From 9f3a467184557f63160f3dea60bc67a98dbc2131 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 24 Sep 2019 14:01:01 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/9xxx/CVE-2018-9090.json | 53 +++++++++- 2019/4xxx/CVE-2019-4515.json | 180 +++++++++++++++++----------------- 2019/4xxx/CVE-2019-4566.json | 182 +++++++++++++++++------------------ 3 files changed, 232 insertions(+), 183 deletions(-) diff --git a/2018/9xxx/CVE-2018-9090.json b/2018/9xxx/CVE-2018-9090.json index 818229aa674..3189ba2933f 100644 --- a/2018/9xxx/CVE-2018-9090.json +++ b/2018/9xxx/CVE-2018-9090.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-9090", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured by Tectonic administrators. An attacker can insert an XSS payload into the dashboards." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://coreos.com/tectonic/releases/", + "refsource": "MISC", + "name": "https://coreos.com/tectonic/releases/" + }, + { + "refsource": "MISC", + "name": "https://coreos.com/tectonic/releases/#1.8.7-tectonic.2", + "url": "https://coreos.com/tectonic/releases/#1.8.7-tectonic.2" } ] } diff --git a/2019/4xxx/CVE-2019-4515.json b/2019/4xxx/CVE-2019-4515.json index 6a7ece5a0f0..4c69ca4b4d7 100644 --- a/2019/4xxx/CVE-2019-4515.json +++ b/2019/4xxx/CVE-2019-4515.json @@ -1,93 +1,93 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } - ] - } - ] - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/290671", - "url" : "https://www.ibm.com/support/pages/node/290671", - "title" : "IBM Security Bulletin 1997949 (Security Key Lifecycle Manager)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/165137", - "name" : "ibm-tivoli-cve20194515-csrf (165137)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Security Key Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - }, - { - "version_value" : "3.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] } - ] - } - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4515", - "DATE_PUBLIC" : "2019-09-19T00:00:00", - "STATE" : "PUBLIC" - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "AC" : "L", - "S" : "U", - "UI" : "R", - "SCORE" : "4.300", - "I" : "L", - "C" : "N", - "AV" : "N", - "A" : "N", - "PR" : "N" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137." - } - ] - } -} + ] + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/290671", + "url": "https://www.ibm.com/support/pages/node/290671", + "title": "IBM Security Bulletin 1997949 (Security Key Lifecycle Manager)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165137", + "name": "ibm-tivoli-cve20194515-csrf (165137)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Key Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.0.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4515", + "DATE_PUBLIC": "2019-09-19T00:00:00", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "AC": "L", + "S": "U", + "UI": "R", + "SCORE": "4.300", + "I": "L", + "C": "N", + "AV": "N", + "A": "N", + "PR": "N" + } + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4566.json b/2019/4xxx/CVE-2019-4566.json index d5f98642536..5456f271950 100644 --- a/2019/4xxx/CVE-2019-4566.json +++ b/2019/4xxx/CVE-2019-4566.json @@ -1,93 +1,93 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Key Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - }, - { - "version_value" : "3.0.1" - } - ] - } - } - ] - } - } - ] - } - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 1074344 (Security Key Lifecycle Manager)", - "name" : "https://www.ibm.com/support/pages/node/1074344", - "url" : "https://www.ibm.com/support/pages/node/1074344" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/166627", - "name" : "ibm-tivoli-cve20194566-info-disc (166627)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2019-09-20T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4566", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Key Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.0.1" + } + ] + } + } + ] + } + } ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "UI" : "N", - "SCORE" : "6.200", - "AC" : "L", - "S" : "U", - "A" : "N", - "AV" : "L", - "PR" : "N", - "I" : "N", - "C" : "H" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627.", - "lang" : "eng" - } - ] - } -} + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1074344 (Security Key Lifecycle Manager)", + "name": "https://www.ibm.com/support/pages/node/1074344", + "url": "https://www.ibm.com/support/pages/node/1074344" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166627", + "name": "ibm-tivoli-cve20194566-info-disc (166627)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "data_format": "MITRE", + "CVE_data_meta": { + "DATE_PUBLIC": "2019-09-20T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2019-4566", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "UI": "N", + "SCORE": "6.200", + "AC": "L", + "S": "U", + "A": "N", + "AV": "L", + "PR": "N", + "I": "N", + "C": "H" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "value": "IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627.", + "lang": "eng" + } + ] + } +} \ No newline at end of file