admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-12-11 15:01:08 +00:00
parent 001225b447
commit 8923c84026
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
12 changed files with 642 additions and 420 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
2013/7xxx/CVE-2013-7370.json
View File

@ -8,15 +8,15 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "node-connect",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "node-connect",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "< 2.8.2"
"version_value": "< 2.8.1"
}
]
}
@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "node-connect before 2.8.2 has cross site scripting in methodOverride Middleware"
"value": "node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware"
}
]
},

75
2013/7xxx/CVE-2013-7371.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-7371",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "node-connect",
"product": {
"product_data": [
{
"product_name": "node-connect",
"version": {
"version_data": [
{
"version_value": "< 2.8.2"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "in the Sencha Labs Connect middleware"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting",
"url": "https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/05/13/1",
"url": "http://www.openwall.com/lists/oss-security/2014/05/13/1"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-7371",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-7371"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-7371",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-7371"
},
{
"url": "http://www.openwall.com/lists/oss-security/2014/04/21/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/04/21/2"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92710",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92710"
}
]
}

55
2014/0xxx/CVE-2014-0026.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0026",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "katello-headpin",
"version": {
"version_data": [
{
"version_value": "through 2014-01-29"
}
]
}
}
]
},
"vendor_name": "katello-headpin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "katello-headpin is vulnerable to CSRF in REST API"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF in REST API"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0026",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0026"
},
{
"url": "https://access.redhat.com/security/cve/cve-2014-0026",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2014-0026"
}
]
}

60
2014/0xxx/CVE-2014-0091.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0091",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foreman",
"version": {
"version_data": [
{
"version_value": "through 2014-03-05"
}
]
}
}
]
},
"vendor_name": "Foreman"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Foreman has improper input validation which could lead to partial Denial of Service"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2014-0091",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2014-0091"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0091",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0091"
},
{
"url": "https://access.redhat.com/security/cve/cve-2014-0091",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2014-0091"
}
]
}

12
2019/14xxx/CVE-2019-14899.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14899",
"ASSIGNER": "msiddiqu@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -49,7 +50,9 @@
"refsource": "CONFIRM"
},
{
"url": "https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/"
"url": "https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/",
"refsource": "MISC",
"name": "https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/"
}
]
},
@ -57,8 +60,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel."
"value": "A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel."
}
]
},
@ -72,4 +74,4 @@
]
]
}
}
}

152
2019/15xxx/CVE-2019-15007.json
View File

@ -1,76 +1,80 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-12-11T00:00:00",
"ID": "CVE-2019-15007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crucible",
"version": {
"version_data": [
{
"version_value": "4.7.3",
"version_affected": "<"
}
]
}
},
{
"product_name": "Fisheye",
"version": {
"version_data": [
{
"version_value": "4.7.3",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-12-11T00:00:00",
"ID": "CVE-2019-15007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crucible",
"version": {
"version_data": [
{
"version_value": "4.7.3",
"version_affected": "<"
}
]
}
},
{
"product_name": "Fisheye",
"version": {
"version_data": [
{
"version_value": "4.7.3",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CRUC-8439"
},
{
"url": "https://jira.atlassian.com/browse/FE-7250"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CRUC-8439",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CRUC-8439"
},
{
"url": "https://jira.atlassian.com/browse/FE-7250",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/FE-7250"
}
]
}
}

152
2019/15xxx/CVE-2019-15008.json
View File

@ -1,76 +1,80 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-12-11T00:00:00",
"ID": "CVE-2019-15008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crucible",
"version": {
"version_data": [
{
"version_value": "4.7.3",
"version_affected": "<"
}
]
}
},
{
"product_name": "Fisheye",
"version": {
"version_data": [
{
"version_value": "4.7.3",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-12-11T00:00:00",
"ID": "CVE-2019-15008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crucible",
"version": {
"version_data": [
{
"version_value": "4.7.3",
"version_affected": "<"
}
]
}
},
{
"product_name": "Fisheye",
"version": {
"version_data": [
{
"version_value": "4.7.3",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CRUC-8441"
},
{
"url": "https://jira.atlassian.com/browse/FE-7251"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CRUC-8441",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CRUC-8441"
},
{
"url": "https://jira.atlassian.com/browse/FE-7251",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/FE-7251"
}
]
}
}

152
2019/15xxx/CVE-2019-15009.json
View File

@ -1,76 +1,80 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-12-11T00:00:00",
"ID": "CVE-2019-15009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crucible",
"version": {
"version_data": [
{
"version_value": "4.8.0",
"version_affected": "<"
}
]
}
},
{
"product_name": "Fisheye",
"version": {
"version_data": [
{
"version_value": "4.8.0",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-12-11T00:00:00",
"ID": "CVE-2019-15009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crucible",
"version": {
"version_data": [
{
"version_value": "4.8.0",
"version_affected": "<"
}
]
}
},
{
"product_name": "Fisheye",
"version": {
"version_data": [
{
"version_value": "4.8.0",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CRUC-8443"
},
{
"url": "https://jira.atlassian.com/browse/FE-7252"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CRUC-8443",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CRUC-8443"
},
{
"url": "https://jira.atlassian.com/browse/FE-7252",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/FE-7252"
}
]
}
}

18
2019/19xxx/CVE-2019-19721.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19721",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/19xxx/CVE-2019-19722.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19722",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2019/4xxx/CVE-2019-4665.json
View File

@ -1,93 +1,93 @@
{
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/1118937",
"name" : "https://www.ibm.com/support/pages/node/1118937",
"title" : "IBM Security Bulletin 1118937 (Spectrum Scale)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/171247",
"name" : "ibm-spectrum-cve20194665-xss (171247)",
"title" : "X-Force Vulnerability Report"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-12-10T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4665"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Scale",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "4.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/1118937",
"name": "https://www.ibm.com/support/pages/node/1118937",
"title": "IBM Security Bulletin 1118937 (Spectrum Scale)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171247",
"name": "ibm-spectrum-cve20194665-xss (171247)",
"title": "X-Force Vulnerability Report"
}
]
}
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"UI" : "R",
"PR" : "L",
"C" : "L",
"S" : "C",
"SCORE" : "5.400",
"AC" : "L",
"I" : "L",
"AV" : "N"
},
"TM" : {
"E" : "H",
"RL" : "O",
"RC" : "C"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
},
"description": {
"description_data": [
{
"value": "IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247.",
"lang": "eng"
}
]
},
"data_version": "4.0",
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-12-10T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4665"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Scale",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "4.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
}
}
}
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"UI": "R",
"PR": "L",
"C": "L",
"S": "C",
"SCORE": "5.400",
"AC": "L",
"I": "L",
"AV": "N"
},
"TM": {
"E": "H",
"RL": "O",
"RC": "C"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
}
}

182
2019/4xxx/CVE-2019-4715.json
View File

@ -1,93 +1,93 @@
{
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Scale",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "4.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-12-10T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4715"
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Scale",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "4.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"I" : "H",
"AC" : "L",
"SCORE" : "8.800",
"S" : "U",
"PR" : "L",
"C" : "H",
"A" : "H",
"UI" : "N"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/1118913",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/1118913",
"title" : "IBM Security Bulletin 1118913 (Spectrum Scale)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-spectrum-cve20194715-command-exec (172093)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172093",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093.",
"lang" : "eng"
}
]
}
}
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-12-10T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4715"
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"I": "H",
"AC": "L",
"SCORE": "8.800",
"S": "U",
"PR": "L",
"C": "H",
"A": "H",
"UI": "N"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1118913",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/1118913",
"title": "IBM Security Bulletin 1118913 (Spectrum Scale)"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-spectrum-cve20194715-command-exec (172093)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172093",
"refsource": "XF"
}
]
},
"description": {
"description_data": [
{
"value": "IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093.",
"lang": "eng"
}
]
}
}