admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20180713-10210

Browse Source 
Added CVE-2017-1367, CVE-2017-1395
This commit is contained in:
Scott Moore - IBM 2018-07-13 10:21:00 -04:00
parent 283c8c48ff
commit 8a46c5ba77
No known key found for this signature in database
GPG Key ID: 95B9EA1B824C2926
2 changed files with 194 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
2017/1xxx/CVE-2017-1367.json
View File

@ -1,17 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1367",
"STATE" : "RESERVED"
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869",
"title" : "IBM Security Bulletin 2016869 (Security Identity Governance and Intelligence)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126860",
"name" : "ibm-sig-cve20171367-info-disc (126860)",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126860."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "N",
"A" : "N",
"AV" : "N",
"S" : "U",
"C" : "L",
"SCORE" : "3.700",
"AC" : "H",
"PR" : "N",
"UI" : "N"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Identity Governance and Intelligence",
"version" : {
"version_data" : [
{
"version_value" : "5.2"
},
{
"version_value" : "5.2.1"
},
{
"version_value" : "5.2.2"
},
{
"version_value" : "5.2.2.1"
},
{
"version_value" : "5.2.3"
},
{
"version_value" : "5.2.3.1"
},
{
"version_value" : "5.2.3.2"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2017-1367",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-07-10T00:00:00",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
}

106
2017/1xxx/CVE-2017-1395.json
View File

@ -1,17 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1395",
"STATE" : "RESERVED"
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869",
"title" : "IBM Security Bulletin 2016869 (Security Identity Governance and Intelligence)",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127341",
"name" : "ibm-sig-cve20171395-info-disc (127341)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"data_type" : "CVE",
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 127341.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"UI" : "N",
"PR" : "N",
"AC" : "H",
"SCORE" : "5.900",
"S" : "U",
"C" : "H",
"AV" : "N",
"A" : "N",
"I" : "N"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Identity Governance and Intelligence",
"version" : {
"version_data" : [
{
"version_value" : "5.2"
},
{
"version_value" : "5.2.1"
},
{
"version_value" : "5.2.2"
},
{
"version_value" : "5.2.2.1"
},
{
"version_value" : "5.2.3"
},
{
"version_value" : "5.2.3.1"
},
{
"version_value" : "5.2.3.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2018-07-10T00:00:00",
"ID" : "CVE-2017-1395",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
}