diff --git a/2019/4xxx/CVE-2019-4057.json b/2019/4xxx/CVE-2019-4057.json index 9f0d022f96b..5a395cbba10 100644 --- a/2019/4xxx/CVE-2019-4057.json +++ b/2019/4xxx/CVE-2019-4057.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4057", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 880735 (DB2 for Linux, UNIX and Windows)", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880735", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880735" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-db2-cve20194057-priv-escalation (156567)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/156567" + } + ] + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "S" : "U", + "A" : "H", + "I" : "H", + "UI" : "N", + "PR" : "H", + "C" : "H", + "SCORE" : "6.700", + "AC" : "L", + "AV" : "L" + } + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4057", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-06-27T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Privileges", + "lang" : "eng" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "DB2 for Linux, UNIX and Windows", + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "9.7" + }, + { + "version_value" : "11.1" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567." + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4101.json b/2019/4xxx/CVE-2019-4101.json index 976ae601627..123f0b9892c 100644 --- a/2019/4xxx/CVE-2019-4101.json +++ b/2019/4xxx/CVE-2019-4101.json @@ -1,18 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4101", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091." + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "DB2 for Linux, UNIX and Windows", + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "11.1" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-06-27T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4101", + "STATE" : "PUBLIC" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Denial of Service", + "lang" : "eng" + } + ] + } + ] + }, + "data_type" : "CVE", + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "UI" : "N", + "I" : "N", + "AV" : "L", + "AC" : "L", + "SCORE" : "6.200", + "C" : "N", + "PR" : "N", + "A" : "H", + "S" : "U" + } + } + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 880741 (DB2 for Linux, UNIX and Windows)", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880741", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880741" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158091", + "name" : "ibm-db2-cve20194101-dos (158091)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_format" : "MITRE" +} diff --git a/2019/4xxx/CVE-2019-4102.json b/2019/4xxx/CVE-2019-4102.json index d47cc3c6f32..5627302be11 100644 --- a/2019/4xxx/CVE-2019-4102.json +++ b/2019/4xxx/CVE-2019-4102.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4102", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880743", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880743", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 880743 (DB2 for Linux, UNIX and Windows)" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158092", + "name" : "ibm-db2-cve20194102-info-disc (158092)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "A" : "N", + "S" : "U", + "I" : "N", + "UI" : "N", + "SCORE" : "5.900", + "C" : "H", + "PR" : "N", + "AC" : "H", + "AV" : "N" + } + } + }, + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4102", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-06-27T00:00:00" + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092." + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "9.7" + }, + { + "version_value" : "11.1" + } + ] + }, + "product_name" : "DB2 for Linux, UNIX and Windows" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2019/4xxx/CVE-2019-4154.json b/2019/4xxx/CVE-2019-4154.json index 703f6b6f356..f1d3ef7c2f8 100644 --- a/2019/4xxx/CVE-2019-4154.json +++ b/2019/4xxx/CVE-2019-4154.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4154", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880737", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880737", + "title" : "IBM Security Bulletin 880737 (DB2 for Linux, UNIX and Windows)", + "refsource" : "CONFIRM" + }, + { + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158519", + "name" : "ibm-db2-cve20194154-bo (158519)" + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "S" : "U", + "A" : "H", + "AV" : "L", + "AC" : "L", + "PR" : "N", + "SCORE" : "8.400", + "C" : "H", + "UI" : "N", + "I" : "H" + } + } + }, + "data_version" : "4.0", + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Privileges", + "lang" : "eng" + } + ] + } + ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-06-27T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4154" + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519." + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "DB2 for Linux, UNIX and Windows", + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "9.7" + }, + { + "version_value" : "11.1" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2019/4xxx/CVE-2019-4237.json b/2019/4xxx/CVE-2019-4237.json index 894a5cf3e70..6cfbd544d12 100644 --- a/2019/4xxx/CVE-2019-4237.json +++ b/2019/4xxx/CVE-2019-4237.json @@ -1,18 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4237", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 879825 (InfoSphere Information Server)", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10879825", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10879825" + }, + { + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159419", + "name" : "ibm-infosphere-cve20194237-cfs (159419)" + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "UI" : "R", + "I" : "L", + "AV" : "N", + "AC" : "L", + "PR" : "L", + "SCORE" : "5.400", + "C" : "L", + "S" : "C", + "A" : "N" + } + } + }, + "data_version" : "4.0", + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-06-27T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4237" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "11.3" + }, + { + "version_value" : "11.5" + }, + { + "version_value" : "11.7" + } + ] + }, + "product_name" : "InfoSphere Information Server" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419." + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4295.json b/2019/4xxx/CVE-2019-4295.json index f0307e5b65d..0d8a15d1844 100644 --- a/2019/4xxx/CVE-2019-4295.json +++ b/2019/4xxx/CVE-2019-4295.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4295", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884840", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884840", + "title" : "IBM Security Bulletin 884840 (Robotic Process Automation with Automation Anywhere)", + "refsource" : "CONFIRM" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160758", + "name" : "ibm-rpa-cve20194295-info-disc (160758)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "S" : "U", + "AV" : "N", + "AC" : "L", + "C" : "H", + "SCORE" : "4.900", + "PR" : "H", + "UI" : "N", + "I" : "N" + }, + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + } + } + }, + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-06-28T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4295" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "11" + } + ] + }, + "product_name" : "Robotic Process Automation with Automation Anywhere" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. IBM X-Force ID: 160758.", + "lang" : "eng" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4296.json b/2019/4xxx/CVE-2019-4296.json index 0a07d983e95..f06452d05cd 100644 --- a/2019/4xxx/CVE-2019-4296.json +++ b/2019/4xxx/CVE-2019-4296.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4296", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 884844 (Robotic Process Automation with Automation Anywhere)", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884844", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884844" + }, + { + "name" : "ibm-rpa-cve20194296-info-disc (160759)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160759", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + }, + "BM" : { + "A" : "N", + "S" : "U", + "AC" : "L", + "AV" : "L", + "SCORE" : "4.000", + "C" : "L", + "PR" : "N", + "UI" : "N", + "I" : "N" + } + } + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "ID" : "CVE-2019-4296", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-06-28T00:00:00" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Robotic Process Automation with Automation Anywhere", + "version" : { + "version_data" : [ + { + "version_value" : "11" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759.", + "lang" : "eng" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4297.json b/2019/4xxx/CVE-2019-4297.json index 6f21c5bb178..1f46b125e42 100644 --- a/2019/4xxx/CVE-2019-4297.json +++ b/2019/4xxx/CVE-2019-4297.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4297", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_type" : "CVE", + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "BM" : { + "SCORE" : "6.400", + "C" : "L", + "PR" : "L", + "AV" : "N", + "AC" : "L", + "I" : "L", + "UI" : "N", + "A" : "N", + "S" : "C" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 884826 (Robotic Process Automation with Automation Anywhere)", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884826", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884826" + }, + { + "name" : "ibm-rpa-cve20194297-ldap-injection (160761)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160761", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + }, + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Robotic Process Automation with Automation Anywhere", + "version" : { + "version_data" : [ + { + "version_value" : "11" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM X-Force ID: 160761." + } + ] + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-06-28T00:00:00", + "ID" : "CVE-2019-4297", + "STATE" : "PUBLIC" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Access", + "lang" : "eng" + } + ] + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4298.json b/2019/4xxx/CVE-2019-4298.json index 861f8fd5157..12bf1cb7f8a 100644 --- a/2019/4xxx/CVE-2019-4298.json +++ b/2019/4xxx/CVE-2019-4298.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4298", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764." + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "11" + } + ] + }, + "product_name" : "Robotic Process Automation with Automation Anywhere" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Data Manipulation" + } + ] + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4298", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-06-28T00:00:00" + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "BM" : { + "S" : "U", + "A" : "N", + "PR" : "N", + "C" : "H", + "SCORE" : "7.700", + "AC" : "L", + "AV" : "L", + "I" : "H", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "data_type" : "CVE", + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884820", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884820", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 884820 (Robotic Process Automation with Automation Anywhere)" + }, + { + "name" : "ibm-rpa-cve20194298-priv-escalation (160764)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160764", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4299.json b/2019/4xxx/CVE-2019-4299.json index 4dfd2fa742b..44a6b9a7402 100644 --- a/2019/4xxx/CVE-2019-4299.json +++ b/2019/4xxx/CVE-2019-4299.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4299", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 884842 (Robotic Process Automation with Automation Anywhere)", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884842", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884842" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-rpa-cve20194299-info-disc (160765)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160765" + } + ] + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "BM" : { + "UI" : "N", + "I" : "N", + "AC" : "H", + "AV" : "L", + "PR" : "N", + "SCORE" : "5.100", + "C" : "H", + "S" : "U", + "A" : "N" + }, + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + } + } + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-06-28T00:00:00", + "ID" : "CVE-2019-4299", + "STATE" : "PUBLIC" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.", + "lang" : "eng" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Robotic Process Automation with Automation Anywhere", + "version" : { + "version_data" : [ + { + "version_value" : "11" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2019/4xxx/CVE-2019-4322.json b/2019/4xxx/CVE-2019-4322.json index 9e8281be5af..2247ce14ace 100644 --- a/2019/4xxx/CVE-2019-4322.json +++ b/2019/4xxx/CVE-2019-4322.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4322", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_type" : "CVE", + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "BM" : { + "S" : "U", + "A" : "H", + "UI" : "N", + "I" : "H", + "AC" : "L", + "AV" : "L", + "PR" : "N", + "C" : "H", + "SCORE" : "8.400" + }, + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + } + } + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10884444", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10884444", + "title" : "IBM Security Bulletin 884444 (DB2 for Linux, UNIX and Windows)", + "refsource" : "CONFIRM" + }, + { + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161202", + "name" : "ibm-db2-cve20194322-bo (161202)" + } + ] + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202.", + "lang" : "eng" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "9.7" + }, + { + "version_value" : "11.1" + } + ] + }, + "product_name" : "DB2 for Linux, UNIX and Windows" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4322", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-06-27T00:00:00" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4336.json b/2019/4xxx/CVE-2019-4336.json index 00e3fc84218..c3ad076daba 100644 --- a/2019/4xxx/CVE-2019-4336.json +++ b/2019/4xxx/CVE-2019-4336.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4336", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Robotic Process Automation with Automation Anywhere", + "version" : { + "version_data" : [ + { + "version_value" : "11" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411.", + "lang" : "eng" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4336", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-06-28T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "impact" : { + "cvssv3" : { + "BM" : { + "PR" : "N", + "C" : "H", + "SCORE" : "7.500", + "AV" : "N", + "AC" : "L", + "I" : "N", + "UI" : "N", + "S" : "U", + "A" : "N" + }, + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + } + } + }, + "data_version" : "4.0", + "data_type" : "CVE", + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884848", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884848", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 884848 (Robotic Process Automation with Automation Anywhere)" + }, + { + "name" : "ibm-robotic-cve20194336-info-disc (161411)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161411", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4337.json b/2019/4xxx/CVE-2019-4337.json index 17a4147cefc..23c1b708ece 100644 --- a/2019/4xxx/CVE-2019-4337.json +++ b/2019/4xxx/CVE-2019-4337.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4337", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "value" : "IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. IBM X-Force ID: 161412.", + "lang" : "eng" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "11" + } + ] + }, + "product_name" : "Robotic Process Automation with Automation Anywhere" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4337", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-06-28T00:00:00" + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + }, + "BM" : { + "S" : "U", + "A" : "N", + "I" : "N", + "UI" : "N", + "PR" : "N", + "C" : "L", + "SCORE" : "5.300", + "AC" : "L", + "AV" : "N" + } + } + }, + "data_version" : "4.0", + "data_type" : "CVE", + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 884850 (Robotic Process Automation with Automation Anywhere)", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10884850", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10884850" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-robotic-cve20194337-missing-auth (161412)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161412" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4357.json b/2019/4xxx/CVE-2019-4357.json index 308a7499d4e..38f98735fb1 100644 --- a/2019/4xxx/CVE-2019-4357.json +++ b/2019/4xxx/CVE-2019-4357.json @@ -1,18 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4357", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "value" : "When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667,", + "lang" : "eng" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Spectrum Protect Plus", + "version" : { + "version_data" : [ + { + "version_value" : "10.1.0" + }, + { + "version_value" : "10.1.2" + }, + { + "version_value" : "10.1.3" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4357", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-06-27T00:00:00" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + }, + "BM" : { + "A" : "H", + "S" : "C", + "I" : "H", + "UI" : "N", + "SCORE" : "8.200", + "C" : "H", + "PR" : "H", + "AC" : "L", + "AV" : "L" + } + } + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10886111", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10886111", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 886111 (Spectrum Protect Plus)" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161667", + "name" : "ibm-spectrum-cve20194357-code-exec (161667)" + } + ] + }, + "data_format" : "MITRE" +} diff --git a/2019/4xxx/CVE-2019-4383.json b/2019/4xxx/CVE-2019-4383.json index 57f7fbe1b38..3655cd15423 100644 --- a/2019/4xxx/CVE-2019-4383.json +++ b/2019/4xxx/CVE-2019-4383.json @@ -1,18 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4383", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 886111 (Spectrum Protect Plus)", + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10886111", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10886111" + }, + { + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-spectrum-cve20194383-priv-escalation (162165)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162165" + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "S" : "C", + "A" : "N", + "PR" : "H", + "SCORE" : "7.900", + "C" : "H", + "AC" : "L", + "AV" : "L", + "I" : "H", + "UI" : "N" + }, + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + } + } + }, + "data_version" : "4.0", + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Privileges", + "lang" : "eng" + } + ] + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4383", + "DATE_PUBLIC" : "2019-06-27T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "description" : { + "description_data" : [ + { + "value" : "When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165.", + "lang" : "eng" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "10.1.0" + }, + { + "version_value" : "10.1.2" + }, + { + "version_value" : "10.1.3" + } + ] + }, + "product_name" : "Spectrum Protect Plus" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2019/4xxx/CVE-2019-4386.json b/2019/4xxx/CVE-2019-4386.json index dad0dc87eda..5ccd21135e0 100644 --- a/2019/4xxx/CVE-2019-4386.json +++ b/2019/4xxx/CVE-2019-4386.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4386", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "CVE_data_meta" : { + "ID" : "CVE-2019-4386", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-06-27T00:00:00" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Denial of Service" + } + ] + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714." + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "11.1" + } + ] + }, + "product_name" : "DB2 for Linux, UNIX and Windows" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10886809", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10886809", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 886809 (DB2 for Linux, UNIX and Windows)" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-db2-cve20194386-dos (162174)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162174" + } + ] + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "UI" : "N", + "I" : "N", + "AV" : "N", + "AC" : "L", + "C" : "N", + "SCORE" : "6.500", + "PR" : "L", + "A" : "H", + "S" : "U" + } + } + }, + "data_version" : "4.0" +} diff --git a/2019/4xxx/CVE-2019-4410.json b/2019/4xxx/CVE-2019-4410.json index e4a60c9bab6..1a8cb7a0044 100644 --- a/2019/4xxx/CVE-2019-4410.json +++ b/2019/4xxx/CVE-2019-4410.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4410", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 888037 (Business Automation Workflow)", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10888037", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10888037" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162657", + "name" : "ibm-baw-cve20194410-xss (162657)" + } + ] + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "E" : "H", + "RC" : "C" + }, + "BM" : { + "A" : "N", + "S" : "C", + "SCORE" : "5.400", + "C" : "L", + "PR" : "L", + "AV" : "N", + "AC" : "L", + "I" : "L", + "UI" : "R" + } + } + }, + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-06-28T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4410" + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162657." + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "18.0.0.0" + }, + { + "version_value" : "18.0.0.1" + }, + { + "version_value" : "18.0.0.2" + }, + { + "version_value" : "19.0.0.1" + } + ] + }, + "product_name" : "Business Automation Workflow" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +}