admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20211115-103312

Browse Source 
Added CVE-2021-38983, CVE-2021-38978, CVE-2021-38975, CVE-2021-38982, CVE-2021-38981, CVE-2021-38984, CVE-2021-38976, CVE-2021-38974, CVE-2021-38979, CVE-2021-38977
This commit is contained in:
Scott Moore - IBM 2021-11-15 10:33:12 -05:00
parent 12e416aad9
commit 87590b5109
No known key found for this signature in database
GPG Key ID: 8E6C411D57F2D75C
10 changed files with 1110 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
2021/38xxx/CVE-2021-38974.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38974",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779."
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6516046",
"title" : "IBM Security Bulletin 6516046 (Security Key Lifecycle Manager)",
"url" : "https://www.ibm.com/support/pages/node/6516046",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212779",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve202138974-dos (212779)"
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"UI" : "N",
"SCORE" : "5.400",
"C" : "N",
"AV" : "N",
"I" : "L",
"S" : "U",
"A" : "L",
"PR" : "L",
"AC" : "L"
}
}
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Security Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-11-12T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38974",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0"
}

126
2021/38xxx/CVE-2021-38975.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38975",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-11-12T00:00:00",
"ID" : "CVE-2021-38975",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
},
"product_name" : "Security Key Lifecycle Manager"
}
]
}
}
]
}
}
]
}
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"I" : "N",
"S" : "U",
"A" : "N",
"PR" : "L",
"AC" : "L",
"UI" : "N",
"SCORE" : "4.300",
"C" : "L",
"AV" : "N"
}
}
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6516044",
"title" : "IBM Security Bulletin 6516044 (Security Key Lifecycle Manager)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6516044"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve202138975-info-disc (212780)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212780"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 212780.",
"lang" : "eng"
}
]
}
}

126
2021/38xxx/CVE-2021-38976.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38976",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6516038 (Security Key Lifecycle Manager)",
"name" : "https://www.ibm.com/support/pages/node/6516038",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6516038"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212781",
"refsource" : "XF",
"name" : "ibm-tivoli-cve202138976-info-disc (212781)",
"title" : "X-Force Vulnerability Report"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2021-38976",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-11-12T00:00:00",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Security Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"SCORE" : "6.200",
"AV" : "L",
"C" : "H",
"S" : "U",
"I" : "N",
"A" : "N",
"PR" : "N",
"AC" : "L"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
}
}

126
2021/38xxx/CVE-2021-38977.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38977",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
}
}
]
}
}
]
}
}
]
}
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AV" : "N",
"C" : "L",
"SCORE" : "3.100",
"UI" : "R",
"AC" : "H",
"PR" : "N",
"S" : "U",
"I" : "N",
"A" : "N"
}
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38977",
"DATE_PUBLIC" : "2021-11-12T00:00:00",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 212782.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6516052 (Security Key Lifecycle Manager)",
"name" : "https://www.ibm.com/support/pages/node/6516052",
"url" : "https://www.ibm.com/support/pages/node/6516052",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve202138977-info-disc (212782)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212782"
}
]
}
}

126
2021/38xxx/CVE-2021-38978.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38978",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6516050",
"title" : "IBM Security Bulletin 6516050 (Security Key Lifecycle Manager)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6516050"
},
{
"name" : "ibm-tivoli-cve202138978-info-disc (212783)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212783",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 212783."
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38978",
"DATE_PUBLIC" : "2021-11-12T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"UI" : "N",
"SCORE" : "5.900",
"C" : "H",
"AV" : "N",
"A" : "N",
"S" : "U",
"I" : "N",
"PR" : "N",
"AC" : "H"
}
}
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
},
"product_name" : "Security Key Lifecycle Manager"
}
]
}
}
]
}
}
]
}
}
}

126
2021/38xxx/CVE-2021-38979.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38979",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"SCORE" : "4.400",
"UI" : "N",
"AV" : "N",
"C" : "H",
"PR" : "H",
"I" : "N",
"S" : "U",
"A" : "N",
"AC" : "H"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
},
"product_name" : "Security Key Lifecycle Manager"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-11-12T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38979",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6516034",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6516034",
"title" : "IBM Security Bulletin 6516034 (Security Key Lifecycle Manager)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212785",
"name" : "ibm-tivoli-cve202138979-info-disc (212785)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE"
}

126
2021/38xxx/CVE-2021-38981.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38981",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-11-12T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38981",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "N",
"S" : "U",
"A" : "N",
"PR" : "N",
"AC" : "L",
"UI" : "N",
"SCORE" : "5.300",
"C" : "L",
"AV" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
},
"product_name" : "Security Key Lifecycle Manager"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6516048",
"name" : "https://www.ibm.com/support/pages/node/6516048",
"title" : "IBM Security Bulletin 6516048 (Security Key Lifecycle Manager)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212788",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve202138981-info-disc (212788)"
}
]
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788.",
"lang" : "eng"
}
]
}
}

126
2021/38xxx/CVE-2021-38982.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38982",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212791.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6516042",
"title" : "IBM Security Bulletin 6516042 (Security Key Lifecycle Manager)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6516042"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212791",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve202138982-xss (212791)"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Security Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "5.400",
"UI" : "R",
"C" : "L",
"AV" : "N",
"PR" : "L",
"S" : "C",
"I" : "L",
"A" : "N",
"AC" : "L"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "H"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38982",
"DATE_PUBLIC" : "2021-11-12T00:00:00",
"STATE" : "PUBLIC"
}
}

126
2021/38xxx/CVE-2021-38983.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38983",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38983",
"DATE_PUBLIC" : "2021-11-12T00:00:00",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
}
}
]
}
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "H",
"AV" : "N",
"SCORE" : "4.400",
"UI" : "N",
"AC" : "H",
"PR" : "H",
"I" : "N",
"S" : "U",
"A" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6516036",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6516036 (Security Key Lifecycle Manager)",
"name" : "https://www.ibm.com/support/pages/node/6516036"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212792",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve202138983-info-disc (212792)"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792."
}
]
}
}

126
2021/38xxx/CVE-2021-38984.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38984",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6516032",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6516032",
"title" : "IBM Security Bulletin 6516032 (Security Key Lifecycle Manager)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve202138984-info-disc (212793)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212793"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793."
}
]
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38984",
"DATE_PUBLIC" : "2021-11-12T00:00:00",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
},
"product_name" : "Security Key Lifecycle Manager"
}
]
}
}
]
}
}
]
}
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "3.700",
"UI" : "N",
"C" : "L",
"AV" : "N",
"PR" : "N",
"I" : "N",
"S" : "U",
"A" : "N",
"AC" : "H"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
}
}