admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20210204-114849

Browse Source 
Added CVE-2020-5032, CVE-2020-4827, CVE-2020-4826, CVE-2020-4640, CVE-2020-4828, CVE-2020-4825
This commit is contained in:
Scott Moore - IBM 2021-02-04 11:48:49 -05:00
parent 0e75a2d32a
commit 87693afda7
No known key found for this signature in database
GPG Key ID: 8E6C411D57F2D75C
6 changed files with 570 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
2020/4xxx/CVE-2020-4640.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4640",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-02-02T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4640"
},
"description" : {
"description_data" : [
{
"value" : "Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use of this information to perform attacks by impersonating a user. IBM X-Force ID: 185510.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"PR" : "L",
"AC" : "H",
"UI" : "R",
"S" : "U",
"I" : "L",
"A" : "N",
"SCORE" : "3.400",
"C" : "L",
"AV" : "A"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "API Connect",
"version" : {
"version_data" : [
{
"version_value" : "2018.4.1.0"
},
{
"version_value" : "2018.4.1.13"
},
{
"version_value" : "10.0.0.0"
},
{
"version_value" : "10.0.1.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6410486 (API Connect)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6410486",
"url" : "https://www.ibm.com/support/pages/node/6410486"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/185510",
"name" : "ibm-api-cve20204640-info-disc (185510)"
}
]
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE"
}

111
2020/4xxx/CVE-2020-4825.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4825",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6410506",
"url" : "https://www.ibm.com/support/pages/node/6410506",
"title" : "IBM Security Bulletin 6410506 (API Connect)",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-api-cve20204825-xss (189839)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189839",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"UI" : "R",
"PR" : "L",
"A" : "N",
"I" : "L",
"S" : "C",
"AV" : "N",
"C" : "L",
"SCORE" : "5.400"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "H"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "API Connect",
"version" : {
"version_data" : [
{
"version_value" : "2018.4.1.0"
},
{
"version_value" : "2018.4.1.13"
},
{
"version_value" : "10.0.0.0"
},
{
"version_value" : "10.0.1.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4825",
"DATE_PUBLIC" : "2021-02-02T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189839."
}
]
}
}

111
2020/4xxx/CVE-2020-4826.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4826",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"value" : "IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-02-02T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4826"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2018.4.1.0"
},
{
"version_value" : "2018.4.1.13"
},
{
"version_value" : "10.0.0.0"
},
{
"version_value" : "10.0.1.0"
}
]
},
"product_name" : "API Connect"
}
]
}
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"C" : "N",
"SCORE" : "4.300",
"AV" : "N",
"S" : "U",
"A" : "N",
"I" : "L",
"UI" : "R",
"AC" : "L",
"PR" : "N"
}
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6410912 (API Connect)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6410912",
"url" : "https://www.ibm.com/support/pages/node/6410912"
},
{
"name" : "ibm-api-cve20204826-csrf (189840)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189840",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE"
}

111
2020/4xxx/CVE-2020-4827.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4827",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-02-02T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4827"
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"A" : "N",
"I" : "L",
"S" : "U",
"UI" : "R",
"AC" : "L",
"PR" : "N",
"AV" : "N",
"C" : "N",
"SCORE" : "4.300"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2018.4.1.0"
},
{
"version_value" : "2018.4.1.13"
},
{
"version_value" : "10.0.0.0"
},
{
"version_value" : "10.0.1.0"
}
]
},
"product_name" : "API Connect"
}
]
}
}
]
}
}
]
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6410500",
"url" : "https://www.ibm.com/support/pages/node/6410500",
"title" : "IBM Security Bulletin 6410500 (API Connect)",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-api-cve20204827-csrf (189841)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189841",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
}
}

111
2020/4xxx/CVE-2020-4828.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4828",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-02-02T00:00:00",
"ID" : "CVE-2020-4828"
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AV" : "N",
"SCORE" : "6.500",
"C" : "L",
"PR" : "N",
"UI" : "N",
"AC" : "L",
"I" : "L",
"A" : "N",
"S" : "U"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2018.4.1.0"
},
{
"version_value" : "2018.4.1.13"
},
{
"version_value" : "10.0.0.0"
},
{
"version_value" : "10.0.1.0"
}
]
},
"product_name" : "API Connect"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6410498 (API Connect)",
"url" : "https://www.ibm.com/support/pages/node/6410498",
"name" : "https://www.ibm.com/support/pages/node/6410498"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189842",
"name" : "ibm-api-cve20204828-cache-poisoning (189842)"
}
]
}
}

105
2020/5xxx/CVE-2020-5032.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5032",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar SIEM 7.3 and 7.4 in some configurations may be vulnerable to a temporary denial of service attack when sent particular payloads. IBM X-Force ID: 194178."
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2020-5032",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-02-02T00:00:00",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.3"
},
{
"version_value" : "7.4"
}
]
},
"product_name" : "QRadar SIEM"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "A",
"C" : "N",
"SCORE" : "3.100",
"A" : "L",
"I" : "N",
"S" : "U",
"UI" : "N",
"AC" : "H",
"PR" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6411014",
"name" : "https://www.ibm.com/support/pages/node/6411014",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6411014 (QRadar SIEM)"
},
{
"name" : "ibm-qradar-cve20205032-dos (194178)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/194178",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"data_format" : "MITRE"
}