm-spectrum-cve20194357-code-exec (161667)"
}
]
},
"data_format": "MITRE"
}

186
2019/4xxx/CVE-2019-4383.json
View File

@ -1,96 +1,96 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 886111 (Spectrum Protect Plus)",
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10886111",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10886111"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-spectrum-cve20194383-priv-escalation (162165)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162165"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "C",
"A" : "N",
"PR" : "H",
"SCORE" : "7.900",
"C" : "H",
"AC" : "L",
"AV" : "L",
"I" : "H",
"UI" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4383",
"DATE_PUBLIC" : "2019-06-27T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"description" : {
"description_data" : [
{
"value" : "When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.2"
},
{
"version_value" : "10.1.3"
}
]
},
"product_name" : "Spectrum Protect Plus"
}
]
}
"title": "IBM Security Bulletin 886111 (Spectrum Protect Plus)",
"refsource": "CONFIRM",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10886111",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10886111"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-spectrum-cve20194383-priv-escalation (162165)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162165"
}
]
}
}
}
]
},
"impact": {
"cvssv3": {
"BM": {
"S": "C",
"A": "N",
"PR": "H",
"SCORE": "7.900",
"C": "H",
"AC": "L",
"AV": "L",
"I": "H",
"UI": "N"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"data_version": "4.0",
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-4383",
"DATE_PUBLIC": "2019-06-27T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"description": {
"description_data": [
{
"value": "When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.2"
},
{
"version_value": "10.1.3"
}
]
},
"product_name": "Spectrum Protect Plus"
}
]
}
}
]
}
}
}

174
2019/4xxx/CVE-2019-4386.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ID" : "CVE-2019-4386",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-27T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"ID": "CVE-2019-4386",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-27T00:00:00"
},
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11.1"
}
]
},
"product_name" : "DB2 for Linux, UNIX and Windows"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10886809",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10886809",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 886809 (DB2 for Linux, UNIX and Windows)"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-db2-cve20194386-dos (162174)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162174"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"UI" : "N",
"I" : "N",
"AV" : "N",
"AC" : "L",
"C" : "N",
"SCORE" : "6.500",
"PR" : "L",
"A" : "H",
"S" : "U"
}
}
},
"data_version" : "4.0"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "11.1"
}
]
},
"product_name": "DB2 for Linux, UNIX and Windows"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10886809",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10886809",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 886809 (DB2 for Linux, UNIX and Windows)"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-db2-cve20194386-dos (162174)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162174"
}
]
},
"data_format": "MITRE",
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"UI": "N",
"I": "N",
"AV": "N",
"AC": "L",
"C": "N",
"SCORE": "6.500",
"PR": "L",
"A": "H",
"S": "U"
}
}
},
"data_version": "4.0"
}

192
2019/4xxx/CVE-2019-4410.json
View File

@ -1,99 +1,99 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 888037 (Business Automation Workflow)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10888037",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10888037"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162657",
"name" : "ibm-baw-cve20194410-xss (162657)"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
},
"BM" : {
"A" : "N",
"S" : "C",
"SCORE" : "5.400",
"C" : "L",
"PR" : "L",
"AV" : "N",
"AC" : "L",
"I" : "L",
"UI" : "R"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-28T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4410"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162657."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "18.0.0.0"
},
{
"version_value" : "18.0.0.1"
},
{
"version_value" : "18.0.0.2"
},
{
"version_value" : "19.0.0.1"
}
]
},
"product_name" : "Business Automation Workflow"
}
]
},
"vendor_name" : "IBM"
"title": "IBM Security Bulletin 888037 (Business Automation Workflow)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10888037",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888037"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162657",
"name": "ibm-baw-cve20194410-xss (162657)"
}
]
}
}
}
]
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "H",
"RC": "C"
},
"BM": {
"A": "N",
"S": "C",
"SCORE": "5.400",
"C": "L",
"PR": "L",
"AV": "N",
"AC": "L",
"I": "L",
"UI": "R"
}
}
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-28T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4410"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162657."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "18.0.0.0"
},
{
"version_value": "18.0.0.1"
},
{
"version_value": "18.0.0.2"
},
{
"version_value": "19.0.0.1"
}
]
},
"product_name": "Business Automation Workflow"
}
]
},
"vendor_name": "IBM"
}
]
}
}
}