admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20190701-11220

Browse Source 
Added CVE-2019-4386, CVE-2019-4057, CVE-2019-4337, CVE-2019-4299, CVE-2019-4297, CVE-2019-4154, CVE-2019-4383, CVE-2019-4357, CVE-2019-4101, CVE-2019-4237, CVE-2019-4322, CVE-2019-4296, CVE-2019-4295, CVE-2019-4298, CVE-2019-4102, CVE-2019-4336, CVE-2019-4410
This commit is contained in:
Scott Moore - IBM 2019-07-01 11:02:20 -04:00
parent f99891af48
commit 9915db87f9
No known key found for this signature in database
GPG Key ID: 95B9EA1B824C2926
17 changed files with 1548 additions and 255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
2019/4xxx/CVE-2019-4057.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4057",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 880735 (DB2 for Linux, UNIX and Windows)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880735",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880735"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-db2-cve20194057-priv-escalation (156567)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/156567"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"S" : "U",
"A" : "H",
"I" : "H",
"UI" : "N",
"PR" : "H",
"C" : "H",
"SCORE" : "6.700",
"AC" : "L",
"AV" : "L"
}
}
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4057",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-06-27T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "DB2 for Linux, UNIX and Windows",
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "10.1"
},
{
"version_value" : "9.7"
},
{
"version_value" : "11.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567."
}
]
}
}

108
2019/4xxx/CVE-2019-4101.json
View File

@ -1,18 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4101",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "DB2 for Linux, UNIX and Windows",
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "10.1"
},
{
"version_value" : "11.1"
}
]
}
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-06-27T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4101",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"UI" : "N",
"I" : "N",
"AV" : "L",
"AC" : "L",
"SCORE" : "6.200",
"C" : "N",
"PR" : "N",
"A" : "H",
"S" : "U"
}
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 880741 (DB2 for Linux, UNIX and Windows)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880741",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880741"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158091",
"name" : "ibm-db2-cve20194101-dos (158091)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE"
}

111
2019/4xxx/CVE-2019-4102.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4102",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880743",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880743",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 880743 (DB2 for Linux, UNIX and Windows)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158092",
"name" : "ibm-db2-cve20194102-info-disc (158092)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"A" : "N",
"S" : "U",
"I" : "N",
"UI" : "N",
"SCORE" : "5.900",
"C" : "H",
"PR" : "N",
"AC" : "H",
"AV" : "N"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4102",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-27T00:00:00"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "10.1"
},
{
"version_value" : "9.7"
},
{
"version_value" : "11.1"
}
]
},
"product_name" : "DB2 for Linux, UNIX and Windows"
}
]
}
}
]
}
}
]
}
}
}

111
2019/4xxx/CVE-2019-4154.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4154",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880737",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880737",
"title" : "IBM Security Bulletin 880737 (DB2 for Linux, UNIX and Windows)",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158519",
"name" : "ibm-db2-cve20194154-bo (158519)"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"S" : "U",
"A" : "H",
"AV" : "L",
"AC" : "L",
"PR" : "N",
"SCORE" : "8.400",
"C" : "H",
"UI" : "N",
"I" : "H"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-06-27T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4154"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "DB2 for Linux, UNIX and Windows",
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "10.1"
},
{
"version_value" : "9.7"
},
{
"version_value" : "11.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
}
}

108
2019/4xxx/CVE-2019-4237.json
View File

@ -1,18 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4237",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 879825 (InfoSphere Information Server)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10879825",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10879825"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159419",
"name" : "ibm-infosphere-cve20194237-cfs (159419)"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"UI" : "R",
"I" : "L",
"AV" : "N",
"AC" : "L",
"PR" : "L",
"SCORE" : "5.400",
"C" : "L",
"S" : "C",
"A" : "N"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-06-27T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4237"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11.3"
},
{
"version_value" : "11.5"
},
{
"version_value" : "11.7"
}
]
},
"product_name" : "InfoSphere Information Server"
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419."
}
]
}
}

102
2019/4xxx/CVE-2019-4295.json
View File

@ -1,18 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4295",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884840",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884840",
"title" : "IBM Security Bulletin 884840 (Robotic Process Automation with Automation Anywhere)",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160758",
"name" : "ibm-rpa-cve20194295-info-disc (160758)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"S" : "U",
"AV" : "N",
"AC" : "L",
"C" : "H",
"SCORE" : "4.900",
"PR" : "H",
"UI" : "N",
"I" : "N"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-28T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4295"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11"
}
]
},
"product_name" : "Robotic Process Automation with Automation Anywhere"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. IBM X-Force ID: 160758.",
"lang" : "eng"
}
]
}
}

102
2019/4xxx/CVE-2019-4296.json
View File

@ -1,18 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4296",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 884844 (Robotic Process Automation with Automation Anywhere)",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884844",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884844"
},
{
"name" : "ibm-rpa-cve20194296-info-disc (160759)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160759",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"A" : "N",
"S" : "U",
"AC" : "L",
"AV" : "L",
"SCORE" : "4.000",
"C" : "L",
"PR" : "N",
"UI" : "N",
"I" : "N"
}
}
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2019-4296",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-28T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Robotic Process Automation with Automation Anywhere",
"version" : {
"version_data" : [
{
"version_value" : "11"
}
]
}
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759.",
"lang" : "eng"
}
]
}
}

102
2019/4xxx/CVE-2019-4297.json
View File

@ -1,18 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4297",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "6.400",
"C" : "L",
"PR" : "L",
"AV" : "N",
"AC" : "L",
"I" : "L",
"UI" : "N",
"A" : "N",
"S" : "C"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 884826 (Robotic Process Automation with Automation Anywhere)",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884826",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884826"
},
{
"name" : "ibm-rpa-cve20194297-ldap-injection (160761)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160761",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Robotic Process Automation with Automation Anywhere",
"version" : {
"version_data" : [
{
"version_value" : "11"
}
]
}
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM X-Force ID: 160761."
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-28T00:00:00",
"ID" : "CVE-2019-4297",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
}
}

102
2019/4xxx/CVE-2019-4298.json
View File

@ -1,18 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4298",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11"
}
]
},
"product_name" : "Robotic Process Automation with Automation Anywhere"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Data Manipulation"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4298",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-28T00:00:00"
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"A" : "N",
"PR" : "N",
"C" : "H",
"SCORE" : "7.700",
"AC" : "L",
"AV" : "L",
"I" : "H",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_type" : "CVE",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884820",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884820",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 884820 (Robotic Process Automation with Automation Anywhere)"
},
{
"name" : "ibm-rpa-cve20194298-priv-escalation (160764)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160764",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
}
}

102
2019/4xxx/CVE-2019-4299.json
View File

@ -1,18 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4299",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 884842 (Robotic Process Automation with Automation Anywhere)",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884842",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884842"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-rpa-cve20194299-info-disc (160765)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160765"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"I" : "N",
"AC" : "H",
"AV" : "L",
"PR" : "N",
"SCORE" : "5.100",
"C" : "H",
"S" : "U",
"A" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-28T00:00:00",
"ID" : "CVE-2019-4299",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Robotic Process Automation with Automation Anywhere",
"version" : {
"version_data" : [
{
"version_value" : "11"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
}
}

111
2019/4xxx/CVE-2019-4322.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4322",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"A" : "H",
"UI" : "N",
"I" : "H",
"AC" : "L",
"AV" : "L",
"PR" : "N",
"C" : "H",
"SCORE" : "8.400"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10884444",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10884444",
"title" : "IBM Security Bulletin 884444 (DB2 for Linux, UNIX and Windows)",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161202",
"name" : "ibm-db2-cve20194322-bo (161202)"
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "10.1"
},
{
"version_value" : "9.7"
},
{
"version_value" : "11.1"
}
]
},
"product_name" : "DB2 for Linux, UNIX and Windows"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4322",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-27T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
}
]
}
}

102
2019/4xxx/CVE-2019-4336.json
View File

@ -1,18 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4336",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Robotic Process Automation with Automation Anywhere",
"version" : {
"version_data" : [
{
"version_value" : "11"
}
]
}
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4336",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-06-28T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"C" : "H",
"SCORE" : "7.500",
"AV" : "N",
"AC" : "L",
"I" : "N",
"UI" : "N",
"S" : "U",
"A" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884848",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884848",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 884848 (Robotic Process Automation with Automation Anywhere)"
},
{
"name" : "ibm-robotic-cve20194336-info-disc (161411)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161411",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
}
}

102
2019/4xxx/CVE-2019-4337.json
View File

@ -1,18 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4337",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"value" : "IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. IBM X-Force ID: 161412.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11"
}
]
},
"product_name" : "Robotic Process Automation with Automation Anywhere"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4337",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-28T00:00:00"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"S" : "U",
"A" : "N",
"I" : "N",
"UI" : "N",
"PR" : "N",
"C" : "L",
"SCORE" : "5.300",
"AC" : "L",
"AV" : "N"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 884850 (Robotic Process Automation with Automation Anywhere)",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884850",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884850"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-robotic-cve20194337-missing-auth (161412)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161412"
}
]
}
}

108
2019/4xxx/CVE-2019-4357.json
View File

@ -1,18 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4357",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"value" : "When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667,",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Plus",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.2"
},
{
"version_value" : "10.1.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4357",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-27T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"A" : "H",
"S" : "C",
"I" : "H",
"UI" : "N",
"SCORE" : "8.200",
"C" : "H",
"PR" : "H",
"AC" : "L",
"AV" : "L"
}
}
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10886111",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10886111",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 886111 (Spectrum Protect Plus)"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161667",
"name" : "ibm-spectrum-cve20194357-code-exec (161667)"
}
]
},
"data_format" : "MITRE"
}

108
2019/4xxx/CVE-2019-4383.json
View File

@ -1,18 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4383",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 886111 (Spectrum Protect Plus)",
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10886111",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10886111"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-spectrum-cve20194383-priv-escalation (162165)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162165"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "C",
"A" : "N",
"PR" : "H",
"SCORE" : "7.900",
"C" : "H",
"AC" : "L",
"AV" : "L",
"I" : "H",
"UI" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4383",
"DATE_PUBLIC" : "2019-06-27T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"description" : {
"description_data" : [
{
"value" : "When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.2"
},
{
"version_value" : "10.1.3"
}
]
},
"product_name" : "Spectrum Protect Plus"
}
]
}
}
]
}
}
]
}
}
}

102
2019/4xxx/CVE-2019-4386.json
View File

@ -1,18 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4386",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta" : {
"ID" : "CVE-2019-4386",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-27T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11.1"
}
]
},
"product_name" : "DB2 for Linux, UNIX and Windows"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10886809",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10886809",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 886809 (DB2 for Linux, UNIX and Windows)"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-db2-cve20194386-dos (162174)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162174"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"UI" : "N",
"I" : "N",
"AV" : "N",
"AC" : "L",
"C" : "N",
"SCORE" : "6.500",
"PR" : "L",
"A" : "H",
"S" : "U"
}
}
},
"data_version" : "4.0"
}

111
2019/4xxx/CVE-2019-4410.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4410",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 888037 (Business Automation Workflow)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10888037",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10888037"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162657",
"name" : "ibm-baw-cve20194410-xss (162657)"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
},
"BM" : {
"A" : "N",
"S" : "C",
"SCORE" : "5.400",
"C" : "L",
"PR" : "L",
"AV" : "N",
"AC" : "L",
"I" : "L",
"UI" : "R"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-28T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4410"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162657."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "18.0.0.0"
},
{
"version_value" : "18.0.0.1"
},
{
"version_value" : "18.0.0.2"
},
{
"version_value" : "19.0.0.1"
}
]
},
"product_name" : "Business Automation Workflow"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
}
}