admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20181213-101622

Browse Source 
Added CVE-2018-1887, CVE-2018-1813, CVE-2018-1665, CVE-2018-1805, CVE-2018-1821, CVE-2018-1804, CVE-2017-1268, CVE-2018-1817, CVE-2018-1653, CVE-2018-1818, CVE-2018-1667, CVE-2018-1803, CVE-2018-1740, CVE-2018-1886, CVE-2018-1814, CVE-2018-1815
This commit is contained in:
Scott Moore - IBM 2018-12-13 10:16:22 -05:00
parent 34efc68afc
commit a70a63884a
No known key found for this signature in database
GPG Key ID: 95B9EA1B824C2926
16 changed files with 1471 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
2017/1xxx/CVE-2017-1268.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1268",
"STATE" : "RESERVED"
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1268"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10737077",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10737077",
"title" : "IBM Security Bulletin 737077 (Security Guardium)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124743",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-guardium-cve20171268-info-disc (124743)"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"AC" : "H",
"I" : "N",
"UI" : "N",
"A" : "N",
"C" : "H",
"AV" : "L",
"SCORE" : "5.900",
"S" : "C"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10"
},
{
"version_value" : "10.5"
}
]
},
"product_name" : "Security Guardium"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
}

106
2018/1xxx/CVE-2018-1653.json
View File

@ -1,18 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1653",
"STATE" : "RESERVED"
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.0"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"version_value" : "9.0.2.0"
},
{
"version_value" : "9.0.3.0"
},
{
"version_value" : "9.0.4.0"
},
{
"version_value" : "9.0.5.0"
}
]
},
"product_name" : "Security Access Manager Appliance"
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "L",
"UI" : "R",
"A" : "N",
"C" : "L",
"PR" : "L",
"AC" : "L",
"SCORE" : "5.400",
"S" : "C",
"AV" : "N"
},
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144726",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sam-cve20181653-xss (144726)",
"refsource" : "XF"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1653",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC"
}
}

121
2018/1xxx/CVE-2018-1665.json
View File

@ -1,18 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1665",
"STATE" : "RESERVED"
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "DataPower Gateway",
"version" : {
"version_data" : [
{
"version_value" : "7.6.0.0"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"version_value" : "7.6.0.10"
},
{
"version_value" : "7.5.2.0"
},
{
"version_value" : "7.5.2.17"
},
{
"version_value" : "7.5.1.0"
},
{
"version_value" : "7.5.1.17"
},
{
"version_value" : "7.5.0.0"
},
{
"version_value" : "7.7.0.0"
},
{
"version_value" : "7.7.1.3"
},
{
"version_value" : "7.5.0.18"
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891."
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"SCORE" : "5.900",
"S" : "U",
"PR" : "N",
"AC" : "H",
"I" : "N",
"UI" : "N",
"A" : "N",
"C" : "H"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 744195 (DataPower Gateway)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744195",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10744195",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-websphere-cve20181665-info-disc (144891)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144891",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2018-1665",
"ASSIGNER" : "psirt@us.ibm.com"
}
}

119
2018/1xxx/CVE-2018-1667.json
View File

@ -1,17 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1667",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144893.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
},
"BM" : {
"SCORE" : "5.400",
"S" : "C",
"AV" : "N",
"A" : "N",
"UI" : "R",
"I" : "L",
"C" : "L",
"PR" : "L",
"AC" : "L"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "DataPower Gateways",
"version" : {
"version_data" : [
{
"version_value" : "7.5.0.0"
},
{
"version_value" : "7.5.1.0"
},
{
"version_value" : "7.6.0.0"
},
{
"version_value" : "7.5.2.0"
},
{
"version_value" : "7.7.0.0"
},
{
"version_value" : "7.5.0.18"
},
{
"version_value" : "7.5.1.17"
},
{
"version_value" : "7.5.2.17"
},
{
"version_value" : "7.6.0.10"
},
{
"version_value" : "7.7.1.3"
}
]
}
}
]
}
}
]
}
},
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1667",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10744209",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10744209",
"title" : "IBM Security Bulletin 744209 (DataPower Gateways)"
},
{
"name" : "ibm-websphere-cve20181667-xss (144893)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144893"
}
]
}

106
2018/1xxx/CVE-2018-1740.json
View File

@ -1,18 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1740",
"STATE" : "RESERVED"
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.0"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"version_value" : "9.0.2.0"
},
{
"version_value" : "9.0.3.0"
},
{
"version_value" : "9.0.4.0"
},
{
"version_value" : "9.0.5.0"
}
]
},
"product_name" : "Security Access Manager Appliance"
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148419."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
},
"BM" : {
"PR" : "L",
"AC" : "L",
"I" : "L",
"A" : "N",
"UI" : "R",
"C" : "L",
"AV" : "N",
"SCORE" : "5.400",
"S" : "C"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148419",
"refsource" : "XF",
"name" : "ibm-sam-cve20181740-xss (148419)"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1740"
}
}

106
2018/1xxx/CVE-2018-1803.json
View File

@ -1,18 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1803",
"STATE" : "RESERVED"
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"references" : {
"reference_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149702",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sam-cve20181803-clickjacking (149702)",
"refsource" : "XF"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2018-1803",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.0"
},
{
"version_value" : "9.0.2.0"
},
{
"version_value" : "9.0.3.0"
},
{
"version_value" : "9.0.4.0"
},
{
"version_value" : "9.0.5.0"
}
]
},
"product_name" : "Security Access Manager Appliance"
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"PR" : "N",
"AC" : "L",
"A" : "N",
"UI" : "R",
"I" : "L",
"C" : "L",
"AV" : "N",
"S" : "C",
"SCORE" : "6.100"
}
}
},
"data_type" : "CVE"
}

106
2018/1xxx/CVE-2018-1804.json
View File

@ -1,18 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1804",
"STATE" : "RESERVED"
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager Appliance",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.0"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"version_value" : "9.0.2.0"
},
{
"version_value" : "9.0.3.0"
},
{
"version_value" : "9.0.4.0"
},
{
"version_value" : "9.0.5.0"
}
]
}
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"S" : "U",
"SCORE" : "3.700",
"AV" : "N",
"C" : "L",
"I" : "N",
"UI" : "N",
"A" : "N",
"PR" : "N",
"AC" : "H"
}
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703."
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)",
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149703",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-sam-cve20181804-info-disc (149703)"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1804",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"data_format" : "MITRE"
}

106
2018/1xxx/CVE-2018-1805.json
View File

@ -1,18 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1805",
"STATE" : "RESERVED"
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager Appliance",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.0"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"version_value" : "9.0.2.0"
},
{
"version_value" : "9.0.3.0"
},
{
"version_value" : "9.0.4.0"
},
{
"version_value" : "9.0.5.0"
}
]
}
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"C" : "L",
"UI" : "N",
"A" : "N",
"I" : "N",
"PR" : "L",
"AC" : "L",
"SCORE" : "4.300",
"S" : "U",
"AV" : "N"
}
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 149704.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)"
},
{
"name" : "ibm-sam-cve20181805-info-disc (149704)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149704",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1805"
},
"data_version" : "4.0",
"data_format" : "MITRE"
}

98
2018/1xxx/CVE-2018-1813.json
View File

@ -1,18 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1813",
"STATE" : "RESERVED"
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1813"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150017",
"refsource" : "XF",
"name" : "ibm-sam-cve20181813-input-validation (150017)"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "N",
"UI" : "N",
"A" : "N",
"I" : "L",
"AC" : "L",
"PR" : "L",
"S" : "U",
"SCORE" : "4.300",
"AV" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 150017.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.0"
},
{
"version_value" : "9.0.2.0"
},
{
"version_value" : "9.0.3.0"
},
{
"version_value" : "9.0.4.0"
},
{
"version_value" : "9.0.5.0"
}
]
},
"product_name" : "Security Access Manager Appliance"
}
]
}
}
]
}
}
}

98
2018/1xxx/CVE-2018-1814.json
View File

@ -1,17 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1814",
"STATE" : "RESERVED"
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"UI" : "N",
"I" : "N",
"C" : "H",
"PR" : "N",
"AC" : "H",
"SCORE" : "5.900",
"S" : "U",
"AV" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager Appliance",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.0"
},
{
"version_value" : "9.0.2.0"
},
{
"version_value" : "9.0.3.0"
},
{
"version_value" : "9.0.4.0"
},
{
"version_value" : "9.0.5.0"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2018-1814",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2018-12-11T00:00:00"
},
"data_version" : "4.0",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150018",
"name" : "ibm-sam-cve20181814-info-disc (150018)",
"refsource" : "XF"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
}

106
2018/1xxx/CVE-2018-1815.json
View File

@ -1,18 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1815",
"STATE" : "RESERVED"
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager Appliance",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.0"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"version_value" : "9.0.2.0"
},
{
"version_value" : "9.0.3.0"
},
{
"version_value" : "9.0.4.0"
},
{
"version_value" : "9.0.5.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "L",
"A" : "N",
"UI" : "R",
"C" : "L",
"AC" : "L",
"PR" : "N",
"S" : "C",
"SCORE" : "6.100",
"AV" : "N"
},
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
}
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150019."
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-sam-cve20181815-xss (150019)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150019",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1815",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"data_format" : "MITRE"
}

93
2018/1xxx/CVE-2018-1817.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1817",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"data_format" : "MITRE",
"CVE_data_meta" : {
"ID" : "CVE-2018-1817",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2018-12-11T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10737069",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 737069 (Security Guardium)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10737069"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150021",
"name" : "ibm-guardium-cve20181817-xss (150021)",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "H"
},
"BM" : {
"PR" : "N",
"AC" : "L",
"C" : "L",
"UI" : "R",
"A" : "N",
"I" : "L",
"AV" : "N",
"SCORE" : "6.100",
"S" : "C"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10"
},
{
"version_value" : "10.5"
}
]
},
"product_name" : "Security Guardium"
}
]
}
}
]
}
}
}

95
2018/1xxx/CVE-2018-1818.json
View File

@ -1,17 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1818",
"STATE" : "RESERVED"
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10737073",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 737073 (Security Guardium)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10737073"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150022",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-guardium-cve20181818-info-disc (150022)"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1818",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Guardium",
"version" : {
"version_data" : [
{
"version_value" : "10"
},
{
"version_value" : "10.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "C",
"SCORE" : "5.900",
"AV" : "L",
"I" : "N",
"UI" : "N",
"A" : "N",
"C" : "H",
"PR" : "N",
"AC" : "H"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 150022.",
"lang" : "eng"
}
]
}

98
2018/1xxx/CVE-2018-1821.json
View File

@ -1,17 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1821",
"STATE" : "RESERVED"
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"C" : "H",
"A" : "L",
"UI" : "N",
"I" : "N",
"PR" : "L",
"AC" : "L",
"SCORE" : "7.100",
"S" : "U",
"AV" : "N"
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Operational Decision Management",
"version" : {
"version_data" : [
{
"version_value" : "8.5"
},
{
"version_value" : "8.6"
},
{
"version_value" : "8.7"
},
{
"version_value" : "8.8"
},
{
"version_value" : "8.9"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-12-12T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1821"
},
"data_version" : "4.0",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 744149 (Operational Decision Management)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10744149",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10744149"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150170",
"name" : "ibm-websphere-cve20181821-xxe (150170)",
"refsource" : "XF"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
}

100
2018/1xxx/CVE-2018-1886.json
View File

@ -1,18 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1886",
"STATE" : "RESERVED"
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.0"
},
{
"version_value" : "9.0.2.0"
},
{
"version_value" : "9.0.3.0"
},
{
"version_value" : "9.0.4.0"
},
{
"version_value" : "9.0.5.0"
}
]
},
"product_name" : "Security Access Manager Appliance"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021."
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"SCORE" : "5.300",
"S" : "U",
"AV" : "N",
"C" : "L",
"I" : "N",
"A" : "N",
"UI" : "N",
"AC" : "L",
"PR" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"refsource" : "XF",
"name" : "ibm-sam-cve20181886-info-disc (152021)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152021"
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1886"
}
}

106
2018/1xxx/CVE-2018-1887.json
View File

@ -1,18 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1887",
"STATE" : "RESERVED"
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.0"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"version_value" : "9.0.2.0"
},
{
"version_value" : "9.0.3.0"
},
{
"version_value" : "9.0.4.0"
},
{
"version_value" : "9.0.5.0"
}
]
},
"product_name" : "Security Access Manager Appliance"
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"SCORE" : "5.900",
"S" : "C",
"AV" : "L",
"I" : "N",
"UI" : "N",
"A" : "N",
"C" : "H",
"PR" : "N",
"AC" : "H"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"title" : "IBM Security Bulletin 787785 (Security Access Manager Appliance)",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152078",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sam-cve20181887-info-disc (152078)",
"refsource" : "XF"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1887",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"STATE" : "PUBLIC"
}
}