admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-04-08 15:01:26 +00:00
parent 00a3be7a50
commit 9728c8c4f4
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
20 changed files with 1572 additions and 1220 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2018/21xxx/CVE-2018-21081.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-21081",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2018-21081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Samsung mobile devices with N(7.x) software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user's consent. The Samsung ID is SVE-2017-11018 (March 2018)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}

56
2018/21xxx/CVE-2018-21082.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-21082",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2018-21082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Samsung mobile devices with N(7.x) software. Dex Station allows App Pinning bypass and lock-screen bypass via the \"Use screen lock type to unpin\" option. The Samsung ID is SVE-2017-11106 (February 2018)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}

56
2018/21xxx/CVE-2018-21083.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-21083",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2018-21083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos or Qualcomm chipsets) software. There is information disclosure (of a kernel address) via trustonic_tee. The Samsung ID is SVE-2017-11175 (February 2018)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}

56
2018/21xxx/CVE-2018-21084.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-21084",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2018-21084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.x) software. There is a race condition with a resultant read-after-free issue in get_kek. The Samsung ID is SVE-2017-11174 (February 2018)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}

56
2018/21xxx/CVE-2018-21085.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-21085",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2018-21085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant use-after-free in vnswap_deinit_backing_storage. The Samsung ID is SVE-2017-11176 (February 2018)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}

56
2018/21xxx/CVE-2018-21086.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-21086",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2018-21086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant double free in vnswap_init_backing_storage. The Samsung ID is SVE-2017-11177 (February 2018)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}

56
2018/21xxx/CVE-2018-21087.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-21087",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2018-21087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software. There is a vnswap heap-based buffer overflow via the store function, with resultant privilege escalation. The Samsung ID is SVE-2017-10599 (January 2018)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}

56
2018/21xxx/CVE-2018-21088.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-21088",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2018-21088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can cause a reboot because InputMethodManagerService has an unprotected system service. The Samsung ID is SVE-2017-9995 (January 2018)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}

186
2019/4xxx/CVE-2019-4602.json
View File

@ -1,96 +1,96 @@
{
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168293."
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6172629",
"name" : "https://www.ibm.com/support/pages/node/6172629",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6172629 (Rational Quality Manager)"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-rqm-cve20194602-xss (168293)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/168293"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "H"
},
"BM" : {
"S" : "C",
"C" : "L",
"PR" : "L",
"I" : "L",
"UI" : "R",
"AC" : "L",
"SCORE" : "5.400",
"A" : "N",
"AV" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Rational Quality Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
}
}
]
}
"lang": "eng",
"value": "IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168293."
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4602",
"DATE_PUBLIC" : "2020-04-07T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
}
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6172629",
"name": "https://www.ibm.com/support/pages/node/6172629",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6172629 (Rational Quality Manager)"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-rqm-cve20194602-xss (168293)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168293"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "H"
},
"BM": {
"S": "C",
"C": "L",
"PR": "L",
"I": "L",
"UI": "R",
"AC": "L",
"SCORE": "5.400",
"A": "N",
"AV": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-4602",
"DATE_PUBLIC": "2020-04-07T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
}
}

186
2019/4xxx/CVE-2019-4603.json
View File

@ -1,96 +1,96 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"I" : "L",
"PR" : "L",
"C" : "N",
"SCORE" : "4.300",
"AC" : "L",
"UI" : "N",
"AV" : "N",
"A" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6172629",
"name" : "https://www.ibm.com/support/pages/node/6172629",
"title" : "IBM Security Bulletin 6172629 (Rational Quality Manager)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/168295",
"name" : "ibm-rqm-cve20194603-spoofing (168295)",
"refsource" : "XF"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Rational Quality Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
}
}
]
}
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"I": "L",
"PR": "L",
"C": "N",
"SCORE": "4.300",
"AC": "L",
"UI": "N",
"AV": "N",
"A": "N"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-04-07T00:00:00",
"ID" : "CVE-2019-4603",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Data Manipulation"
}
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6172629",
"name": "https://www.ibm.com/support/pages/node/6172629",
"title": "IBM Security Bulletin 6172629 (Rational Quality Manager)"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168295",
"name": "ibm-rqm-cve20194603-spoofing (168295)",
"refsource": "XF"
}
]
},
"data_version": "4.0",
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
}
}
]
}
]
},
"data_type" : "CVE"
}
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-07T00:00:00",
"ID": "CVE-2019-4603",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"data_type": "CVE"
}

186
2019/4xxx/CVE-2019-4737.json
View File

@ -1,96 +1,96 @@
{
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Rational DOORS Next Generation",
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.61"
}
]
}
}
]
}
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4737",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-04-07T00:00:00"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "H"
},
"BM" : {
"AV" : "N",
"A" : "N",
"SCORE" : "5.400",
"AC" : "L",
"UI" : "R",
"I" : "L",
"PR" : "L",
"C" : "L",
"S" : "C"
}
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172707."
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6172635 (Rational DOORS Next Generation)",
"name" : "https://www.ibm.com/support/pages/node/6172635",
"url" : "https://www.ibm.com/support/pages/node/6172635",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172707",
"name" : "ibm-dng-cve20194737-xss (172707)"
}
]
}
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.61"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2019-4737",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-07T00:00:00"
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "H"
},
"BM": {
"AV": "N",
"A": "N",
"SCORE": "5.400",
"AC": "L",
"UI": "R",
"I": "L",
"PR": "L",
"C": "L",
"S": "C"
}
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172707."
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6172635 (Rational DOORS Next Generation)",
"name": "https://www.ibm.com/support/pages/node/6172635",
"url": "https://www.ibm.com/support/pages/node/6172635",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172707",
"name": "ibm-dng-cve20194737-xss (172707)"
}
]
}
}

186
2019/4xxx/CVE-2019-4740.json
View File

@ -1,96 +1,96 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172808."
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6172635 (Rational DOORS Next Generation)",
"url" : "https://www.ibm.com/support/pages/node/6172635",
"name" : "https://www.ibm.com/support/pages/node/6172635",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-dng-cve20194740-xss (172808)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172808",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "5.400",
"UI" : "R",
"AC" : "L",
"AV" : "N",
"A" : "N",
"S" : "C",
"I" : "L",
"PR" : "L",
"C" : "L"
},
"TM" : {
"E" : "H",
"RL" : "O",
"RC" : "C"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-04-07T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4740"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational DOORS Next Generation",
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.61"
}
]
}
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172808."
}
]
}
}
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6172635 (Rational DOORS Next Generation)",
"url": "https://www.ibm.com/support/pages/node/6172635",
"name": "https://www.ibm.com/support/pages/node/6172635",
"refsource": "CONFIRM"
},
{
"name": "ibm-dng-cve20194740-xss (172808)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172808",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"SCORE": "5.400",
"UI": "R",
"AC": "L",
"AV": "N",
"A": "N",
"S": "C",
"I": "L",
"PR": "L",
"C": "L"
},
"TM": {
"E": "H",
"RL": "O",
"RC": "C"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"DATE_PUBLIC": "2020-04-07T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2019-4740"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.61"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

186
2019/4xxx/CVE-2019-4746.json
View File

@ -1,96 +1,96 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.61"
}
]
},
"product_name" : "Rational DOORS Next Generation"
}
]
}
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-04-07T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4746"
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172885."
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6172635 (Rational DOORS Next Generation)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6172635",
"url" : "https://www.ibm.com/support/pages/node/6172635"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172885",
"name" : "ibm-dng-cve20194746-xss (172885)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"A" : "N",
"UI" : "R",
"AC" : "L",
"SCORE" : "5.400",
"I" : "L",
"C" : "L",
"PR" : "L",
"S" : "C"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "H"
}
}
}
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.61"
}
]
},
"product_name": "Rational DOORS Next Generation"
}
]
}
}
]
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2020-04-07T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2019-4746"
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172885."
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6172635 (Rational DOORS Next Generation)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6172635",
"url": "https://www.ibm.com/support/pages/node/6172635"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172885",
"name": "ibm-dng-cve20194746-xss (172885)",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"A": "N",
"UI": "R",
"AC": "L",
"SCORE": "5.400",
"I": "L",
"C": "L",
"PR": "L",
"S": "C"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "H"
}
}
}
}

204
2020/4xxx/CVE-2020-4164.json
View File

@ -1,105 +1,105 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4164",
"DATE_PUBLIC" : "2020-04-07T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Information Queue",
"version" : {
"version_data" : [
{
"version_value" : "1.0.0"
},
{
"version_value" : "1.0.1"
},
{
"version_value" : "1.0.2"
},
{
"version_value" : "1.0.3"
},
{
"version_value" : "1.0.4"
},
{
"version_value" : "1.0.5"
}
]
}
}
]
}
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system. IBM X-Force ID: 174400."
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6172605",
"url" : "https://www.ibm.com/support/pages/node/6172605",
"title" : "IBM Security Bulletin 6172605 (Security Information Queue)"
},
{
"name" : "ibm-isiq-cve20204164-info-disc (174400)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/174400",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AV" : "N",
"A" : "N",
"SCORE" : "2.700",
"AC" : "L",
"UI" : "N",
"I" : "N",
"PR" : "H",
"C" : "L",
"S" : "U"
}
}
}
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2020-4164",
"DATE_PUBLIC": "2020-04-07T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Information Queue",
"version": {
"version_data": [
{
"version_value": "1.0.0"
},
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.2"
},
{
"version_value": "1.0.3"
},
{
"version_value": "1.0.4"
},
{
"version_value": "1.0.5"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system. IBM X-Force ID: 174400."
}
]
},
"data_format": "MITRE",
"data_version": "4.0",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6172605",
"url": "https://www.ibm.com/support/pages/node/6172605",
"title": "IBM Security Bulletin 6172605 (Security Information Queue)"
},
{
"name": "ibm-isiq-cve20204164-info-disc (174400)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174400",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"AV": "N",
"A": "N",
"SCORE": "2.700",
"AC": "L",
"UI": "N",
"I": "N",
"PR": "H",
"C": "L",
"S": "U"
}
}
}
}

188
2020/4xxx/CVE-2020-4252.json
View File

@ -1,96 +1,96 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"I" : "L",
"PR" : "L",
"C" : "L",
"S" : "C",
"AV" : "N",
"A" : "N",
"SCORE" : "5.400",
"UI" : "R",
"AC" : "L"
}
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175490."
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6172635 (Rational DOORS Next Generation)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6172635",
"url" : "https://www.ibm.com/support/pages/node/6172635"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-dng-cve20204252-xss (175490)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175490"
}
]
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.61"
}
]
},
"product_name" : "Rational DOORS Next Generation"
}
]
}
"impact": {
"cvssv3": {
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
},
"BM": {
"I": "L",
"PR": "L",
"C": "L",
"S": "C",
"AV": "N",
"A": "N",
"SCORE": "5.400",
"UI": "R",
"AC": "L"
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4252",
"DATE_PUBLIC" : "2020-04-07T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
}
}
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175490."
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6172635 (Rational DOORS Next Generation)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6172635",
"url": "https://www.ibm.com/support/pages/node/6172635"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-dng-cve20204252-xss (175490)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175490"
}
]
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.61"
}
]
},
"product_name": "Rational DOORS Next Generation"
}
]
}
}
]
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2020-4252",
"DATE_PUBLIC": "2020-04-07T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
}
}

202
2020/4xxx/CVE-2020-4282.json
View File

@ -1,105 +1,105 @@
{
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6172587 (Security Information Queue)",
"name" : "https://www.ibm.com/support/pages/node/6172587",
"url" : "https://www.ibm.com/support/pages/node/6172587",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-isiq-cve20204282-sec-bypass (176205)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176205",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow an authenticated user to perform unauthorized actions by bypassing illegal character restrictions. X-Force ID: 176205."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"A" : "N",
"SCORE" : "3.000",
"UI" : "R",
"AC" : "H",
"I" : "L",
"PR" : "L",
"C" : "N",
"S" : "C"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Information Queue",
"version" : {
"version_data" : [
{
"version_value" : "1.0.0"
},
{
"version_value" : "1.0.1"
},
{
"version_value" : "1.0.2"
},
{
"version_value" : "1.0.3"
},
{
"version_value" : "1.0.4"
},
{
"version_value" : "1.0.5"
}
]
}
}
]
}
"title": "IBM Security Bulletin 6172587 (Security Information Queue)",
"name": "https://www.ibm.com/support/pages/node/6172587",
"url": "https://www.ibm.com/support/pages/node/6172587",
"refsource": "CONFIRM"
},
{
"name": "ibm-isiq-cve20204282-sec-bypass (176205)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176205",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4282",
"DATE_PUBLIC" : "2020-04-07T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Bypass Security",
"lang" : "eng"
}
]
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow an authenticated user to perform unauthorized actions by bypassing illegal character restrictions. X-Force ID: 176205."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"A": "N",
"SCORE": "3.000",
"UI": "R",
"AC": "H",
"I": "L",
"PR": "L",
"C": "N",
"S": "C"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Information Queue",
"version": {
"version_data": [
{
"version_value": "1.0.0"
},
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.2"
},
{
"version_value": "1.0.3"
},
{
"version_value": "1.0.4"
},
{
"version_value": "1.0.5"
}
]
}
}
]
}
}
]
}
]
}
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2020-4282",
"DATE_PUBLIC": "2020-04-07T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Bypass Security",
"lang": "eng"
}
]
}
]
}
}

206
2020/4xxx/CVE-2020-4284.json
View File

@ -1,105 +1,105 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-04-07T00:00:00",
"ID" : "CVE-2020-4284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.0.0"
},
{
"version_value" : "1.0.1"
},
{
"version_value" : "1.0.2"
},
{
"version_value" : "1.0.3"
},
{
"version_value" : "1.0.4"
},
{
"version_value" : "1.0.5"
}
]
},
"product_name" : "Security Information Queue"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-07T00:00:00",
"ID": "CVE-2020-4284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.0.0"
},
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.2"
},
{
"version_value": "1.0.3"
},
{
"version_value": "1.0.4"
},
{
"version_value": "1.0.5"
}
]
},
"product_name": "Security Information Queue"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6172551 (Security Information Queue)",
"name" : "https://www.ibm.com/support/pages/node/6172551",
"url" : "https://www.ibm.com/support/pages/node/6172551",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176207",
"name" : "ibm-isiq-cve20204284-info-disc (176207)",
"refsource" : "XF"
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176207.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "L",
"PR" : "N",
"I" : "N",
"S" : "U",
"A" : "N",
"AV" : "N",
"AC" : "L",
"UI" : "N",
"SCORE" : "5.300"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6172551 (Security Information Queue)",
"name": "https://www.ibm.com/support/pages/node/6172551",
"url": "https://www.ibm.com/support/pages/node/6172551",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176207",
"name": "ibm-isiq-cve20204284-info-disc (176207)",
"refsource": "XF"
}
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176207.",
"lang": "eng"
}
]
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"C": "L",
"PR": "N",
"I": "N",
"S": "U",
"A": "N",
"AV": "N",
"AC": "L",
"UI": "N",
"SCORE": "5.300"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
}
}

204
2020/4xxx/CVE-2020-4289.json
View File

@ -1,105 +1,105 @@
{
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.0.0"
},
{
"version_value" : "1.0.1"
},
{
"version_value" : "1.0.2"
},
{
"version_value" : "1.0.3"
},
{
"version_value" : "1.0.4"
},
{
"version_value" : "1.0.5"
}
]
},
"product_name" : "Security Information Queue"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-04-07T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4289"
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"I" : "N",
"C" : "L",
"PR" : "N",
"AC" : "L",
"UI" : "N",
"SCORE" : "5.300",
"AV" : "N",
"A" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 176332."
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6172593 (Security Information Queue)",
"name" : "https://www.ibm.com/support/pages/node/6172593",
"url" : "https://www.ibm.com/support/pages/node/6172593",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176332",
"name" : "ibm-isiq-cve20204289-info-disc (176332)",
"title" : "X-Force Vulnerability Report"
}
]
}
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.0.0"
},
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.2"
},
{
"version_value": "1.0.3"
},
{
"version_value": "1.0.4"
},
{
"version_value": "1.0.5"
}
]
},
"product_name": "Security Information Queue"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2020-04-07T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2020-4289"
},
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"I": "N",
"C": "L",
"PR": "N",
"AC": "L",
"UI": "N",
"SCORE": "5.300",
"AV": "N",
"A": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 176332."
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6172593 (Security Information Queue)",
"name": "https://www.ibm.com/support/pages/node/6172593",
"url": "https://www.ibm.com/support/pages/node/6172593",
"refsource": "CONFIRM"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176332",
"name": "ibm-isiq-cve20204289-info-disc (176332)",
"title": "X-Force Vulnerability Report"
}
]
}
}

204
2020/4xxx/CVE-2020-4290.json
View File

@ -1,105 +1,105 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"A" : "N",
"AV" : "N",
"AC" : "H",
"UI" : "N",
"SCORE" : "4.200",
"C" : "L",
"PR" : "L",
"I" : "L",
"S" : "U"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6172599",
"name" : "https://www.ibm.com/support/pages/node/6172599",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6172599 (Security Information Queue)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176333",
"name" : "ibm-isiq-cve20204290-spoofing (176333)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow any authenticated user to spoof the configuration owner of any other user which disclose sensitive information or allow for unauthorized access. IBM X-Force ID: 176333.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ID" : "CVE-2020-4290",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-04-07T00:00:00"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Information Queue",
"version" : {
"version_data" : [
{
"version_value" : "1.0.0"
},
{
"version_value" : "1.0.1"
},
{
"version_value" : "1.0.2"
},
{
"version_value" : "1.0.3"
},
{
"version_value" : "1.0.4"
},
{
"version_value" : "1.0.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"A": "N",
"AV": "N",
"AC": "H",
"UI": "N",
"SCORE": "4.200",
"C": "L",
"PR": "L",
"I": "L",
"S": "U"
}
]
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6172599",
"name": "https://www.ibm.com/support/pages/node/6172599",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6172599 (Security Information Queue)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176333",
"name": "ibm-isiq-cve20204290-spoofing (176333)",
"title": "X-Force Vulnerability Report"
}
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow any authenticated user to spoof the configuration owner of any other user which disclose sensitive information or allow for unauthorized access. IBM X-Force ID: 176333.",
"lang": "eng"
}
]
},
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-4290",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-07T00:00:00"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Information Queue",
"version": {
"version_data": [
{
"version_value": "1.0.0"
},
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.2"
},
{
"version_value": "1.0.3"
},
{
"version_value": "1.0.4"
},
{
"version_value": "1.0.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
}
}
}
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
}
}

206
2020/4xxx/CVE-2020-4291.json
View File

@ -1,105 +1,105 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AV" : "N",
"SCORE" : "4.700",
"UI" : "R",
"AC" : "L",
"PR" : "N",
"C" : "L",
"I" : "N",
"S" : "C"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176334."
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6172545 (Security Information Queue)",
"name" : "https://www.ibm.com/support/pages/node/6172545",
"url" : "https://www.ibm.com/support/pages/node/6172545",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-isiq-cve20204291-info-disc (176334)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176334",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Information Queue",
"version" : {
"version_data" : [
{
"version_value" : "1.0.0"
},
{
"version_value" : "1.0.1"
},
{
"version_value" : "1.0.2"
},
{
"version_value" : "1.0.3"
},
{
"version_value" : "1.0.4"
},
{
"version_value" : "1.0.5"
}
]
}
}
]
}
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AV": "N",
"SCORE": "4.700",
"UI": "R",
"AC": "L",
"PR": "N",
"C": "L",
"I": "N",
"S": "C"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4291",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-04-07T00:00:00"
}
}
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176334."
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6172545 (Security Information Queue)",
"name": "https://www.ibm.com/support/pages/node/6172545",
"url": "https://www.ibm.com/support/pages/node/6172545",
"refsource": "CONFIRM"
},
{
"name": "ibm-isiq-cve20204291-info-disc (176334)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176334",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Information Queue",
"version": {
"version_data": [
{
"version_value": "1.0.0"
},
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.2"
},
{
"version_value": "1.0.3"
},
{
"version_value": "1.0.4"
},
{
"version_value": "1.0.5"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2020-4291",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-07T00:00:00"
}
}