From 8923c8402656238571e32e4c5c6f89252e1f8223 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Dec 2019 15:01:08 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2013/7xxx/CVE-2013-7370.json | 8 +- 2013/7xxx/CVE-2013-7371.json | 75 +++++++++++++- 2014/0xxx/CVE-2014-0026.json | 55 +++++++++- 2014/0xxx/CVE-2014-0091.json | 60 ++++++++++- 2019/14xxx/CVE-2019-14899.json | 12 ++- 2019/15xxx/CVE-2019-15007.json | 152 +++++++++++++-------------- 2019/15xxx/CVE-2019-15008.json | 152 +++++++++++++-------------- 2019/15xxx/CVE-2019-15009.json | 152 +++++++++++++-------------- 2019/19xxx/CVE-2019-19721.json | 18 ++++ 2019/19xxx/CVE-2019-19722.json | 18 ++++ 2019/4xxx/CVE-2019-4665.json | 178 ++++++++++++++++---------------- 2019/4xxx/CVE-2019-4715.json | 182 ++++++++++++++++----------------- 12 files changed, 642 insertions(+), 420 deletions(-) create mode 100644 2019/19xxx/CVE-2019-19721.json create mode 100644 2019/19xxx/CVE-2019-19722.json diff --git a/2013/7xxx/CVE-2013-7370.json b/2013/7xxx/CVE-2013-7370.json index 62b518d12f6..fa4c7a983b0 100644 --- a/2013/7xxx/CVE-2013-7370.json +++ b/2013/7xxx/CVE-2013-7370.json @@ -8,15 +8,15 @@ "vendor": { "vendor_data": [ { - "vendor_name": "node-connect", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "node-connect", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "< 2.8.2" + "version_value": "< 2.8.1" } ] } @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "node-connect before 2.8.2 has cross site scripting in methodOverride Middleware" + "value": "node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware" } ] }, diff --git a/2013/7xxx/CVE-2013-7371.json b/2013/7xxx/CVE-2013-7371.json index dcb57d359d6..b81f96a8190 100644 --- a/2013/7xxx/CVE-2013-7371.json +++ b/2013/7xxx/CVE-2013-7371.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-7371", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "node-connect", + "product": { + "product_data": [ + { + "product_name": "node-connect", + "version": { + "version_data": [ + { + "version_value": "< 2.8.2" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,53 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "in the Sencha Labs Connect middleware" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting", + "url": "https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/05/13/1", + "url": "http://www.openwall.com/lists/oss-security/2014/05/13/1" + }, + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-7371", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-7371" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2013-7371", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2013-7371" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2014/04/21/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/04/21/2" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92710", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92710" } ] } diff --git a/2014/0xxx/CVE-2014-0026.json b/2014/0xxx/CVE-2014-0026.json index 1351fc60cc2..cd083578b1a 100644 --- a/2014/0xxx/CVE-2014-0026.json +++ b/2014/0xxx/CVE-2014-0026.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0026", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "katello-headpin", + "version": { + "version_data": [ + { + "version_value": "through 2014-01-29" + } + ] + } + } + ] + }, + "vendor_name": "katello-headpin" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "katello-headpin is vulnerable to CSRF in REST API" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSRF in REST API" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0026", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0026" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2014-0026", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2014-0026" } ] } diff --git a/2014/0xxx/CVE-2014-0091.json b/2014/0xxx/CVE-2014-0091.json index cfd6e51deb9..c397a4118ec 100644 --- a/2014/0xxx/CVE-2014-0091.json +++ b/2014/0xxx/CVE-2014-0091.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0091", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foreman", + "version": { + "version_data": [ + { + "version_value": "through 2014-03-05" + } + ] + } + } + ] + }, + "vendor_name": "Foreman" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Foreman has improper input validation which could lead to partial Denial of Service" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2014-0091", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2014-0091" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0091", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0091" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2014-0091", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2014-0091" } ] } diff --git a/2019/14xxx/CVE-2019-14899.json b/2019/14xxx/CVE-2019-14899.json index 2607bdf569b..1c0c5f8504a 100644 --- a/2019/14xxx/CVE-2019-14899.json +++ b/2019/14xxx/CVE-2019-14899.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-14899", - "ASSIGNER": "msiddiqu@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -49,7 +50,9 @@ "refsource": "CONFIRM" }, { - "url": "https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/" + "url": "https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/", + "refsource": "MISC", + "name": "https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/" } ] }, @@ -57,8 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel." - + "value": "A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel." } ] }, @@ -72,4 +74,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15007.json b/2019/15xxx/CVE-2019-15007.json index b2bff46d90f..af9c4bbd28a 100644 --- a/2019/15xxx/CVE-2019-15007.json +++ b/2019/15xxx/CVE-2019-15007.json @@ -1,76 +1,80 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-12-11T00:00:00", - "ID": "CVE-2019-15007", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Crucible", - "version": { - "version_data": [ - { - "version_value": "4.7.3", - "version_affected": "<" - } - ] - } - }, - { - "product_name": "Fisheye", - "version": { - "version_data": [ - { - "version_value": "4.7.3", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-12-11T00:00:00", + "ID": "CVE-2019-15007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Crucible", + "version": { + "version_data": [ + { + "version_value": "4.7.3", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Fisheye", + "version": { + "version_data": [ + { + "version_value": "4.7.3", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/CRUC-8439" - }, - { - "url": "https://jira.atlassian.com/browse/FE-7250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/CRUC-8439", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/CRUC-8439" + }, + { + "url": "https://jira.atlassian.com/browse/FE-7250", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/FE-7250" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15008.json b/2019/15xxx/CVE-2019-15008.json index ce94b8af202..6f8be355f39 100644 --- a/2019/15xxx/CVE-2019-15008.json +++ b/2019/15xxx/CVE-2019-15008.json @@ -1,76 +1,80 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-12-11T00:00:00", - "ID": "CVE-2019-15008", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Crucible", - "version": { - "version_data": [ - { - "version_value": "4.7.3", - "version_affected": "<" - } - ] - } - }, - { - "product_name": "Fisheye", - "version": { - "version_data": [ - { - "version_value": "4.7.3", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-12-11T00:00:00", + "ID": "CVE-2019-15008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Crucible", + "version": { + "version_data": [ + { + "version_value": "4.7.3", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Fisheye", + "version": { + "version_data": [ + { + "version_value": "4.7.3", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/CRUC-8441" - }, - { - "url": "https://jira.atlassian.com/browse/FE-7251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/CRUC-8441", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/CRUC-8441" + }, + { + "url": "https://jira.atlassian.com/browse/FE-7251", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/FE-7251" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15009.json b/2019/15xxx/CVE-2019-15009.json index 920f1ec387f..188122b37cb 100644 --- a/2019/15xxx/CVE-2019-15009.json +++ b/2019/15xxx/CVE-2019-15009.json @@ -1,76 +1,80 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-12-11T00:00:00", - "ID": "CVE-2019-15009", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Crucible", - "version": { - "version_data": [ - { - "version_value": "4.8.0", - "version_affected": "<" - } - ] - } - }, - { - "product_name": "Fisheye", - "version": { - "version_data": [ - { - "version_value": "4.8.0", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Improper Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-12-11T00:00:00", + "ID": "CVE-2019-15009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Crucible", + "version": { + "version_data": [ + { + "version_value": "4.8.0", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Fisheye", + "version": { + "version_data": [ + { + "version_value": "4.8.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/CRUC-8443" - }, - { - "url": "https://jira.atlassian.com/browse/FE-7252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/CRUC-8443", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/CRUC-8443" + }, + { + "url": "https://jira.atlassian.com/browse/FE-7252", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/FE-7252" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19721.json b/2019/19xxx/CVE-2019-19721.json new file mode 100644 index 00000000000..7b95f9fdf33 --- /dev/null +++ b/2019/19xxx/CVE-2019-19721.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19721", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19722.json b/2019/19xxx/CVE-2019-19722.json new file mode 100644 index 00000000000..413d26233a9 --- /dev/null +++ b/2019/19xxx/CVE-2019-19722.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19722", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4665.json b/2019/4xxx/CVE-2019-4665.json index 9b76ac96ee9..d84616200d8 100644 --- a/2019/4xxx/CVE-2019-4665.json +++ b/2019/4xxx/CVE-2019-4665.json @@ -1,93 +1,93 @@ { - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/1118937", - "name" : "https://www.ibm.com/support/pages/node/1118937", - "title" : "IBM Security Bulletin 1118937 (Spectrum Scale)" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/171247", - "name" : "ibm-spectrum-cve20194665-xss (171247)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "data_type" : "CVE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-12-10T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4665" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Spectrum Scale", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "4.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1118937", + "name": "https://www.ibm.com/support/pages/node/1118937", + "title": "IBM Security Bulletin 1118937 (Spectrum Scale)" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171247", + "name": "ibm-spectrum-cve20194665-xss (171247)", + "title": "X-Force Vulnerability Report" } - ] - } - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "UI" : "R", - "PR" : "L", - "C" : "L", - "S" : "C", - "SCORE" : "5.400", - "AC" : "L", - "I" : "L", - "AV" : "N" - }, - "TM" : { - "E" : "H", - "RL" : "O", - "RC" : "C" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247.", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-12-10T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2019-4665" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spectrum Scale", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "4.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - } -} + } + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "UI": "R", + "PR": "L", + "C": "L", + "S": "C", + "SCORE": "5.400", + "AC": "L", + "I": "L", + "AV": "N" + }, + "TM": { + "E": "H", + "RL": "O", + "RC": "C" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4715.json b/2019/4xxx/CVE-2019-4715.json index 2db4aa5f020..5cc2e04a20b 100644 --- a/2019/4xxx/CVE-2019-4715.json +++ b/2019/4xxx/CVE-2019-4715.json @@ -1,93 +1,93 @@ { - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Spectrum Scale", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "4.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-12-10T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4715" - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spectrum Scale", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "4.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "I" : "H", - "AC" : "L", - "SCORE" : "8.800", - "S" : "U", - "PR" : "L", - "C" : "H", - "A" : "H", - "UI" : "N" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/1118913", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/1118913", - "title" : "IBM Security Bulletin 1118913 (Spectrum Scale)" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-spectrum-cve20194715-command-exec (172093)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172093", - "refsource" : "XF" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093.", - "lang" : "eng" - } - ] - } -} + } + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-12-10T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2019-4715" + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "I": "H", + "AC": "L", + "SCORE": "8.800", + "S": "U", + "PR": "L", + "C": "H", + "A": "H", + "UI": "N" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/1118913", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1118913", + "title": "IBM Security Bulletin 1118913 (Spectrum Scale)" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-spectrum-cve20194715-command-exec (172093)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172093", + "refsource": "XF" + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093.", + "lang": "eng" + } + ] + } +} \ No newline at end of file