admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20210108-14832

Browse Source 
Added CVE-2020-5017, CVE-2020-5019, CVE-2020-5020, CVE-2020-5022, CVE-2020-5021, CVE-2020-5018
This commit is contained in:
Scott Moore - IBM 2021-01-08 14:08:32 -05:00
parent 878363c77e
commit 9100a00581
No known key found for this signature in database
GPG Key ID: 8E6C411D57F2D75C
6 changed files with 540 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
2020/5xxx/CVE-2020-5017.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5017",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"A" : "N",
"S" : "U",
"AV" : "L",
"I" : "N",
"C" : "L",
"AC" : "H",
"PR" : "N",
"UI" : "N",
"SCORE" : "2.900"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. IBM X-Force ID: 193653."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Plus",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.6"
}
]
}
}
]
}
}
]
}
}
]
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-5017",
"DATE_PUBLIC" : "2021-01-07T00:00:00",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6398754 (Spectrum Protect Plus)",
"url" : "https://www.ibm.com/support/pages/node/6398754",
"name" : "https://www.ibm.com/support/pages/node/6398754",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/193653",
"name" : "ibm-spectrum-cve20205017-info-disc (193653)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0"
}

105
2020/5xxx/CVE-2020-5018.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5018",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6398754",
"name" : "https://www.ibm.com/support/pages/node/6398754",
"title" : "IBM Security Bulletin 6398754 (Spectrum Protect Plus)"
},
{
"name" : "ibm-spectrum-cve20205018-info-disc (193654)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/193654",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2020-5018",
"DATE_PUBLIC" : "2021-01-07T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Plus",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.6"
}
]
}
}
]
}
}
]
}
}
]
}
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"A" : "N",
"S" : "U",
"AV" : "N",
"I" : "N",
"C" : "L",
"AC" : "H",
"PR" : "N",
"UI" : "N",
"SCORE" : "3.700"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654.",
"lang" : "eng"
}
]
}
}

105
2020/5xxx/CVE-2020-5019.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.6"
}
]
},
"product_name" : "Spectrum Protect Plus"
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 193655."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"C" : "L",
"PR" : "N",
"UI" : "N",
"SCORE" : "6.500",
"A" : "N",
"S" : "U",
"AV" : "N",
"I" : "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_format" : "MITRE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6398754",
"name" : "https://www.ibm.com/support/pages/node/6398754",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6398754 (Spectrum Protect Plus)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/193655",
"name" : "ibm-spectrum-cve20205019-header-injection (193655)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-5019",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-01-07T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"data_type" : "CVE"
}

105
2020/5xxx/CVE-2020-5020.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5020",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-01-07T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-5020",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6398754",
"name" : "https://www.ibm.com/support/pages/node/6398754",
"title" : "IBM Security Bulletin 6398754 (Spectrum Protect Plus)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/193656",
"name" : "ibm-spectrum-cve20205020-clickjacking (193656)",
"refsource" : "XF"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "6.100",
"UI" : "R",
"PR" : "N",
"AC" : "L",
"C" : "L",
"I" : "L",
"AV" : "N",
"S" : "C",
"A" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 193656.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Plus",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.6"
}
]
}
}
]
}
}
]
}
}
]
}
}
}

105
2020/5xxx/CVE-2020-5021.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5021",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Plus",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.6"
}
]
}
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. IBM X-Force ID: 193657."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "H",
"C" : "L",
"SCORE" : "4.000",
"PR" : "N",
"UI" : "N",
"A" : "N",
"AV" : "L",
"I" : "L",
"S" : "U"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_format" : "MITRE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6398754",
"name" : "https://www.ibm.com/support/pages/node/6398754",
"title" : "IBM Security Bulletin 6398754 (Spectrum Protect Plus)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-spectrum-cve20205021-session-fixation (193657)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/193657",
"refsource" : "XF"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2020-5021",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-01-07T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
}
]
},
"data_type" : "CVE"
}

105
2020/5xxx/CVE-2020-5022.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5022",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"ID" : "CVE-2020-5022",
"DATE_PUBLIC" : "2021-01-07T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6398754",
"url" : "https://www.ibm.com/support/pages/node/6398754",
"title" : "IBM Security Bulletin 6398754 (Spectrum Protect Plus)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/193658",
"name" : "ibm-spectrum-cve20205022-info-disc (193658)",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. IBM X-Force ID: 193658."
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"C" : "L",
"AC" : "L",
"PR" : "N",
"UI" : "N",
"SCORE" : "5.300",
"A" : "N",
"S" : "U",
"AV" : "N",
"I" : "N"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Plus",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
}
}