admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20181207-10184

Browse Source 
Added CVE-2018-1896, CVE-2018-1663, CVE-2018-1883, CVE-2018-1920, CVE-2018-1424
This commit is contained in:
Scott Moore - IBM 2018-12-07 10:18:04 -05:00
parent dca320ba4e
commit 982e83fcf0
No known key found for this signature in database
GPG Key ID: 95B9EA1B824C2926
5 changed files with 449 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
2018/1xxx/CVE-2018-1424.json
View File

@ -1,18 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1424",
"STATE" : "RESERVED"
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 744217 (Marketing Platform)",
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10744217",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-marketing-cve20181424-info-disc (139029)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139029"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"PR" : "L",
"S" : "U",
"C" : "H",
"I" : "N",
"SCORE" : "7.100",
"AV" : "N",
"AC" : "L",
"A" : "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.1.2"
},
{
"version_value" : "9.1.0"
},
{
"version_value" : "10.1"
}
]
},
"product_name" : "Marketing Platform"
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029.",
"lang" : "eng"
}
]
}
},
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-12-05T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1424"
},
"data_format" : "MITRE",
"data_type" : "CVE"
}

102
2018/1xxx/CVE-2018-1663.json
View File

@ -1,18 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1663",
"STATE" : "RESERVED"
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 740033 (DataPower Gateways)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10740033",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10740033"
},
{
"refsource" : "XF",
"name" : "ibm-websphere-cve20181663-info-disc (144889)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144889",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"PR" : "N",
"UI" : "N",
"AC" : "H",
"A" : "N",
"AV" : "N",
"SCORE" : "5.900",
"I" : "N",
"C" : "H"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DataPower Gateways",
"version" : {
"version_data" : [
{
"version_value" : "7.5"
},
{
"version_value" : "7.5.1"
},
{
"version_value" : "7.5.2"
},
{
"version_value" : "7.6"
},
{
"version_value" : "2018.4"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-05T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2018-1663"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 144889.",
"lang" : "eng"
}
]
}
},
"data_type" : "CVE"
}

102
2018/1xxx/CVE-2018-1883.json
View File

@ -1,17 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1883",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969."
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2018-12-05T00:00:00",
"ID" : "CVE-2018-1883"
},
"data_version" : "4.0",
"data_format" : "MITRE",
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 738197 (MQ)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10738197",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10738197"
},
{
"refsource" : "XF",
"name" : "ibm-websphere-cve20181883-dos (151969)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151969",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"PR" : "N",
"UI" : "N",
"S" : "U",
"C" : "N",
"SCORE" : "5.300",
"I" : "N",
"AC" : "L",
"A" : "L",
"AV" : "N"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.0.2"
},
{
"version_value" : "9.0.3"
},
{
"version_value" : "9.0.4"
},
{
"version_value" : "9.0.5"
},
{
"version_value" : "9.1.0.0"
}
]
},
"product_name" : "MQ"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
}

96
2018/1xxx/CVE-2018-1896.json
View File

@ -1,18 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1896",
"STATE" : "RESERVED"
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Connections",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "5.5"
},
{
"version_value" : "6.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"UI" : "R",
"PR" : "L",
"S" : "U",
"C" : "L",
"I" : "L",
"SCORE" : "4.600",
"AV" : "N",
"AC" : "L",
"A" : "N"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10742567",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10742567",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 742567 (Connections)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152456",
"name" : "ibm-connections-cve20181896-head-injection (152456)",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.",
"lang" : "eng"
}
]
}
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2018-1896",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2018-12-05T00:00:00"
},
"data_format" : "MITRE"
}

98
2018/1xxx/CVE-2018-1920.json
View File

@ -1,17 +1,95 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1920",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2018-12-05T00:00:00",
"ID" : "CVE-2018-1920"
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 744217 (Marketing Platform)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744217",
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152855",
"name" : "ibm-marketing-cve20181920-xxe (152855)",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"S" : "U",
"PR" : "L",
"UI" : "N",
"C" : "H",
"AC" : "L",
"A" : "L",
"AV" : "N",
"SCORE" : "7.100",
"I" : "N"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Marketing Platform",
"version" : {
"version_data" : [
{
"version_value" : "9.1.2"
},
{
"version_value" : "9.1.0"
},
{
"version_value" : "10.1"
}
]
}
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
}