admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-09-15 14:01:45 +00:00
parent 758d821442
commit a37f8016a7
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
16 changed files with 1326 additions and 690 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
2019/4xxx/CVE-2019-4671.json
View File

@ -1,93 +1,93 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.6.0"
},
{
"version_value" : "7.6.1"
}
]
},
"product_name" : "Maximo Asset Management"
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437."
}
]
}
},
"data_version" : "4.0",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Data Manipulation",
"lang" : "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.6.0"
},
{
"version_value": "7.6.1"
}
]
},
"product_name": "Maximo Asset Management"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"A" : "L",
"AV" : "N",
"I" : "L",
"S" : "U",
"UI" : "N",
"C" : "L",
"SCORE" : "6.300",
"PR" : "L"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-09-14T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4671"
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6332583",
"title" : "IBM Security Bulletin 6332583 (Maximo Asset Management)",
"name" : "https://www.ibm.com/support/pages/node/6332583"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/171437",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-maximo-cve20194671-sql-injection (171437)"
}
]
},
"data_type" : "CVE"
}
}
},
"data_version": "4.0",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Data Manipulation",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"A": "L",
"AV": "N",
"I": "L",
"S": "U",
"UI": "N",
"C": "L",
"SCORE": "6.300",
"PR": "L"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-09-14T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4671"
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6332583",
"title": "IBM Security Bulletin 6332583 (Maximo Asset Management)",
"name": "https://www.ibm.com/support/pages/node/6332583"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171437",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-maximo-cve20194671-sql-injection (171437)"
}
]
},
"data_type": "CVE"
}

55
2020/14xxx/CVE-2020-14345.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14345",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "before xorg-x11-server 1.20.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1862241",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1862241"
},
{
"refsource": "MISC",
"name": "https://lists.x.org/archives/xorg-announce/2020-August/003058.html",
"url": "https://lists.x.org/archives/xorg-announce/2020-August/003058.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
}

99
2020/16xxx/CVE-2020-16096.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2020-16096",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.10",
"version_value": "8.10.1134(MR4)"
},
{
"version_affected": "<",
"version_name": "8.00",
"version_value": "8.00.1161(MR5)"
},
{
"version_affected": "<",
"version_name": "7.90",
"version_value": "7.90.991(MR5)"
},
{
"version_affected": "<",
"version_name": "7.80",
"version_value": "7.80.960(MR2)"
},
{
"version_affected": "<=",
"version_value": "7.70"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16096",
"name": "https://security.gallagher.com/Security-Advisories/CVE-2020-16096"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

105
2020/16xxx/CVE-2020-16097.json
View File

@ -1,18 +1,111 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2020-16097",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "vCR8.20",
"version_value": "vCR8.20.200221b"
},
{
"version_affected": "<",
"version_name": "8.10",
"version_value": "vGR8.10.179"
},
{
"version_affected": "<",
"version_name": "8.00",
"version_value": "vGR8.00.165"
},
{
"version_affected": "<",
"version_name": "7.90",
"version_value": "vGR7.90.1038"
},
{
"version_affected": "<=",
"version_value": "vGR7.80"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthew Daley of Aura Information Security"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16097",
"name": "https://security.gallagher.com/Security-Advisories/CVE-2020-16097"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

94
2020/16xxx/CVE-2020-16098.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2020-16098",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.20",
"version_value": "8.20.1166(MR3)"
},
{
"version_affected": "<",
"version_name": "8.10",
"version_value": "8.10.1211(MR5)"
},
{
"version_affected": "<",
"version_name": "8.00",
"version_value": "8.00.1228(MR6)"
},
{
"version_affected": "<=",
"version_value": "7.90"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16098",
"name": "https://security.gallagher.com/Security-Advisories/CVE-2020-16098"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

80
2020/16xxx/CVE-2020-16099.json
View File

@ -1,18 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2020-16099",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.20",
"version_value": "8.20.1093(MR2)"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16099",
"name": "https://security.gallagher.com/Security-Advisories/CVE-2020-16099"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

94
2020/16xxx/CVE-2020-16100.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2020-16100",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.20",
"version_value": "8.20.1166 (MR3)"
},
{
"version_affected": "<",
"version_name": "8.10",
"version_value": "8.10.1211 (MR5)"
},
{
"version_affected": "<",
"version_name": "8.00",
"version_value": "8.00.1228 (MR6)"
},
{
"version_affected": "<=",
"version_value": "7.90"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16100",
"name": "https://security.gallagher.com/Security-Advisories/CVE-2020-16100"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

94
2020/16xxx/CVE-2020-16101.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2020-16101",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.20",
"version_value": "8.20.1166 (MR3)"
},
{
"version_affected": "<",
"version_name": "8.10",
"version_value": "8.10.1211 (MR5)"
},
{
"version_affected": "<",
"version_name": "8.00",
"version_value": "8.00.1228 (MR6)"
},
{
"version_affected": "<=",
"version_value": "7.90"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-805 Buffer Access with Incorrect Length Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16101",
"name": "https://security.gallagher.com/Security-Advisories/CVE-2020-16101"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

61
2020/23xxx/CVE-2020-23451.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23451",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via \"/settings/v1/users\" function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://spiceworks.com",
"refsource": "MISC",
"name": "http://spiceworks.com"
},
{
"refsource": "MISC",
"name": "https://abuyv.com/cve/spiceworks-csrf-via-xss",
"url": "https://abuyv.com/cve/spiceworks-csrf-via-xss"
}
]
}

56
2020/23xxx/CVE-2020-23512.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23512",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VR CAM P1 Model P1 v1 has an incorrect access control vulnerability where an attacker can obtain complete access of the device from web (remote) without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.iotpentest.com/2020/05/vr-360-camera-general-wlak.html",
"refsource": "MISC",
"name": "https://www.iotpentest.com/2020/05/vr-360-camera-general-wlak.html"
}
]
}

182
2020/4xxx/CVE-2020-4344.json
View File

@ -1,93 +1,93 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"PR" : "N",
"UI" : "N",
"C" : "L",
"SCORE" : "4.000",
"I" : "N",
"AV" : "L",
"S" : "U",
"AC" : "L",
"A" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.2.0.0"
},
{
"version_value" : "6.2.0.2.IF.1"
}
]
},
"product_name" : "Tivoli Business Service Manager"
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"PR": "N",
"UI": "N",
"C": "L",
"SCORE": "4.000",
"I": "N",
"AV": "L",
"S": "U",
"AC": "L",
"A": "N"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6332437 (Tivoli Business Service Manager)",
"name" : "https://www.ibm.com/support/pages/node/6332437",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6332437"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/178247",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tbsm-cve20204344-info-disc (178247)"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-09-14T00:00:00",
"ID" : "CVE-2020-4344",
"STATE" : "PUBLIC"
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.2.0.0"
},
{
"version_value": "6.2.0.2.IF.1"
}
]
},
"product_name": "Tivoli Business Service Manager"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"value": "IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247.",
"lang": "eng"
}
]
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6332437 (Tivoli Business Service Manager)",
"name": "https://www.ibm.com/support/pages/node/6332437",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6332437"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178247",
"title": "X-Force Vulnerability Report",
"name": "ibm-tbsm-cve20204344-info-disc (178247)"
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-09-14T00:00:00",
"ID": "CVE-2020-4344",
"STATE": "PUBLIC"
}
}

178
2020/4xxx/CVE-2020-4521.json
View File

@ -1,93 +1,93 @@
{
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6332587 (Maximo Asset Management)",
"name" : "https://www.ibm.com/support/pages/node/6332587",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6332587"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/182396",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-maximo-cve20204521-code-exec (182396)"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4521",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-09-14T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Maximo Asset Management",
"version" : {
"version_data" : [
{
"version_value" : "7.6.0"
},
{
"version_value" : "7.6.1"
}
]
}
}
]
}
"title": "IBM Security Bulletin 6332587 (Maximo Asset Management)",
"name": "https://www.ibm.com/support/pages/node/6332587",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6332587"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182396",
"title": "X-Force Vulnerability Report",
"name": "ibm-maximo-cve20204521-code-exec (182396)"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2020-4521",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-09-14T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6.0"
},
{
"version_value": "7.6.1"
}
]
}
}
]
}
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"AC" : "L",
"A" : "H",
"AV" : "N",
"I" : "H",
"S" : "U",
"C" : "H",
"UI" : "N",
"SCORE" : "8.800",
"PR" : "L"
}
}
},
"data_version" : "4.0",
"data_format" : "MITRE"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"AC": "L",
"A": "H",
"AV": "N",
"I": "H",
"S": "U",
"C": "H",
"UI": "N",
"SCORE": "8.800",
"PR": "L"
}
}
},
"data_version": "4.0",
"data_format": "MITRE"
}

178
2020/4xxx/CVE-2020-4526.json
View File

@ -1,93 +1,93 @@
{
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6332589",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6332589",
"title" : "IBM Security Bulletin 6332589 (Maximo Asset Management)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/182436",
"name" : "ibm-maximo-cve20204526-csrf (182436)",
"title" : "X-Force Vulnerability Report"
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-09-14T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4526",
"STATE" : "PUBLIC"
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.6.0"
},
{
"version_value" : "7.6.1"
}
]
},
"product_name" : "Maximo Asset Management"
}
]
}
"url": "https://www.ibm.com/support/pages/node/6332589",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6332589",
"title": "IBM Security Bulletin 6332589 (Maximo Asset Management)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182436",
"name": "ibm-maximo-cve20204526-csrf (182436)",
"title": "X-Force Vulnerability Report"
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2020-09-14T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4526",
"STATE": "PUBLIC"
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.6.0"
},
{
"version_value": "7.6.1"
}
]
},
"product_name": "Maximo Asset Management"
}
]
}
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AC" : "L",
"A" : "N",
"AV" : "N",
"I" : "L",
"S" : "U",
"C" : "N",
"UI" : "R",
"SCORE" : "4.300",
"PR" : "N"
}
}
},
"data_version" : "4.0",
"data_format" : "MITRE"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"AC": "L",
"A": "N",
"AV": "N",
"I": "L",
"S": "U",
"C": "N",
"UI": "R",
"SCORE": "4.300",
"PR": "N"
}
}
},
"data_version": "4.0",
"data_format": "MITRE"
}

206
2020/4xxx/CVE-2020-4530.json
View File

@ -1,106 +1,106 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"S" : "C",
"AV" : "N",
"I" : "L",
"SCORE" : "5.400",
"C" : "L",
"UI" : "R",
"PR" : "L"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "H"
}
}
},
"data_version" : "4.0",
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.0"
},
{
"version_value" : "8.5"
},
{
"version_value" : "8.6"
}
]
},
"product_name" : "Business Process Manager"
},
{
"version" : {
"version_data" : [
{
"version_value" : "C.D.0"
}
]
},
"product_name" : "Business Automation Workflow"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 182714."
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6332417",
"title" : "IBM Security Bulletin 6332417 (Business Automation Workflow)",
"url" : "https://www.ibm.com/support/pages/node/6332417",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/182714",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-baw-cve20204530-xss (182714)"
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-09-14T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4530",
"STATE" : "PUBLIC"
}
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"S": "C",
"AV": "N",
"I": "L",
"SCORE": "5.400",
"C": "L",
"UI": "R",
"PR": "L"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "H"
}
}
},
"data_version": "4.0",
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "8.6"
}
]
},
"product_name": "Business Process Manager"
},
{
"version": {
"version_data": [
{
"version_value": "C.D.0"
}
]
},
"product_name": "Business Automation Workflow"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 182714."
}
]
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6332417",
"title": "IBM Security Bulletin 6332417 (Business Automation Workflow)",
"url": "https://www.ibm.com/support/pages/node/6332417",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182714",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-baw-cve20204530-xss (182714)"
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2020-09-14T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4530",
"STATE": "PUBLIC"
}
}

178
2020/4xxx/CVE-2020-4703.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4703",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-09-14T00:00:00"
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6328867",
"title" : "IBM Security Bulletin 6328867 (Spectrum Protect Plus)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6328867"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187188",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-spectrum-cve20204703-file-upload (187188)"
}
]
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2020-4703",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-09-14T00:00:00"
},
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.6"
}
]
},
"product_name" : "Spectrum Protect Plus"
}
]
}
"name": "https://www.ibm.com/support/pages/node/6328867",
"title": "IBM Security Bulletin 6328867 (Spectrum Protect Plus)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6328867"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187188",
"title": "X-Force Vulnerability Report",
"name": "ibm-spectrum-cve20204703-file-upload (187188)"
}
]
}
},
"data_version" : "4.0",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
},
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.6"
}
]
},
"product_name": "Spectrum Protect Plus"
}
]
}
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"PR" : "L",
"C" : "H",
"UI" : "R",
"SCORE" : "8.000",
"I" : "H",
"AV" : "N",
"S" : "U",
"AC" : "L",
"A" : "H"
}
}
}
}
}
},
"data_version": "4.0",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"PR": "L",
"C": "H",
"UI": "R",
"SCORE": "8.000",
"I": "H",
"AV": "N",
"S": "U",
"AC": "L",
"A": "H"
}
}
}
}

178
2020/4xxx/CVE-2020-4711.json
View File

@ -1,93 +1,93 @@
{
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6328867 (Spectrum Protect Plus)",
"name" : "https://www.ibm.com/support/pages/node/6328867",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6328867"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187501",
"name" : "ibm-spectrum-cve20204711-info-disc (187501)",
"title" : "X-Force Vulnerability Report"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4711",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-09-14T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.6"
}
]
},
"product_name" : "Spectrum Protect Plus"
}
]
},
"vendor_name" : "IBM"
"title": "IBM Security Bulletin 6328867 (Spectrum Protect Plus)",
"name": "https://www.ibm.com/support/pages/node/6328867",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6328867"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187501",
"name": "ibm-spectrum-cve20204711-info-disc (187501)",
"title": "X-Force Vulnerability Report"
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"A" : "N",
"AC" : "L",
"S" : "U",
"AV" : "N",
"I" : "N",
"SCORE" : "6.500",
"UI" : "N",
"C" : "H",
"PR" : "L"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2020-4711",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-09-14T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.6"
}
]
},
"product_name": "Spectrum Protect Plus"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501."
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"A": "N",
"AC": "L",
"S": "U",
"AV": "N",
"I": "N",
"SCORE": "6.500",
"UI": "N",
"C": "H",
"PR": "L"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_format": "MITRE",
"data_version": "4.0"
}