admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-07 21:47:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2019-03-05 13:05:15 -05:00
parent 38ae22ad2c
commit 85aa6bc0e7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
10 changed files with 461 additions and 481 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
2018/1xxx/CVE-2018-1875.json
View File

@ -1,30 +1,9 @@
{
"data_version" : "4.0",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2018-1875",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-02-01T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 151639.",
"lang" : "eng"
}
]
"ID" : "CVE-2018-1875",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
@ -33,6 +12,7 @@
"product" : {
"product_data" : [
{
"product_name" : "InfoSphere Information Governance Catalog",
"version" : {
"version_data" : [
{
@ -45,8 +25,7 @@
"version_value" : "11.7"
}
]
},
"product_name" : "InfoSphere Information Governance Catalog"
}
},
{
"product_name" : "InfoSphere Information Server on Cloud",
@ -68,42 +47,61 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 151639."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "N",
"I" : "H",
"PR" : "N",
"S" : "C",
"SCORE" : "7.400",
"UI" : "R"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"AV" : "N",
"I" : "H",
"S" : "C",
"PR" : "N",
"C" : "N",
"AC" : "L",
"A" : "N",
"SCORE" : "7.400",
"UI" : "R"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738911",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10738911",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 738911 (InfoSphere Information Governance Catalog)"
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738911"
},
{
"name" : "ibm-infosphere-cve20181875-open-redirect(151639)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151639",
"name" : "ibm-infosphere-cve20181875-open-redirect (151639)",
"title" : "X-Force Vulnerability Report"
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151639"
}
]
},
"data_format" : "MITRE"
}
}

78
2018/1xxx/CVE-2018-1899.json
View File

@ -1,10 +1,14 @@
{
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-02-01T00:00:00",
"ID" : "CVE-2018-1899",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -24,72 +28,66 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528.",
"lang" : "eng"
"lang" : "eng",
"value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "A",
"C" : "N",
"I" : "L",
"PR" : "N",
"S" : "U",
"SCORE" : "4.300",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2018-1899",
"DATE_PUBLIC" : "2019-02-01T00:00:00"
},
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"S" : "U",
"UI" : "N",
"SCORE" : "4.300",
"AC" : "L",
"A" : "N",
"C" : "N",
"I" : "L",
"AV" : "A"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10744029",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744029",
"title" : "IBM Security Bulletin 744029 (InfoSphere Information Server)"
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744029"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152528",
"name" : "ibm-infosphere-cve20181899-improper-access (152528)",
"name" : "ibm-infosphere-cve20181899-improper-access(152528)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152528"
}
]
}

88
2018/1xxx/CVE-2018-1937.json
View File

@ -1,24 +1,9 @@
{
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317."
}
]
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-03-02T00:00:00",
"ID" : "CVE-2018-1937",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
@ -27,14 +12,14 @@
"product" : {
"product_data" : [
{
"product_name" : "Cloud Private",
"version" : {
"version_data" : [
{
"version_value" : "3.1.1"
}
]
},
"product_name" : "Cloud Private"
}
}
]
},
@ -43,47 +28,60 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-03-02T00:00:00",
"ID" : "CVE-2018-1937",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "L",
"C" : "H",
"I" : "N",
"PR" : "H",
"S" : "U",
"AC" : "L",
"C" : "H",
"A" : "N",
"UI" : "N",
"SCORE" : "4.400",
"AV" : "L",
"I" : "N"
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 871766 (Cloud Private)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10871766",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10871766",
"refsource" : "CONFIRM"
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10871766"
},
{
"name" : "ibm-cloud-cve20181937-info-disc(153317)",
"refsource" : "XF",
"name" : "ibm-cloud-cve20181937-info-disc (153317)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153317",
"title" : "X-Force Vulnerability Report"
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153317"
}
]
}

90
2018/1xxx/CVE-2018-1938.json
View File

@ -1,46 +1,14 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10871770",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10871770",
"title" : "IBM Security Bulletin 871770 (Cloud Private)"
},
{
"name" : "ibm-cloud-cve20181938-info-disc (153318)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153318",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"AC" : "L",
"A" : "N",
"C" : "H",
"SCORE" : "4.400",
"UI" : "N",
"PR" : "H",
"S" : "U",
"AV" : "L",
"I" : "N"
}
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-03-02T00:00:00",
"ID" : "CVE-2018-1938",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -54,20 +22,43 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318."
"value" : "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "L",
"C" : "H",
"I" : "N",
"PR" : "H",
"S" : "U",
"SCORE" : "4.400",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
@ -80,11 +71,18 @@
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-03-02T00:00:00",
"ID" : "CVE-2018-1938",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_version" : "4.0"
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10871770",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10871770"
},
{
"name" : "ibm-cloud-cve20181938-info-disc(153318)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153318"
}
]
}
}

84
2018/1xxx/CVE-2018-1939.json
View File

@ -1,46 +1,8 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "H",
"AV" : "N",
"PR" : "L",
"S" : "C",
"A" : "N",
"AC" : "L",
"C" : "N",
"SCORE" : "6.800",
"UI" : "R"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10871652",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10871652",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 871652 (Cloud Private)"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153319",
"name" : "ibm-cloud-cve20181939-open-redirect (153319)"
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1939",
"DATE_PUBLIC" : "2019-03-02T00:00:00",
"ID" : "CVE-2018-1939",
"STATE" : "PUBLIC"
},
"affects" : {
@ -66,25 +28,61 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319.",
"lang" : "eng"
"lang" : "eng",
"value" : "IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "N",
"I" : "H",
"PR" : "L",
"S" : "C",
"SCORE" : "6.800",
"UI" : "R"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10871652",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10871652"
},
{
"name" : "ibm-cloud-cve20181939-open-redirect(153319)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153319"
}
]
}
}

84
2019/4xxx/CVE-2019-4027.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-02-28T00:00:00",
"ID" : "CVE-2019-4027",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
@ -22,72 +22,70 @@
"version_value" : "6.0.0.0"
}
]
},
"product_name" : "Sterling B2B Integrator"
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 155905."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 155905."
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 874246 (Sterling B2B Integrator)"
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246"
},
{
"name" : "ibm-sterling-cve20194027-xss (155905)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155905",
"name" : "ibm-sterling-cve20194027-xss(155905)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155905"
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"UI" : "R",
"SCORE" : "5.400",
"AC" : "L",
"A" : "N",
"C" : "L",
"S" : "C",
"PR" : "L",
"I" : "L",
"AV" : "N"
}
}
}
}

104
2019/4xxx/CVE-2019-4028.json
View File

@ -1,31 +1,10 @@
{
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4028",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-02-28T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
"ID" : "CVE-2019-4028",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155906."
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -33,6 +12,7 @@
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
@ -42,8 +22,7 @@
"version_value" : "6.0.0.0"
}
]
},
"product_name" : "Sterling B2B Integrator"
}
}
]
},
@ -52,42 +31,61 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155906."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 874246 (Sterling B2B Integrator)"
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155906",
"name" : "ibm-sterling-cve20194028-xss (155906)",
"refsource" : "XF"
"name" : "ibm-sterling-cve20194028-xss(155906)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155906"
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"I" : "L",
"S" : "C",
"PR" : "L",
"AC" : "L",
"C" : "L",
"A" : "N",
"UI" : "R",
"SCORE" : "5.400"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "H"
}
}
}
}

124
2019/4xxx/CVE-2019-4029.json
View File

@ -1,73 +1,14 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"I" : "L",
"AV" : "N",
"SCORE" : "5.400",
"UI" : "R",
"A" : "N",
"C" : "L",
"AC" : "L",
"PR" : "L",
"S" : "C"
}
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 874246 (Sterling B2B Integrator)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155907",
"name" : "ibm-sterling-cve20194029-xss (155907)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-02-28T00:00:00",
"ID" : "CVE-2019-4029",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 155907.",
"lang" : "eng"
}
]
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -84,10 +25,67 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_type" : "CVE"
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 155907."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874246"
},
{
"name" : "ibm-sterling-cve20194029-xss(155907)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155907"
}
]
}
}

106
2019/4xxx/CVE-2019-4032.json
View File

@ -1,30 +1,14 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Data Manipulation",
"lang" : "eng"
}
]
}
]
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-01-31T00:00:00",
"ID" : "CVE-2019-4032",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998."
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -38,53 +22,67 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-01-31T00:00:00",
"ID" : "CVE-2019-4032",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10869520",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10869520",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 869520 (Financial Transaction Manager)"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-ftm-cve20194032-sql-injection (155998)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155998"
"lang" : "eng",
"value" : "IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AV" : "N",
"I" : "L",
"S" : "U",
"PR" : "L",
"SCORE" : "6.300",
"UI" : "N",
"AC" : "L",
"A" : "L",
"C" : "L"
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "U",
"SCORE" : "6.300",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Data Manipulation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10869520",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10869520"
},
{
"name" : "ibm-ftm-cve20194032-sql-injection(155998)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155998"
}
]
}
}

98
2019/4xxx/CVE-2019-4063.json
View File

@ -1,36 +1,14 @@
{
"CVE_data_meta" : {
"ID" : "CVE-2019-4063",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-02-28T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
"ID" : "CVE-2019-4063",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the middle techniques. IBM X-ForceID: 157008.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -47,47 +25,67 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
"description" : {
"description_data" : [
{
"title" : "IBM Security Bulletin 874234 (Sterling B2B Integrator)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874234",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874234",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sterling-cve20194063-info-disc (157008)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157008",
"refsource" : "XF"
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the middle techniques. IBM X-ForceID: 157008."
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.900",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"S" : "U",
"PR" : "N",
"AC" : "H",
"A" : "N",
"C" : "H",
"UI" : "N",
"SCORE" : "5.900",
"I" : "N",
"AV" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874234",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874234"
},
{
"name" : "ibm-sterling-cve20194063-info-disc(157008)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157008"
}
]
}
}