From 96cf7078f29f70e816b12763eec2de40217aa077 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 16 Nov 2020 17:01:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/27xxx/CVE-2020-27988.json | 56 +++++++++- 2020/27xxx/CVE-2020-27989.json | 56 +++++++++- 2020/27xxx/CVE-2020-27990.json | 56 +++++++++- 2020/27xxx/CVE-2020-27991.json | 56 +++++++++- 2020/28xxx/CVE-2020-28723.json | 61 ++++++++++- 2020/4xxx/CVE-2020-4475.json | 194 ++++++++++++++++----------------- 2020/4xxx/CVE-2020-4476.json | 194 ++++++++++++++++----------------- 2020/4xxx/CVE-2020-4566.json | 192 ++++++++++++++++---------------- 2020/4xxx/CVE-2020-4655.json | 190 ++++++++++++++++---------------- 2020/4xxx/CVE-2020-4665.json | 194 ++++++++++++++++----------------- 2020/4xxx/CVE-2020-4671.json | 190 ++++++++++++++++---------------- 2020/4xxx/CVE-2020-4672.json | 172 ++++++++++++++--------------- 2020/4xxx/CVE-2020-4692.json | 194 ++++++++++++++++----------------- 2020/4xxx/CVE-2020-4700.json | 190 ++++++++++++++++---------------- 2020/4xxx/CVE-2020-4705.json | 182 +++++++++++++++---------------- 2020/4xxx/CVE-2020-4763.json | 194 ++++++++++++++++----------------- 16 files changed, 1298 insertions(+), 1073 deletions(-) diff --git a/2020/27xxx/CVE-2020-27988.json b/2020/27xxx/CVE-2020-27988.json index 894f7873893..bf6275d855e 100644 --- a/2020/27xxx/CVE-2020-27988.json +++ b/2020/27xxx/CVE-2020-27988.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27988", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27988", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.nagios.com/downloads/nagios-xi/change-log/", + "url": "https://www.nagios.com/downloads/nagios-xi/change-log/" } ] } diff --git a/2020/27xxx/CVE-2020-27989.json b/2020/27xxx/CVE-2020-27989.json index e27af6dae31..ea011eabc96 100644 --- a/2020/27xxx/CVE-2020-27989.json +++ b/2020/27xxx/CVE-2020-27989.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27989", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27989", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.nagios.com/downloads/nagios-xi/change-log/", + "url": "https://www.nagios.com/downloads/nagios-xi/change-log/" } ] } diff --git a/2020/27xxx/CVE-2020-27990.json b/2020/27xxx/CVE-2020-27990.json index c15de46969c..3657f7e4cbe 100644 --- a/2020/27xxx/CVE-2020-27990.json +++ b/2020/27xxx/CVE-2020-27990.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27990", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27990", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.nagios.com/downloads/nagios-xi/change-log/", + "url": "https://www.nagios.com/downloads/nagios-xi/change-log/" } ] } diff --git a/2020/27xxx/CVE-2020-27991.json b/2020/27xxx/CVE-2020-27991.json index 954ca3fd1d6..831e75ec124 100644 --- a/2020/27xxx/CVE-2020-27991.json +++ b/2020/27xxx/CVE-2020-27991.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27991", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27991", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.nagios.com/downloads/nagios-xi/change-log/", + "url": "https://www.nagios.com/downloads/nagios-xi/change-log/" } ] } diff --git a/2020/28xxx/CVE-2020-28723.json b/2020/28xxx/CVE-2020-28723.json index bf9434e54c4..08e50135cca 100644 --- a/2020/28xxx/CVE-2020-28723.json +++ b/2020/28xxx/CVE-2020-28723.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28723", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28723", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/raminfp/fuzz-libpparam", + "refsource": "MISC", + "name": "https://github.com/raminfp/fuzz-libpparam" + }, + { + "url": "https://github.com/CloudAvid/PParam/issues/9", + "refsource": "MISC", + "name": "https://github.com/CloudAvid/PParam/issues/9" } ] } diff --git a/2020/4xxx/CVE-2020-4475.json b/2020/4xxx/CVE-2020-4475.json index ecfea5eea54..2f222cee12b 100644 --- a/2020/4xxx/CVE-2020-4475.json +++ b/2020/4xxx/CVE-2020-4475.json @@ -1,99 +1,99 @@ { - "data_version" : "4.0", - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "C" : "L", - "PR" : "L", - "A" : "N", - "I" : "N", - "S" : "U", - "UI" : "N", - "AC" : "L", - "SCORE" : "4.300", - "AV" : "N" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system." - } - ] - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6367963", - "title" : "IBM Security Bulletin 6367963 (Sterling B2B Integrator)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6367963" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181777", - "refsource" : "XF", - "name" : "ibm-sterling-cve20204475-info-disc (181777)" - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2020-4475", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-11-13T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sterling B2B Integrator", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "5.2.0.0" - }, - { - "version_value" : "5.2.6.5" - }, - { - "version_value" : "6.0.3.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "data_version": "4.0", + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "C": "L", + "PR": "L", + "A": "N", + "I": "N", + "S": "U", + "UI": "N", + "AC": "L", + "SCORE": "4.300", + "AV": "N" } - ] - } - } -} + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system." + } + ] + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6367963", + "title": "IBM Security Bulletin 6367963 (Sterling B2B Integrator)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6367963" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181777", + "refsource": "XF", + "name": "ibm-sterling-cve20204475-info-disc (181777)" + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2020-4475", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-11-13T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_value": "6.0.0.0" + }, + { + "version_value": "5.2.0.0" + }, + { + "version_value": "5.2.6.5" + }, + { + "version_value": "6.0.3.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4476.json b/2020/4xxx/CVE-2020-4476.json index a42a7d711a5..1361b3dd3f7 100644 --- a/2020/4xxx/CVE-2020-4476.json +++ b/2020/4xxx/CVE-2020-4476.json @@ -1,99 +1,99 @@ { - "data_version" : "4.0", - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "S" : "U", - "AC" : "L", - "UI" : "N", - "AV" : "N", - "SCORE" : "5.300", - "C" : "L", - "A" : "N", - "PR" : "N", - "I" : "N" - } - } - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6367971", - "title" : "IBM Security Bulletin 6367971 (Sterling File Gateway)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6367971" - }, - { - "refsource" : "XF", - "name" : "ibm-sterling-cve20204476-info-disc (181778)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181778", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0.0" - }, - { - "version_value" : "6.0.3.2" - }, - { - "version_value" : "2.2.6.5" - }, - { - "version_value" : "6.0.0.0" - } - ] - }, - "product_name" : "Sterling File Gateway" - } - ] - } + "data_version": "4.0", + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "S": "U", + "AC": "L", + "UI": "N", + "AV": "N", + "SCORE": "5.300", + "C": "L", + "A": "N", + "PR": "N", + "I": "N" } - ] - } - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-11-13T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4476" - } -} + } + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6367971", + "title": "IBM Security Bulletin 6367971 (Sterling File Gateway)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6367971" + }, + { + "refsource": "XF", + "name": "ibm-sterling-cve20204476-info-disc (181778)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181778", + "title": "X-Force Vulnerability Report" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.2.0.0" + }, + { + "version_value": "6.0.3.2" + }, + { + "version_value": "2.2.6.5" + }, + { + "version_value": "6.0.0.0" + } + ] + }, + "product_name": "Sterling File Gateway" + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-11-13T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2020-4476" + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4566.json b/2020/4xxx/CVE-2020-4566.json index bc583ac10ea..b7dc785bf77 100644 --- a/2020/4xxx/CVE-2020-4566.json +++ b/2020/4xxx/CVE-2020-4566.json @@ -1,99 +1,99 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Sterling B2B Integrator", - "version" : { - "version_data" : [ - { - "version_value" : "5.2.6.0" - }, - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "5.2.6.5" - }, - { - "version_value" : "6.0.3.2" - } - ] - } - } - ] - } + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] } - ] - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2020-4566", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-11-13T00:00:00", - "STATE" : "PUBLIC" - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6367975", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6367975 (Sterling B2B Integrator)", - "url" : "https://www.ibm.com/support/pages/node/6367975" - }, - { - "name" : "ibm-sterling-cve20204566-info-disc (184083)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184083", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "SCORE" : "6.500", - "UI" : "N", - "AC" : "L", - "S" : "U", - "I" : "N", - "A" : "N", - "PR" : "L", - "C" : "H" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "data_version" : "4.0", - "data_type" : "CVE", - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083.", - "lang" : "eng" - } - ] - } -} + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_value": "5.2.6.0" + }, + { + "version_value": "6.0.0.0" + }, + { + "version_value": "5.2.6.5" + }, + { + "version_value": "6.0.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-4566", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-11-13T00:00:00", + "STATE": "PUBLIC" + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6367975", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6367975 (Sterling B2B Integrator)", + "url": "https://www.ibm.com/support/pages/node/6367975" + }, + { + "name": "ibm-sterling-cve20204566-info-disc (184083)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184083", + "title": "X-Force Vulnerability Report" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "SCORE": "6.500", + "UI": "N", + "AC": "L", + "S": "U", + "I": "N", + "A": "N", + "PR": "L", + "C": "H" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "description": { + "description_data": [ + { + "value": "IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4655.json b/2020/4xxx/CVE-2020-4655.json index 389c16b656e..58aba85ac2e 100644 --- a/2020/4xxx/CVE-2020-4655.json +++ b/2020/4xxx/CVE-2020-4655.json @@ -1,99 +1,99 @@ { - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6367995", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6367995", - "title" : "IBM Security Bulletin 6367995 (Sterling B2B Integrator)" - }, - { - "name" : "ibm-sterling-cve20204655-sql-injection (186091)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186091" - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-11-13T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4655" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "5.2.0.0" - }, - { - "version_value" : "5.2.6.5" - }, - { - "version_value" : "6.0.3.2" - } - ] - }, - "product_name" : "Sterling B2B Integrator" - } - ] - } + "name": "https://www.ibm.com/support/pages/node/6367995", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6367995", + "title": "IBM Security Bulletin 6367995 (Sterling B2B Integrator)" + }, + { + "name": "ibm-sterling-cve20204655-sql-injection (186091)", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186091" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Data Manipulation" - } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-11-13T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4655" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.0.0.0" + }, + { + "version_value": "5.2.0.0" + }, + { + "version_value": "5.2.6.5" + }, + { + "version_value": "6.0.3.2" + } + ] + }, + "product_name": "Sterling B2B Integrator" + } + ] + } + } ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091.", - "lang" : "eng" - } - ] - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "SCORE" : "6.300", - "UI" : "N", - "AC" : "L", - "S" : "U", - "I" : "L", - "A" : "L", - "PR" : "L", - "C" : "L" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Data Manipulation" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091.", + "lang": "eng" + } + ] + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "SCORE": "6.300", + "UI": "N", + "AC": "L", + "S": "U", + "I": "L", + "A": "L", + "PR": "L", + "C": "L" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4665.json b/2020/4xxx/CVE-2020-4665.json index 052bc7ee7b7..59f9bd1893f 100644 --- a/2020/4xxx/CVE-2020-4665.json +++ b/2020/4xxx/CVE-2020-4665.json @@ -1,99 +1,99 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "UI" : "R", - "S" : "U", - "AV" : "N", - "SCORE" : "4.300", - "C" : "L", - "I" : "N", - "A" : "N", - "PR" : "N" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "data_type" : "CVE", - "data_version" : "4.0", - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2020-4665", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-11-13T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0.0" - }, - { - "version_value" : "6.0.3.2" - }, - { - "version_value" : "2.2.6.5" - }, - { - "version_value" : "6.0.0.0" - } - ] - }, - "product_name" : "Sterling File Gateway" - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "BM": { + "AC": "L", + "UI": "R", + "S": "U", + "AV": "N", + "SCORE": "4.300", + "C": "L", + "I": "N", + "A": "N", + "PR": "N" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" } - ] - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6367997", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6367997", - "title" : "IBM Security Bulletin 6367997 (Sterling B2B Integrator)" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186280", - "refsource" : "XF", - "name" : "ibm-sterling-cve20204665-info-disc (186280)" - } - ] - } -} + } + }, + "data_type": "CVE", + "data_version": "4.0", + "data_format": "MITRE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2020-4665", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-11-13T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.2.0.0" + }, + { + "version_value": "6.0.3.2" + }, + { + "version_value": "2.2.6.5" + }, + { + "version_value": "6.0.0.0" + } + ] + }, + "product_name": "Sterling File Gateway" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6367997", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6367997", + "title": "IBM Security Bulletin 6367997 (Sterling B2B Integrator)" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186280", + "refsource": "XF", + "name": "ibm-sterling-cve20204665-info-disc (186280)" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4671.json b/2020/4xxx/CVE-2020-4671.json index 72044fdb7bb..7f535bda87f 100644 --- a/2020/4xxx/CVE-2020-4671.json +++ b/2020/4xxx/CVE-2020-4671.json @@ -1,99 +1,99 @@ { - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6368001", - "title" : "IBM Security Bulletin 6368001 (Sterling B2B Integrator)", - "name" : "https://www.ibm.com/support/pages/node/6368001", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186284", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-sterling-cve20204671-info-disc (186284)" - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-11-13T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4671" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Sterling B2B Integrator", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "5.2.0.0" - }, - { - "version_value" : "5.2.6.5" - }, - { - "version_value" : "6.0.3.2" - } - ] - } - } - ] - } + "url": "https://www.ibm.com/support/pages/node/6368001", + "title": "IBM Security Bulletin 6368001 (Sterling B2B Integrator)", + "name": "https://www.ibm.com/support/pages/node/6368001", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186284", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-sterling-cve20204671-info-disc (186284)" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-11-13T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4671" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_value": "6.0.0.0" + }, + { + "version_value": "5.2.0.0" + }, + { + "version_value": "5.2.6.5" + }, + { + "version_value": "6.0.3.2" + } + ] + } + } + ] + } + } ] - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284." - } - ] - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "AV" : "N", - "SCORE" : "6.500", - "S" : "U", - "UI" : "N", - "AC" : "L", - "A" : "N", - "PR" : "L", - "I" : "N", - "C" : "H" - } - } - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284." + } + ] + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "AV": "N", + "SCORE": "6.500", + "S": "U", + "UI": "N", + "AC": "L", + "A": "N", + "PR": "L", + "I": "N", + "C": "H" + } + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4672.json b/2020/4xxx/CVE-2020-4672.json index edab9912863..f7ccebba84b 100644 --- a/2020/4xxx/CVE-2020-4672.json +++ b/2020/4xxx/CVE-2020-4672.json @@ -1,90 +1,90 @@ { - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6367813 (Business Automation Workflow)", - "url" : "https://www.ibm.com/support/pages/node/6367813", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6367813" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186285", - "refsource" : "XF", - "name" : "ibm-baw-cve20204672-xss (186285)" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Business Automation Workflow", - "version" : { - "version_data" : [ - { - "version_value" : "20.0.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "title": "IBM Security Bulletin 6367813 (Business Automation Workflow)", + "url": "https://www.ibm.com/support/pages/node/6367813", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6367813" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186285", + "refsource": "XF", + "name": "ibm-baw-cve20204672-xss (186285)" } - ] - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2020-4672", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-11-13T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Business Automation Workflow", + "version": { + "version_data": [ + { + "version_value": "20.0.0.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285." - } - ] - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "L", - "PR" : "L", - "A" : "N", - "I" : "L", - "S" : "C", - "UI" : "R", - "AC" : "L", - "SCORE" : "5.400", - "AV" : "N" - }, - "TM" : { - "RL" : "O", - "E" : "H", - "RC" : "C" - } - } - } -} + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-4672", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-11-13T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285." + } + ] + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "C": "L", + "PR": "L", + "A": "N", + "I": "L", + "S": "C", + "UI": "R", + "AC": "L", + "SCORE": "5.400", + "AV": "N" + }, + "TM": { + "RL": "O", + "E": "H", + "RC": "C" + } + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4692.json b/2020/4xxx/CVE-2020-4692.json index 3dc3e0382b8..7822c7e6c07 100644 --- a/2020/4xxx/CVE-2020-4692.json +++ b/2020/4xxx/CVE-2020-4692.json @@ -1,99 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-11-13T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4692" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Sterling B2B Integrator", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "5.2.0.0" - }, - { - "version_value" : "5.2.6.5" - }, - { - "version_value" : "6.0.3.2" - } - ] - } - } - ] - } - } - ] - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6368009", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6368009", - "title" : "IBM Security Bulletin 6368009 (Sterling B2B Integrator)" - }, - { - "name" : "ibm-sterling-cve20204692-info-disc (186780)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186780", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-11-13T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2020-4692" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_value": "6.0.0.0" + }, + { + "version_value": "5.2.0.0" + }, + { + "version_value": "5.2.6.5" + }, + { + "version_value": "6.0.3.2" + } + ] + } + } + ] + } + } ] - } - ] - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "C" : "L", - "I" : "N", - "A" : "N", - "PR" : "L", - "UI" : "N", - "AC" : "L", - "S" : "U", - "AV" : "N", - "SCORE" : "4.300" - } - } - }, - "data_version" : "4.0", - "data_type" : "CVE" -} + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6368009", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6368009", + "title": "IBM Security Bulletin 6368009 (Sterling B2B Integrator)" + }, + { + "name": "ibm-sterling-cve20204692-info-disc (186780)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186780", + "title": "X-Force Vulnerability Report" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780.", + "lang": "eng" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "C": "L", + "I": "N", + "A": "N", + "PR": "L", + "UI": "N", + "AC": "L", + "S": "U", + "AV": "N", + "SCORE": "4.300" + } + } + }, + "data_version": "4.0", + "data_type": "CVE" +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4700.json b/2020/4xxx/CVE-2020-4700.json index 837caa854f8..0755440f98b 100644 --- a/2020/4xxx/CVE-2020-4700.json +++ b/2020/4xxx/CVE-2020-4700.json @@ -1,99 +1,99 @@ { - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6367979", - "title" : "IBM Security Bulletin 6367979 (Sterling B2B Integrator)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6367979" - }, - { - "name" : "ibm-sterling-cve20204700-priv-escalation (187077)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187077", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "5.2.0.0" - }, - { - "version_value" : "5.2.6.5" - }, - { - "version_value" : "6.0.3.2" - } - ] - }, - "product_name" : "Sterling B2B Integrator" - } - ] - } + "url": "https://www.ibm.com/support/pages/node/6367979", + "title": "IBM Security Bulletin 6367979 (Sterling B2B Integrator)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6367979" + }, + { + "name": "ibm-sterling-cve20204700-priv-escalation (187077)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187077", + "title": "X-Force Vulnerability Report" } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-11-13T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4700" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.0.0.0" + }, + { + "version_value": "5.2.0.0" + }, + { + "version_value": "5.2.6.5" + }, + { + "version_value": "6.0.3.2" + } + ] + }, + "product_name": "Sterling B2B Integrator" + } + ] + } + } ] - } - ] - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077." - } - ] - }, - "data_version" : "4.0", - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "I" : "H", - "PR" : "L", - "A" : "H", - "C" : "H", - "SCORE" : "7.500", - "AV" : "N", - "AC" : "H", - "UI" : "N", - "S" : "U" - } - } - } -} + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-11-13T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4700" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077." + } + ] + }, + "data_version": "4.0", + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "I": "H", + "PR": "L", + "A": "H", + "C": "H", + "SCORE": "7.500", + "AV": "N", + "AC": "H", + "UI": "N", + "S": "U" + } + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4705.json b/2020/4xxx/CVE-2020-4705.json index 881b67ea541..6a046528ebc 100644 --- a/2020/4xxx/CVE-2020-4705.json +++ b/2020/4xxx/CVE-2020-4705.json @@ -1,93 +1,93 @@ { - "data_version" : "4.0", - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "SCORE" : "4.800", - "AC" : "L", - "UI" : "R", - "S" : "C", - "I" : "L", - "A" : "N", - "PR" : "H", - "C" : "L" - }, - "TM" : { - "RC" : "C", - "E" : "H", - "RL" : "O" - } - } - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190.", - "lang" : "eng" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6368013", - "title" : "IBM Security Bulletin 6368013 (Sterling B2B Integrator)", - "name" : "https://www.ibm.com/support/pages/node/6368013", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "name" : "ibm-sterling-cve20204705-xss (187190)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187190" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Sterling B2B Integrator", - "version" : { - "version_data" : [ - { - "version_value" : "5.2.0.0" - }, - { - "version_value" : "6.0.3.2" - } - ] - } - } - ] - } + "data_version": "4.0", + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "SCORE": "4.800", + "AC": "L", + "UI": "R", + "S": "C", + "I": "L", + "A": "N", + "PR": "H", + "C": "L" + }, + "TM": { + "RC": "C", + "E": "H", + "RL": "O" } - ] - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2020-4705", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-11-13T00:00:00", - "STATE" : "PUBLIC" - } -} + } + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190.", + "lang": "eng" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6368013", + "title": "IBM Security Bulletin 6368013 (Sterling B2B Integrator)", + "name": "https://www.ibm.com/support/pages/node/6368013", + "refsource": "CONFIRM" + }, + { + "refsource": "XF", + "name": "ibm-sterling-cve20204705-xss (187190)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187190" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_value": "5.2.0.0" + }, + { + "version_value": "6.0.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-4705", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-11-13T00:00:00", + "STATE": "PUBLIC" + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4763.json b/2020/4xxx/CVE-2020-4763.json index 4e18c0ea792..fec49878c65 100644 --- a/2020/4xxx/CVE-2020-4763.json +++ b/2020/4xxx/CVE-2020-4763.json @@ -1,99 +1,99 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0.0" - }, - { - "version_value" : "6.0.3.2" - }, - { - "version_value" : "2.2.6.5" - }, - { - "version_value" : "6.0.0.0" - } - ] - }, - "product_name" : "Sterling File Gateway" - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2020-4763", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-11-13T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6368025", - "url" : "https://www.ibm.com/support/pages/node/6368025", - "title" : "IBM Security Bulletin 6368025 (Sterling File Gateway)" - }, - { - "name" : "ibm-sterling-cve20204763-info-disc (188897)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/188897", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.2.0.0" + }, + { + "version_value": "6.0.3.2" + }, + { + "version_value": "2.2.6.5" + }, + { + "version_value": "6.0.0.0" + } + ] + }, + "product_name": "Sterling File Gateway" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "PR" : "N", - "I" : "N", - "C" : "L", - "AV" : "N", - "SCORE" : "4.300", - "S" : "U", - "AC" : "L", - "UI" : "R" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "data_type" : "CVE", - "data_version" : "4.0" -} + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-4763", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-11-13T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6368025", + "url": "https://www.ibm.com/support/pages/node/6368025", + "title": "IBM Security Bulletin 6368025 (Sterling File Gateway)" + }, + { + "name": "ibm-sterling-cve20204763-info-disc (188897)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188897", + "title": "X-Force Vulnerability Report" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "value": "IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897.", + "lang": "eng" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "PR": "N", + "I": "N", + "C": "L", + "AV": "N", + "SCORE": "4.300", + "S": "U", + "AC": "L", + "UI": "R" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "data_type": "CVE", + "data_version": "4.0" +} \ No newline at end of file