admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-10-15 13:01:46 +00:00
parent 5235f79203
commit 9333e7b3a2
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
3 changed files with 204 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

194
2019/4xxx/CVE-2019-4552.json
View File

@ -1,100 +1,100 @@
{
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6348046 (Security Access Manager)",
"url" : "https://www.ibm.com/support/pages/node/6348046",
"name" : "https://www.ibm.com/support/pages/node/6348046"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sam-cve20194552-response-splitting (165960)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Verify Access",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
}
},
{
"product_name" : "Security Access Manager",
"version" : {
"version_data" : [
{
"version_value" : "9.0.7"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
}
},
"data_type" : "CVE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2019-4552",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-10-14T00:00:00"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"AV" : "N",
"C" : "L",
"PR" : "N",
"A" : "N",
"S" : "C",
"I" : "L",
"UI" : "R",
"AC" : "L",
"SCORE" : "6.100"
}
}
}
}
]
},
"description": {
"description_data": [
{
"value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6348046 (Security Access Manager)",
"url": "https://www.ibm.com/support/pages/node/6348046",
"name": "https://www.ibm.com/support/pages/node/6348046"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-sam-cve20194552-response-splitting (165960)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Verify Access",
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
}
},
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_type": "CVE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-4552",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-10-14T00:00:00"
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"AV": "N",
"C": "L",
"PR": "N",
"A": "N",
"S": "C",
"I": "L",
"UI": "R",
"AC": "L",
"SCORE": "6.100"
}
}
}
}

194
2020/4xxx/CVE-2020-4499.json
View File

@ -1,100 +1,100 @@
{
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Bypass Security",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"I" : "L",
"UI" : "N",
"SCORE" : "7.300",
"AC" : "L",
"PR" : "N",
"AV" : "N",
"C" : "L",
"S" : "U",
"A" : "L"
}
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-10-14T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4499"
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6348046 (Security Access Manager)",
"name" : "https://www.ibm.com/support/pages/node/6348046",
"url" : "https://www.ibm.com/support/pages/node/6348046"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sam-cve20204499-sec-bypass (182216)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Verify Access",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "9.0.7"
}
]
},
"product_name" : "Security Access Manager"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Bypass Security",
"lang": "eng"
}
]
}
]
}
},
"data_type" : "CVE",
"data_version" : "4.0"
}
]
},
"description": {
"description_data": [
{
"value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"I": "L",
"UI": "N",
"SCORE": "7.300",
"AC": "L",
"PR": "N",
"AV": "N",
"C": "L",
"S": "U",
"A": "L"
}
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2020-10-14T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4499"
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6348046 (Security Access Manager)",
"name": "https://www.ibm.com/support/pages/node/6348046",
"url": "https://www.ibm.com/support/pages/node/6348046"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-sam-cve20204499-sec-bypass (182216)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Verify Access",
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "9.0.7"
}
]
},
"product_name": "Security Access Manager"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_type": "CVE",
"data_version": "4.0"
}

17
2020/7xxx/CVE-2020-7744.json
View File

@ -48,16 +48,19 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMMINTEGRALMSDK-1018714"
"refsource": "MISC",
"url": "https://snyk.io/research/sour-mint-malicious-sdk/",
"name": "https://snyk.io/research/sour-mint-malicious-sdk/"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/blog/remote-code-execution-rce-sourmint/"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMMINTEGRALMSDK-1018714",
"name": "https://snyk.io/vuln/SNYK-JAVA-COMMINTEGRALMSDK-1018714"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/research/sour-mint-malicious-sdk/"
"refsource": "MISC",
"url": "https://snyk.io/blog/remote-code-execution-rce-sourmint/",
"name": "https://snyk.io/blog/remote-code-execution-rce-sourmint/"
}
]
},
@ -65,7 +68,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package com.mintegral.msdk:alphab.\n The Android SDK distributed by the company contains malicious functionality in this module that tracks:\r\n\r\n1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Docs links.\r\n2. All apk downloads, either organic or not.\r\nMintegral listens to download events in Android's download manager and detects if the downloaded file's url contains:\r\n\r\na. google.com or comes from a Google app (the com.android.vending package)\r\n\r\nb. Ends with .apk for apk downloads\r\n\r\nIn both cases, the module sends the captured data back to Mintegral's servers.\r\n\r\nNote that the malicious functionality keeps running even if the app is currently not in focus (running in the background).\n"
"value": "This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Docs links. 2. All apk downloads, either organic or not. Mintegral listens to download events in Android's download manager and detects if the downloaded file's url contains: a. google.com or comes from a Google app (the com.android.vending package) b. Ends with .apk for apk downloads In both cases, the module sends the captured data back to Mintegral's servers. Note that the malicious functionality keeps running even if the app is currently not in focus (running in the background)."
}
]
},