diff --git a/2021/20xxx/CVE-2021-20508.json b/2021/20xxx/CVE-2021-20508.json index a756fbb4d14..665107c8357 100644 --- a/2021/20xxx/CVE-2021-20508.json +++ b/2021/20xxx/CVE-2021-20508.json @@ -1,90 +1,90 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Secret Server", - "version" : { - "version_data" : [ - { - "version_value" : "10.0" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Secret Server", + "version": { + "version_data": [ + { + "version_value": "10.0" + } + ] + } + } + ] + } + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6488459", - "title" : "IBM Security Bulletin 6488459 (Security Secret Server)", - "name" : "https://www.ibm.com/support/pages/node/6488459", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199322", - "refsource" : "XF", - "name" : "ibm-sv-cve202120508-info-disc (199322)" - } - ] - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "UI" : "N", - "AC" : "L", - "SCORE" : "2.700", - "A" : "N", - "PR" : "H", - "AV" : "N", - "S" : "U", - "I" : "N", - "C" : "L" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2021-09-13T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-20508" - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6488459", + "title": "IBM Security Bulletin 6488459 (Security Secret Server)", + "name": "https://www.ibm.com/support/pages/node/6488459", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199322", + "refsource": "XF", + "name": "ibm-sv-cve202120508-info-disc (199322)" + } + ] + }, + "data_version": "4.0", + "data_format": "MITRE", + "description": { + "description_data": [ + { + "value": "IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322.", + "lang": "eng" + } + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "UI": "N", + "AC": "L", + "SCORE": "2.700", + "A": "N", + "PR": "H", + "AV": "N", + "S": "U", + "I": "N", + "C": "L" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-09-13T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-20508" + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20569.json b/2021/20xxx/CVE-2021-20569.json index 617465269e7..65e5f32badf 100644 --- a/2021/20xxx/CVE-2021-20569.json +++ b/2021/20xxx/CVE-2021-20569.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.0" - } - ] - }, - "product_name" : "Security Secret Server" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] } - ] - } - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6488459 (Security Secret Server)", - "url" : "https://www.ibm.com/support/pages/node/6488459", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6488459" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199243", - "refsource" : "XF", - "name" : "ibm-svp-cve202120569-info-disc (199243)" - } - ] - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243.", - "lang" : "eng" - } - ] - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "SCORE" : "5.300", - "UI" : "N", - "AC" : "L", - "I" : "N", - "C" : "L", - "AV" : "N", - "S" : "U", - "PR" : "N" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-20569", - "DATE_PUBLIC" : "2021-09-13T00:00:00" - } -} + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.0" + } + ] + }, + "product_name": "Security Secret Server" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6488459 (Security Secret Server)", + "url": "https://www.ibm.com/support/pages/node/6488459", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6488459" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199243", + "refsource": "XF", + "name": "ibm-svp-cve202120569-info-disc (199243)" + } + ] + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "value": "IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243.", + "lang": "eng" + } + ] + }, + "data_format": "MITRE", + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "SCORE": "5.300", + "UI": "N", + "AC": "L", + "I": "N", + "C": "L", + "AV": "N", + "S": "U", + "PR": "N" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-20569", + "DATE_PUBLIC": "2021-09-13T00:00:00" + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20582.json b/2021/20xxx/CVE-2021-20582.json index 27478a1cc15..62e3698784a 100644 --- a/2021/20xxx/CVE-2021-20582.json +++ b/2021/20xxx/CVE-2021-20582.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-09-13T00:00:00", - "ID" : "CVE-2021-20582", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "SCORE" : "3.700", - "A" : "N", - "UI" : "N", - "AC" : "H", - "C" : "L", - "I" : "N", - "PR" : "N", - "AV" : "N", - "S" : "U" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Secret Server", - "version" : { - "version_data" : [ - { - "version_value" : "10.0" - } - ] - } - } - ] - } + "CVE_data_meta": { + "DATE_PUBLIC": "2021-09-13T00:00:00", + "ID": "CVE-2021-20582", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "SCORE": "3.700", + "A": "N", + "UI": "N", + "AC": "H", + "C": "L", + "I": "N", + "PR": "N", + "AV": "N", + "S": "U" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Secret Server", + "version": { + "version_data": [ + { + "version_value": "10.0" + } + ] + } + } + ] + } + } ] - } - ] - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6488459", - "title" : "IBM Security Bulletin 6488459 (Security Secret Server)", - "url" : "https://www.ibm.com/support/pages/node/6488459" - }, - { - "refsource" : "XF", - "name" : "ibm-sv-cve202120582-info-disc (199328)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199328" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 199328.", - "lang" : "eng" - } - ] - }, - "data_format" : "MITRE" -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6488459", + "title": "IBM Security Bulletin 6488459 (Security Secret Server)", + "url": "https://www.ibm.com/support/pages/node/6488459" + }, + { + "refsource": "XF", + "name": "ibm-sv-cve202120582-info-disc (199328)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199328" + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 199328.", + "lang": "eng" + } + ] + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23041.json b/2021/23xxx/CVE-2021-23041.json index 182e560fb55..103e1764f5d 100644 --- a/2021/23xxx/CVE-2021-23041.json +++ b/2021/23xxx/CVE-2021-23041.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23041", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K42526507", + "url": "https://support.f5.com/csp/article/K42526507" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated." } ] } diff --git a/2021/23xxx/CVE-2021-23047.json b/2021/23xxx/CVE-2021-23047.json index 3c4b45a36d0..cb8490ef8c8 100644 --- a/2021/23xxx/CVE-2021-23047.json +++ b/2021/23xxx/CVE-2021-23047.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23047", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM", + "version": { + "version_data": [ + { + "version_value": "16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K79428827", + "url": "https://support.f5.com/csp/article/K79428827" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated." } ] } diff --git a/2021/29xxx/CVE-2021-29841.json b/2021/29xxx/CVE-2021-29841.json index f3266f9c9cd..260c5a8407b 100644 --- a/2021/29xxx/CVE-2021-29841.json +++ b/2021/29xxx/CVE-2021-29841.json @@ -1,90 +1,90 @@ { - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "H", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "I" : "L", - "C" : "L", - "S" : "C", - "AV" : "N", - "PR" : "L", - "A" : "N", - "SCORE" : "5.400", - "UI" : "R", - "AC" : "L" - } - } - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6488407", - "title" : "IBM Security Bulletin 6488407 (Financial Transaction Manager)", - "name" : "https://www.ibm.com/support/pages/node/6488407", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/205045", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-ftm-cve202129841-xss (205045)", - "refsource" : "XF" - } - ] - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045.", - "lang" : "eng" - } - ] - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "3.2.4" - } - ] - }, - "product_name" : "Financial Transaction Manager" - } - ] - }, - "vendor_name" : "IBM" + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "E": "H", + "RL": "O", + "RC": "C" + }, + "BM": { + "I": "L", + "C": "L", + "S": "C", + "AV": "N", + "PR": "L", + "A": "N", + "SCORE": "5.400", + "UI": "R", + "AC": "L" } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-29841", - "DATE_PUBLIC" : "2021-09-13T00:00:00" - } -} + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6488407", + "title": "IBM Security Bulletin 6488407 (Financial Transaction Manager)", + "name": "https://www.ibm.com/support/pages/node/6488407", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205045", + "title": "X-Force Vulnerability Report", + "name": "ibm-ftm-cve202129841-xss (205045)", + "refsource": "XF" + } + ] + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "value": "IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045.", + "lang": "eng" + } + ] + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "3.2.4" + } + ] + }, + "product_name": "Financial Transaction Manager" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-29841", + "DATE_PUBLIC": "2021-09-13T00:00:00" + } +} \ No newline at end of file