admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-09-14 14:01:05 +00:00
parent db30677dc6
commit 9a44fa8789
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
6 changed files with 444 additions and 356 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

176
2021/20xxx/CVE-2021-20508.json
View File

@ -1,90 +1,90 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Secret Server",
"version" : {
"version_data" : [
{
"version_value" : "10.0"
}
]
}
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Secret Server",
"version": {
"version_data": [
{
"version_value": "10.0"
}
]
}
}
]
}
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6488459",
"title" : "IBM Security Bulletin 6488459 (Security Secret Server)",
"name" : "https://www.ibm.com/support/pages/node/6488459",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199322",
"refsource" : "XF",
"name" : "ibm-sv-cve202120508-info-disc (199322)"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"AC" : "L",
"SCORE" : "2.700",
"A" : "N",
"PR" : "H",
"AV" : "N",
"S" : "U",
"I" : "N",
"C" : "L"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-09-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-20508"
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6488459",
"title": "IBM Security Bulletin 6488459 (Security Secret Server)",
"name": "https://www.ibm.com/support/pages/node/6488459",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199322",
"refsource": "XF",
"name": "ibm-sv-cve202120508-info-disc (199322)"
}
]
},
"data_version": "4.0",
"data_format": "MITRE",
"description": {
"description_data": [
{
"value": "IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322.",
"lang": "eng"
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"AC": "L",
"SCORE": "2.700",
"A": "N",
"PR": "H",
"AV": "N",
"S": "U",
"I": "N",
"C": "L"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-09-13T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-20508"
}
}

174
2021/20xxx/CVE-2021-20569.json
View File

@ -1,90 +1,90 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.0"
}
]
},
"product_name" : "Security Secret Server"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6488459 (Security Secret Server)",
"url" : "https://www.ibm.com/support/pages/node/6488459",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6488459"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199243",
"refsource" : "XF",
"name" : "ibm-svp-cve202120569-info-disc (199243)"
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"SCORE" : "5.300",
"UI" : "N",
"AC" : "L",
"I" : "N",
"C" : "L",
"AV" : "N",
"S" : "U",
"PR" : "N"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-20569",
"DATE_PUBLIC" : "2021-09-13T00:00:00"
}
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.0"
}
]
},
"product_name": "Security Secret Server"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6488459 (Security Secret Server)",
"url": "https://www.ibm.com/support/pages/node/6488459",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6488459"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199243",
"refsource": "XF",
"name": "ibm-svp-cve202120569-info-disc (199243)"
}
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243.",
"lang": "eng"
}
]
},
"data_format": "MITRE",
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"SCORE": "5.300",
"UI": "N",
"AC": "L",
"I": "N",
"C": "L",
"AV": "N",
"S": "U",
"PR": "N"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-20569",
"DATE_PUBLIC": "2021-09-13T00:00:00"
}
}

174
2021/20xxx/CVE-2021-20582.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-09-13T00:00:00",
"ID" : "CVE-2021-20582",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "3.700",
"A" : "N",
"UI" : "N",
"AC" : "H",
"C" : "L",
"I" : "N",
"PR" : "N",
"AV" : "N",
"S" : "U"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Secret Server",
"version" : {
"version_data" : [
{
"version_value" : "10.0"
}
]
}
}
]
}
"CVE_data_meta": {
"DATE_PUBLIC": "2021-09-13T00:00:00",
"ID": "CVE-2021-20582",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"SCORE": "3.700",
"A": "N",
"UI": "N",
"AC": "H",
"C": "L",
"I": "N",
"PR": "N",
"AV": "N",
"S": "U"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Secret Server",
"version": {
"version_data": [
{
"version_value": "10.0"
}
]
}
}
]
}
}
]
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6488459",
"title" : "IBM Security Bulletin 6488459 (Security Secret Server)",
"url" : "https://www.ibm.com/support/pages/node/6488459"
},
{
"refsource" : "XF",
"name" : "ibm-sv-cve202120582-info-disc (199328)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199328"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 199328.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6488459",
"title": "IBM Security Bulletin 6488459 (Security Secret Server)",
"url": "https://www.ibm.com/support/pages/node/6488459"
},
{
"refsource": "XF",
"name": "ibm-sv-cve202120582-info-disc (199328)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199328"
}
]
},
"description": {
"description_data": [
{
"value": "IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 199328.",
"lang": "eng"
}
]
},
"data_format": "MITRE"
}

50
2021/23xxx/CVE-2021-23041.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23041",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K42526507",
"url": "https://support.f5.com/csp/article/K42526507"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
]
}

50
2021/23xxx/CVE-2021-23047.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23047",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP APM",
"version": {
"version_data": [
{
"version_value": "16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K79428827",
"url": "https://support.f5.com/csp/article/K79428827"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
]
}

176
2021/29xxx/CVE-2021-29841.json
View File

@ -1,90 +1,90 @@
{
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"I" : "L",
"C" : "L",
"S" : "C",
"AV" : "N",
"PR" : "L",
"A" : "N",
"SCORE" : "5.400",
"UI" : "R",
"AC" : "L"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6488407",
"title" : "IBM Security Bulletin 6488407 (Financial Transaction Manager)",
"name" : "https://www.ibm.com/support/pages/node/6488407",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/205045",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-ftm-cve202129841-xss (205045)",
"refsource" : "XF"
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.2.4"
}
]
},
"product_name" : "Financial Transaction Manager"
}
]
},
"vendor_name" : "IBM"
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"E": "H",
"RL": "O",
"RC": "C"
},
"BM": {
"I": "L",
"C": "L",
"S": "C",
"AV": "N",
"PR": "L",
"A": "N",
"SCORE": "5.400",
"UI": "R",
"AC": "L"
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-29841",
"DATE_PUBLIC" : "2021-09-13T00:00:00"
}
}
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6488407",
"title": "IBM Security Bulletin 6488407 (Financial Transaction Manager)",
"name": "https://www.ibm.com/support/pages/node/6488407",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205045",
"title": "X-Force Vulnerability Report",
"name": "ibm-ftm-cve202129841-xss (205045)",
"refsource": "XF"
}
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045.",
"lang": "eng"
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "3.2.4"
}
]
},
"product_name": "Financial Transaction Manager"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-29841",
"DATE_PUBLIC": "2021-09-13T00:00:00"
}
}