admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-12-12 11:06:22 -05:00
parent 0a16d88057
commit 9030c7b312
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
22 changed files with 515 additions and 431 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2018/11xxx/CVE-2018-11457.json
View File

@ -59,6 +59,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
}
]

2
2018/11xxx/CVE-2018-11458.json
View File

@ -59,6 +59,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
}
]

2
2018/11xxx/CVE-2018-11459.json
View File

@ -65,6 +65,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
}
]

2
2018/11xxx/CVE-2018-11460.json
View File

@ -65,6 +65,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
}
]

2
2018/11xxx/CVE-2018-11461.json
View File

@ -65,6 +65,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
}
]

2
2018/11xxx/CVE-2018-11462.json
View File

@ -65,6 +65,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
}
]

2
2018/11xxx/CVE-2018-11463.json
View File

@ -65,6 +65,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
}
]

2
2018/11xxx/CVE-2018-11464.json
View File

@ -59,6 +59,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
}
]

2
2018/11xxx/CVE-2018-11465.json
View File

@ -65,6 +65,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
}
]

2
2018/11xxx/CVE-2018-11466.json
View File

@ -65,6 +65,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
}
]

2
2018/13xxx/CVE-2018-13816.json
View File

@ -53,6 +53,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdf"
}
]

104
2018/1xxx/CVE-2018-1474.json
View File

@ -1,57 +1,10 @@
{
"data_type" : "CVE",
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"AC" : "L",
"PR" : "N",
"C" : "L",
"SCORE" : "6.100",
"UI" : "R",
"A" : "N",
"I" : "L",
"AV" : "N",
"S" : "C"
}
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 733605 (BigFix Platform)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-bigfix-cve20181474-response-splitting (140692)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140692"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-force ID: 140692.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2018-12-10T00:00:00",
"ID" : "CVE-2018-1474",
"DATE_PUBLIC" : "2018-12-10T00:00:00"
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -59,6 +12,7 @@
"product" : {
"product_data" : [
{
"product_name" : "BigFix Platform",
"version" : {
"version_data" : [
{
@ -74,8 +28,7 @@
"version_value" : "9.5.0"
}
]
},
"product_name" : "BigFix Platform"
}
}
]
},
@ -84,16 +37,61 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-force ID: 140692."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "N",
"S" : "C",
"SCORE" : "6.100",
"UI" : "R"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605"
},
{
"name" : "ibm-bigfix-cve20181474-response-splitting(140692)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140692"
}
]
}
}

110
2018/1xxx/CVE-2018-1476.json
View File

@ -1,55 +1,14 @@
{
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 733605 (BigFix Platform)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140757",
"name" : "ibm-bigfix-cve20181476-info-disc (140757)"
}
]
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-10T00:00:00",
"ID" : "CVE-2018-1476",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 140757."
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "N",
"AV" : "N",
"S" : "U",
"C" : "L",
"SCORE" : "5.300",
"PR" : "N",
"AC" : "L",
"A" : "N",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -72,28 +31,67 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 140757."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.300",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2018-1476",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-10T00:00:00"
},
"data_version" : "4.0"
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605"
},
{
"name" : "ibm-bigfix-cve20181476-info-disc(140757)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140757"
}
]
}
}

94
2018/1xxx/CVE-2018-1478.json
View File

@ -1,57 +1,10 @@
{
"data_type" : "CVE",
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"AC" : "L",
"C" : "L",
"SCORE" : "6.100",
"UI" : "R",
"A" : "N",
"AV" : "N",
"I" : "L",
"S" : "C"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605",
"title" : "IBM Security Bulletin 733605 (BigFix Platform)",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-bigfix-cve20181478-clickjacking (140760)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140760"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 140760."
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-12-10T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-10T00:00:00",
"ID" : "CVE-2018-1478",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -84,6 +37,37 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 140760."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "N",
"S" : "C",
"SCORE" : "6.100",
"UI" : "R"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
@ -95,5 +79,19 @@
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605"
},
{
"name" : "ibm-bigfix-cve20181478-clickjacking(140760)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140760"
}
]
}
}

86
2018/1xxx/CVE-2018-1480.json
View File

@ -1,4 +1,10 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-10T00:00:00",
"ID" : "CVE-2018-1480",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
@ -6,6 +12,7 @@
"product" : {
"product_data" : [
{
"product_name" : "BigFix Platform",
"version" : {
"version_data" : [
{
@ -21,8 +28,7 @@
"version_value" : "9.5.0"
}
]
},
"product_name" : "BigFix Platform"
}
}
]
},
@ -31,6 +37,37 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie values via malicious JavaScript and then hijack the user session. IBM X-Force ID: 140762."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "N",
"S" : "C",
"SCORE" : "4.000",
"UI" : "N"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
@ -43,57 +80,18 @@
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-12-10T00:00:00",
"ID" : "CVE-2018-1480",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 733605 (BigFix Platform)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-bigfix-cve20181480-xss(140762)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140762",
"name" : "ibm-bigfix-cve20181480-xss (140762)"
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140762"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie values via malicious JavaScript and then hijack the user session. IBM X-Force ID: 140762.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
},
"BM" : {
"S" : "C",
"AV" : "N",
"I" : "N",
"UI" : "N",
"A" : "N",
"AC" : "H",
"PR" : "N",
"C" : "L",
"SCORE" : "4.000"
}
}
}
}

106
2018/1xxx/CVE-2018-1481.json
View File

@ -1,55 +1,14 @@
{
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 733605 (BigFix Platform)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140763",
"name" : "ibm-bigfix-cve20181481-info-disc (140763)"
}
]
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-10T00:00:00",
"ID" : "CVE-2018-1481",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"value" : "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 140763.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"AV" : "N",
"I" : "N",
"A" : "N",
"UI" : "N",
"SCORE" : "3.700",
"C" : "L",
"PR" : "N",
"AC" : "H"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -72,11 +31,43 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 140763."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "3.700",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
@ -89,11 +80,18 @@
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2018-1481",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-10T00:00:00"
},
"data_version" : "4.0"
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605"
},
{
"name" : "ibm-bigfix-cve20181481-info-disc(140763)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140763"
}
]
}
}

82
2018/1xxx/CVE-2018-1484.json
View File

@ -1,16 +1,14 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-10T00:00:00",
"ID" : "CVE-2018-1484",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -33,66 +31,66 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 140969."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "3.700",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"UI" : "N",
"C" : "L",
"SCORE" : "3.700",
"AC" : "H",
"PR" : "N",
"S" : "U",
"AV" : "N",
"I" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 733605 (BigFix Platform)"
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140969",
"name" : "ibm-bigfix-cve20181484-info-disc (140969)",
"name" : "ibm-bigfix-cve20181484-info-disc(140969)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 140969."
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140969"
}
]
}

82
2018/1xxx/CVE-2018-1485.json
View File

@ -1,22 +1,9 @@
{
"data_version" : "4.0",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2018-1485",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-10T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
"DATE_PUBLIC" : "2018-12-10T00:00:00",
"ID" : "CVE-2018-1485",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
@ -50,33 +37,46 @@
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"S" : "U",
"I" : "N",
"AV" : "N",
"A" : "N",
"UI" : "N",
"SCORE" : "3.100",
"C" : "L",
"PR" : "L",
"AC" : "H"
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 140970."
"value" : "IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 140970."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "3.100",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
@ -84,15 +84,13 @@
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 733605 (BigFix Platform)"
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10733605"
},
{
"name" : "ibm-bigfix-cve20181485-info-disc (140970)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140970",
"name" : "ibm-bigfix-cve20181485-info-disc(140970)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140970"
}
]
}

106
2018/1xxx/CVE-2018-1901.json
View File

@ -1,49 +1,9 @@
{
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10738727",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10738727",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 738727 (WebSphere Application Server)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152530",
"name" : "ibm-websphere-cve20181901-priv-escalation (152530)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. IBM X-Force ID: 152530."
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"PR" : "L",
"AC" : "H",
"SCORE" : "5.000",
"C" : "L",
"UI" : "N",
"A" : "L",
"AV" : "N",
"I" : "L",
"S" : "U"
}
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-10T00:00:00",
"ID" : "CVE-2018-1901",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
@ -52,6 +12,7 @@
"product" : {
"product_data" : [
{
"product_name" : "WebSphere Application Server",
"version" : {
"version_data" : [
{
@ -64,8 +25,7 @@
"version_value" : "Liberty"
}
]
},
"product_name" : "WebSphere Application Server"
}
}
]
},
@ -74,6 +34,37 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. IBM X-Force ID: 152530."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "L",
"AC" : "H",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "U",
"SCORE" : "5.000",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
@ -86,11 +77,18 @@
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-12-10T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1901",
"STATE" : "PUBLIC"
},
"data_version" : "4.0"
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10738727",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10738727"
},
{
"name" : "ibm-websphere-cve20181901-priv-escalation(152530)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152530"
}
]
}
}

74
2018/1xxx/CVE-2018-1926.json
View File

@ -1,11 +1,10 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-10T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2018-1926",
"ASSIGNER" : "psirt@us.ibm.com"
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -38,6 +37,37 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit this vulnerability to perform CSRF attack and update available applications. IBM X-Force ID: 152992."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "N",
"I" : "L",
"PR" : "N",
"S" : "U",
"SCORE" : "4.300",
"UI" : "R"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
@ -50,49 +80,17 @@
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"S" : "U",
"I" : "L",
"AV" : "N",
"A" : "N",
"UI" : "R",
"SCORE" : "4.300",
"C" : "N",
"AC" : "L",
"PR" : "N"
}
}
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 742301 (WebSphere Application Server)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10742301",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10742301"
},
{
"name" : "ibm-websphere-cve20181926-csrf(152992)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152992",
"name" : "ibm-websphere-cve20181926-csrf (152992)"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit this vulnerability to perform CSRF attack and update available applications. IBM X-Force ID: 152992.",
"lang" : "eng"
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152992"
}
]
}

18
2018/20xxx/CVE-2018-20100.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20100",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2018/20xxx/CVE-2018-20101.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20101",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The codection \"Import users from CSV with meta\" plugin before 1.12.1 for WordPress allows XSS via the value of a cell."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers",
"refsource" : "MISC",
"url" : "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
}
]
}
}