diff --git a/2018/1xxx/CVE-2018-1875.json b/2018/1xxx/CVE-2018-1875.json index c5998221eb8..cb7fe1e5697 100644 --- a/2018/1xxx/CVE-2018-1875.json +++ b/2018/1xxx/CVE-2018-1875.json @@ -1,30 +1,9 @@ { - "data_version" : "4.0", "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2018-1875", + "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2019-02-01T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 151639.", - "lang" : "eng" - } - ] + "ID" : "CVE-2018-1875", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { @@ -33,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "InfoSphere Information Governance Catalog", "version" : { "version_data" : [ { @@ -45,8 +25,7 @@ "version_value" : "11.7" } ] - }, - "product_name" : "InfoSphere Information Governance Catalog" + } }, { "product_name" : "InfoSphere Information Server on Cloud", @@ -68,42 +47,61 @@ ] } }, + "data_format" : "MITRE", "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 151639." + } + ] + }, "impact" : { "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "N", + "I" : "H", + "PR" : "N", + "S" : "C", + "SCORE" : "7.400", + "UI" : "R" + }, "TM" : { "E" : "U", "RC" : "C", "RL" : "O" - }, - "BM" : { - "AV" : "N", - "I" : "H", - "S" : "C", - "PR" : "N", - "C" : "N", - "AC" : "L", - "A" : "N", - "SCORE" : "7.400", - "UI" : "R" } } }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, "references" : { "reference_data" : [ { - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738911", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10738911", "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 738911 (InfoSphere Information Governance Catalog)" + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738911" }, { + "name" : "ibm-infosphere-cve20181875-open-redirect(151639)", "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151639", - "name" : "ibm-infosphere-cve20181875-open-redirect (151639)", - "title" : "X-Force Vulnerability Report" + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151639" } ] - }, - "data_format" : "MITRE" + } } diff --git a/2018/1xxx/CVE-2018-1899.json b/2018/1xxx/CVE-2018-1899.json index 3b239746927..d179b976ed2 100644 --- a/2018/1xxx/CVE-2018-1899.json +++ b/2018/1xxx/CVE-2018-1899.json @@ -1,10 +1,14 @@ { - "data_version" : "4.0", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-02-01T00:00:00", + "ID" : "CVE-2018-1899", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -24,72 +28,66 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { - "value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528.", - "lang" : "eng" + "lang" : "eng", + "value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528." } ] }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "A", + "C" : "N", + "I" : "L", + "PR" : "N", + "S" : "U", + "SCORE" : "4.300", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Gain Access", - "lang" : "eng" + "lang" : "eng", + "value" : "Gain Access" } ] } ] }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2018-1899", - "DATE_PUBLIC" : "2019-02-01T00:00:00" - }, - "impact" : { - "cvssv3" : { - "BM" : { - "PR" : "N", - "S" : "U", - "UI" : "N", - "SCORE" : "4.300", - "AC" : "L", - "A" : "N", - "C" : "N", - "I" : "L", - "AV" : "A" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_format" : "MITRE", "references" : { "reference_data" : [ { - "refsource" : "CONFIRM", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10744029", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744029", - "title" : "IBM Security Bulletin 744029 (InfoSphere Information Server)" + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744029" }, { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152528", - "name" : "ibm-infosphere-cve20181899-improper-access (152528)", + "name" : "ibm-infosphere-cve20181899-improper-access(152528)", "refsource" : "XF", - "title" : "X-Force Vulnerability Report" + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152528" } ] } diff --git a/2018/1xxx/CVE-2018-1937.json b/2018/1xxx/CVE-2018-1937.json index 67bff6fbb23..bf8b8cf8416 100644 --- a/2018/1xxx/CVE-2018-1937.json +++ b/2018/1xxx/CVE-2018-1937.json @@ -1,24 +1,9 @@ { - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317." - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-03-02T00:00:00", + "ID" : "CVE-2018-1937", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { @@ -27,14 +12,14 @@ "product" : { "product_data" : [ { + "product_name" : "Cloud Private", "version" : { "version_data" : [ { "version_value" : "3.1.1" } ] - }, - "product_name" : "Cloud Private" + } } ] }, @@ -43,47 +28,60 @@ ] } }, + "data_format" : "MITRE", "data_type" : "CVE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2019-03-02T00:00:00", - "ID" : "CVE-2018-1937", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317." + } + ] }, "impact" : { "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "L", + "C" : "H", + "I" : "N", "PR" : "H", "S" : "U", - "AC" : "L", - "C" : "H", - "A" : "N", - "UI" : "N", "SCORE" : "4.400", - "AV" : "L", - "I" : "N" + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" } } }, - "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, "references" : { "reference_data" : [ { - "title" : "IBM Security Bulletin 871766 (Cloud Private)", "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10871766", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10871766", - "refsource" : "CONFIRM" + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10871766" }, { + "name" : "ibm-cloud-cve20181937-info-disc(153317)", "refsource" : "XF", - "name" : "ibm-cloud-cve20181937-info-disc (153317)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153317", - "title" : "X-Force Vulnerability Report" + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153317" } ] } diff --git a/2018/1xxx/CVE-2018-1938.json b/2018/1xxx/CVE-2018-1938.json index e93209ce929..16c8ae00741 100644 --- a/2018/1xxx/CVE-2018-1938.json +++ b/2018/1xxx/CVE-2018-1938.json @@ -1,46 +1,14 @@ { - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10871770", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10871770", - "title" : "IBM Security Bulletin 871770 (Cloud Private)" - }, - { - "name" : "ibm-cloud-cve20181938-info-disc (153318)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153318", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "AC" : "L", - "A" : "N", - "C" : "H", - "SCORE" : "4.400", - "UI" : "N", - "PR" : "H", - "S" : "U", - "AV" : "L", - "I" : "N" - } - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-03-02T00:00:00", + "ID" : "CVE-2018-1938", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -54,20 +22,43 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318." + "value" : "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318." } ] }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "L", + "C" : "H", + "I" : "N", + "PR" : "H", + "S" : "U", + "SCORE" : "4.400", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { @@ -80,11 +71,18 @@ } ] }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2019-03-02T00:00:00", - "ID" : "CVE-2018-1938", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_version" : "4.0" + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10871770", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10871770" + }, + { + "name" : "ibm-cloud-cve20181938-info-disc(153318)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153318" + } + ] + } } diff --git a/2018/1xxx/CVE-2018-1939.json b/2018/1xxx/CVE-2018-1939.json index 0de5a7450a6..976cd832d0d 100644 --- a/2018/1xxx/CVE-2018-1939.json +++ b/2018/1xxx/CVE-2018-1939.json @@ -1,46 +1,8 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "H", - "AV" : "N", - "PR" : "L", - "S" : "C", - "A" : "N", - "AC" : "L", - "C" : "N", - "SCORE" : "6.800", - "UI" : "R" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10871652", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10871652", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 871652 (Cloud Private)" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153319", - "name" : "ibm-cloud-cve20181939-open-redirect (153319)" - } - ] - }, - "data_format" : "MITRE", - "data_version" : "4.0", "CVE_data_meta" : { "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1939", "DATE_PUBLIC" : "2019-03-02T00:00:00", + "ID" : "CVE-2018-1939", "STATE" : "PUBLIC" }, "affects" : { @@ -66,25 +28,61 @@ ] } }, + "data_format" : "MITRE", "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { - "value" : "IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319.", - "lang" : "eng" + "lang" : "eng", + "value" : "IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319." } ] }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "N", + "I" : "H", + "PR" : "L", + "S" : "C", + "SCORE" : "6.800", + "UI" : "R" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Gain Access", - "lang" : "eng" + "lang" : "eng", + "value" : "Gain Access" } ] } ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10871652", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10871652" + }, + { + "name" : "ibm-cloud-cve20181939-open-redirect(153319)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153319" + } + ] } } diff --git a/2019/4xxx/CVE-2019-4027.json b/2019/4xxx/CVE-2019-4027.json index 084cc9532f6..90376b1843a 100644 --- a/2019/4xxx/CVE-2019-4027.json +++ b/2019/4xxx/CVE-2019-4027.json @@ -1,18 +1,18 @@ { "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2019-02-28T00:00:00", "ID" : "CVE-2019-4027", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "Sterling B2B Integrator", "version" : { "version_data" : [ { @@ -22,72 +22,70 @@ "version_value" : "6.0.0.0" } ] - }, - "product_name" : "Sterling B2B Integrator" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 155905." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" + }, + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Cross-Site Scripting", - "lang" : "eng" + "lang" : "eng", + "value" : "Cross-Site Scripting" } ] } ] }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 155905." - } - ] - }, - "data_version" : "4.0", "references" : { "reference_data" : [ { - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246", "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246", "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 874246 (Sterling B2B Integrator)" + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246" }, { - "name" : "ibm-sterling-cve20194027-xss (155905)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155905", + "name" : "ibm-sterling-cve20194027-xss(155905)", "refsource" : "XF", - "title" : "X-Force Vulnerability Report" + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155905" } ] - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "UI" : "R", - "SCORE" : "5.400", - "AC" : "L", - "A" : "N", - "C" : "L", - "S" : "C", - "PR" : "L", - "I" : "L", - "AV" : "N" - } - } } } diff --git a/2019/4xxx/CVE-2019-4028.json b/2019/4xxx/CVE-2019-4028.json index db2ab4ddc68..4c971eeabfb 100644 --- a/2019/4xxx/CVE-2019-4028.json +++ b/2019/4xxx/CVE-2019-4028.json @@ -1,31 +1,10 @@ { "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4028", + "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2019-02-28T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" + "ID" : "CVE-2019-4028", + "STATE" : "PUBLIC" }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155906." - } - ] - }, - "data_type" : "CVE", "affects" : { "vendor" : { "vendor_data" : [ @@ -33,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "Sterling B2B Integrator", "version" : { "version_data" : [ { @@ -42,8 +22,7 @@ "version_value" : "6.0.0.0" } ] - }, - "product_name" : "Sterling B2B Integrator" + } } ] }, @@ -52,42 +31,61 @@ ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155906." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" + }, + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, "references" : { "reference_data" : [ { "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246", "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 874246 (Sterling B2B Integrator)" + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246" }, { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155906", - "name" : "ibm-sterling-cve20194028-xss (155906)", - "refsource" : "XF" + "name" : "ibm-sterling-cve20194028-xss(155906)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155906" } ] - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "I" : "L", - "S" : "C", - "PR" : "L", - "AC" : "L", - "C" : "L", - "A" : "N", - "UI" : "R", - "SCORE" : "5.400" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "H" - } - } } } diff --git a/2019/4xxx/CVE-2019-4029.json b/2019/4xxx/CVE-2019-4029.json index ecd74ab8575..a1e20d4115e 100644 --- a/2019/4xxx/CVE-2019-4029.json +++ b/2019/4xxx/CVE-2019-4029.json @@ -1,73 +1,14 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "H", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "I" : "L", - "AV" : "N", - "SCORE" : "5.400", - "UI" : "R", - "A" : "N", - "C" : "L", - "AC" : "L", - "PR" : "L", - "S" : "C" - } - } - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 874246 (Sterling B2B Integrator)", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155907", - "name" : "ibm-sterling-cve20194029-xss (155907)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_format" : "MITRE", - "data_version" : "4.0", "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2019-02-28T00:00:00", "ID" : "CVE-2019-4029", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 155907.", - "lang" : "eng" - } - ] + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -84,10 +25,67 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, - "data_type" : "CVE" + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 155907." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" + }, + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246" + }, + { + "name" : "ibm-sterling-cve20194029-xss(155907)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155907" + } + ] + } } diff --git a/2019/4xxx/CVE-2019-4032.json b/2019/4xxx/CVE-2019-4032.json index a7ad7a59b0e..5e14efcf085 100644 --- a/2019/4xxx/CVE-2019-4032.json +++ b/2019/4xxx/CVE-2019-4032.json @@ -1,30 +1,14 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Data Manipulation", - "lang" : "eng" - } - ] - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-01-31T00:00:00", + "ID" : "CVE-2019-4032", + "STATE" : "PUBLIC" }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998." - } - ] - }, - "data_type" : "CVE", "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -38,53 +22,67 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-01-31T00:00:00", - "ID" : "CVE-2019-4032", - "STATE" : "PUBLIC" - }, - "data_version" : "4.0", "data_format" : "MITRE", - "references" : { - "reference_data" : [ + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10869520", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10869520", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 869520 (Financial Transaction Manager)" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-ftm-cve20194032-sql-injection (155998)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155998" + "lang" : "eng", + "value" : "IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998." } ] }, "impact" : { "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, "BM" : { - "AV" : "N", - "I" : "L", - "S" : "U", - "PR" : "L", - "SCORE" : "6.300", - "UI" : "N", - "AC" : "L", "A" : "L", - "C" : "L" + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "U", + "SCORE" : "6.300", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" } } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Data Manipulation" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10869520", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10869520" + }, + { + "name" : "ibm-ftm-cve20194032-sql-injection(155998)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155998" + } + ] } } diff --git a/2019/4xxx/CVE-2019-4063.json b/2019/4xxx/CVE-2019-4063.json index 55792a3b080..f1d1cd46d08 100644 --- a/2019/4xxx/CVE-2019-4063.json +++ b/2019/4xxx/CVE-2019-4063.json @@ -1,36 +1,14 @@ { "CVE_data_meta" : { - "ID" : "CVE-2019-4063", + "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2019-02-28T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" + "ID" : "CVE-2019-4063", + "STATE" : "PUBLIC" }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the middle techniques. IBM X-ForceID: 157008.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -47,47 +25,67 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", "data_version" : "4.0", - "references" : { - "reference_data" : [ + "description" : { + "description_data" : [ { - "title" : "IBM Security Bulletin 874234 (Sterling B2B Integrator)", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874234", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874234", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sterling-cve20194063-info-disc (157008)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157008", - "refsource" : "XF" + "lang" : "eng", + "value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the middle techniques. IBM X-ForceID: 157008." } ] }, - "data_format" : "MITRE", "impact" : { "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "H", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "5.900", + "UI" : "N" + }, "TM" : { "E" : "U", "RC" : "C", "RL" : "O" - }, - "BM" : { - "S" : "U", - "PR" : "N", - "AC" : "H", - "A" : "N", - "C" : "H", - "UI" : "N", - "SCORE" : "5.900", - "I" : "N", - "AV" : "N" } } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874234", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874234" + }, + { + "name" : "ibm-sterling-cve20194063-info-disc(157008)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157008" + } + ] } }