From a9c2758269d74d36685c90b832f9e1449fcc14cb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 9 Nov 2020 21:01:50 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/14xxx/CVE-2020-14871.json | 5 + 2020/15xxx/CVE-2020-15768.json | 2 +- 2020/16xxx/CVE-2020-16009.json | 5 + 2020/16xxx/CVE-2020-16011.json | 5 + 2020/25xxx/CVE-2020-25015.json | 5 + 2020/28xxx/CVE-2020-28328.json | 5 + 2020/28xxx/CVE-2020-28364.json | 56 ++++++++-- 2020/28xxx/CVE-2020-28366.json | 18 ++++ 2020/28xxx/CVE-2020-28367.json | 18 ++++ 2020/28xxx/CVE-2020-28368.json | 18 ++++ 2020/28xxx/CVE-2020-28369.json | 18 ++++ 2020/28xxx/CVE-2020-28370.json | 18 ++++ 2020/4xxx/CVE-2020-4650.json | 192 ++++++++++++++++----------------- 2020/4xxx/CVE-2020-4651.json | 190 ++++++++++++++++---------------- 2020/4xxx/CVE-2020-4759.json | 178 +++++++++++++++--------------- 15 files changed, 446 insertions(+), 287 deletions(-) create mode 100644 2020/28xxx/CVE-2020-28366.json create mode 100644 2020/28xxx/CVE-2020-28367.json create mode 100644 2020/28xxx/CVE-2020-28368.json create mode 100644 2020/28xxx/CVE-2020-28369.json create mode 100644 2020/28xxx/CVE-2020-28370.json diff --git a/2020/14xxx/CVE-2020-14871.json b/2020/14xxx/CVE-2020-14871.json index 9e3fe3195c9..fc5a0d16ea0 100644 --- a/2020/14xxx/CVE-2020-14871.json +++ b/2020/14xxx/CVE-2020-14871.json @@ -68,6 +68,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2020.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html", + "url": "http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html" } ] } diff --git a/2020/15xxx/CVE-2020-15768.json b/2020/15xxx/CVE-2020-15768.json index 5b489569455..9441faac442 100644 --- a/2020/15xxx/CVE-2020-15768.json +++ b/2020/15xxx/CVE-2020-15768.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection allows remote attackers to obtain authentication cookies (if an XSS issue exists) via the /info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers, or /cache-node-info/headers path." + "value": "An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to discover a separate XSS vulnerability. This potentially allows an attacker to impersonate another user. Gradle Enterprise affected application request paths:/info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers. Gradle Enterprise Build Cache Node affected application request paths:/cache-node-info/headers." } ] }, diff --git a/2020/16xxx/CVE-2020-16009.json b/2020/16xxx/CVE-2020-16009.json index cbd58098856..5140805ade3 100644 --- a/2020/16xxx/CVE-2020-16009.json +++ b/2020/16xxx/CVE-2020-16009.json @@ -64,6 +64,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:1831", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00017.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/159974/Chrome-V8-Turbofan-Type-Confusion.html", + "url": "http://packetstormsecurity.com/files/159974/Chrome-V8-Turbofan-Type-Confusion.html" } ] }, diff --git a/2020/16xxx/CVE-2020-16011.json b/2020/16xxx/CVE-2020-16011.json index 93e2b32f0c2..e378944f321 100644 --- a/2020/16xxx/CVE-2020-16011.json +++ b/2020/16xxx/CVE-2020-16011.json @@ -64,6 +64,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:1831", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00017.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/159975/Chrome-ConvertToJavaBitmap-Heap-Buffer-Overflow.html", + "url": "http://packetstormsecurity.com/files/159975/Chrome-ConvertToJavaBitmap-Heap-Buffer-Overflow.html" } ] }, diff --git a/2020/25xxx/CVE-2020-25015.json b/2020/25xxx/CVE-2020-25015.json index 9237b9a7b96..1866140d11f 100644 --- a/2020/25xxx/CVE-2020-25015.json +++ b/2020/25xxx/CVE-2020-25015.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-4410/", "url": "https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-4410/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/159936/Genexis-Platinum-4410-P4410-V2-1.28-Missing-Access-Control-CSRF.html", + "url": "http://packetstormsecurity.com/files/159936/Genexis-Platinum-4410-P4410-V2-1.28-Missing-Access-Control-CSRF.html" } ] } diff --git a/2020/28xxx/CVE-2020-28328.json b/2020/28xxx/CVE-2020-28328.json index 9e102381260..29d61cf9871 100644 --- a/2020/28xxx/CVE-2020-28328.json +++ b/2020/28xxx/CVE-2020-28328.json @@ -61,6 +61,11 @@ "url": "https://github.com/mcorybillington/SuiteCRM-RCE", "refsource": "MISC", "name": "https://github.com/mcorybillington/SuiteCRM-RCE" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/159937/SuiteCRM-7.11.15-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/159937/SuiteCRM-7.11.15-Remote-Code-Execution.html" } ] } diff --git a/2020/28xxx/CVE-2020-28364.json b/2020/28xxx/CVE-2020-28364.json index 6e739ab42bf..80f4b7d6c8b 100644 --- a/2020/28xxx/CVE-2020-28364.json +++ b/2020/28xxx/CVE-2020-28364.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28364", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28364", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust before 1.3.2, if the installation violates the usage expectations by exposing this UI to outside users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.locust.io/en/stable/changelog.html", + "refsource": "MISC", + "name": "https://docs.locust.io/en/stable/changelog.html" } ] } diff --git a/2020/28xxx/CVE-2020-28366.json b/2020/28xxx/CVE-2020-28366.json new file mode 100644 index 00000000000..987c92ff4d7 --- /dev/null +++ b/2020/28xxx/CVE-2020-28366.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28366", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28367.json b/2020/28xxx/CVE-2020-28367.json new file mode 100644 index 00000000000..747e2d09ebd --- /dev/null +++ b/2020/28xxx/CVE-2020-28367.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28367", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28368.json b/2020/28xxx/CVE-2020-28368.json new file mode 100644 index 00000000000..9c2858a1c01 --- /dev/null +++ b/2020/28xxx/CVE-2020-28368.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28368", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28369.json b/2020/28xxx/CVE-2020-28369.json new file mode 100644 index 00000000000..2ee219aefe9 --- /dev/null +++ b/2020/28xxx/CVE-2020-28369.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28369", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28370.json b/2020/28xxx/CVE-2020-28370.json new file mode 100644 index 00000000000..c93af32285b --- /dev/null +++ b/2020/28xxx/CVE-2020-28370.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28370", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4650.json b/2020/4xxx/CVE-2020-4650.json index 10599db4572..9ab9b161318 100644 --- a/2020/4xxx/CVE-2020-4650.json +++ b/2020/4xxx/CVE-2020-4650.json @@ -1,99 +1,99 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023." - } - ] - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6361769 (Maximo Spatial Asset Management)", - "name" : "https://www.ibm.com/support/pages/node/6361769", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6361769" - }, - { - "name" : "ibm-maximo-cve20204650-info-disc (186023)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186023" - } - ] - }, - "data_version" : "4.0", - "data_type" : "CVE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-11-06T00:00:00", - "ID" : "CVE-2020-4650", - "STATE" : "PUBLIC" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "L", - "PR" : "N", - "UI" : "N", - "I" : "N", - "SCORE" : "4.000", - "A" : "N", - "C" : "L", - "AC" : "L", - "S" : "U" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.6.0.3" - }, - { - "version_value" : "7.6.0.4" - }, - { - "version_value" : "7.6.0.5" - }, - { - "version_value" : "7.6.1.0" - } - ] - }, - "product_name" : "Maximo Spatial Asset Management" - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023." } - ] - } - }, - "data_format" : "MITRE" -} + ] + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6361769 (Maximo Spatial Asset Management)", + "name": "https://www.ibm.com/support/pages/node/6361769", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6361769" + }, + { + "name": "ibm-maximo-cve20204650-info-disc (186023)", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186023" + } + ] + }, + "data_version": "4.0", + "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-11-06T00:00:00", + "ID": "CVE-2020-4650", + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AV": "L", + "PR": "N", + "UI": "N", + "I": "N", + "SCORE": "4.000", + "A": "N", + "C": "L", + "AC": "L", + "S": "U" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.6.0.3" + }, + { + "version_value": "7.6.0.4" + }, + { + "version_value": "7.6.0.5" + }, + { + "version_value": "7.6.1.0" + } + ] + }, + "product_name": "Maximo Spatial Asset Management" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4651.json b/2020/4xxx/CVE-2020-4651.json index fc7bcf2804b..d9b24ae772c 100644 --- a/2020/4xxx/CVE-2020-4651.json +++ b/2020/4xxx/CVE-2020-4651.json @@ -1,99 +1,99 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186024." - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-11-06T00:00:00", - "ID" : "CVE-2020-4651", - "STATE" : "PUBLIC" - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6361767", - "title" : "IBM Security Bulletin 6361767 (Maximo Spatial Asset Management)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6361767" - }, - { - "name" : "ibm-maximo-cve20204651-csrf (186024)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186024" - } - ] - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Maximo Spatial Asset Management", - "version" : { - "version_data" : [ - { - "version_value" : "7.6.0.3" - }, - { - "version_value" : "7.6.0.4" - }, - { - "version_value" : "7.6.0.5" - }, - { - "version_value" : "7.6.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186024." } - ] - } - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "I" : "H", - "UI" : "R", - "SCORE" : "4.800", - "AV" : "A", - "PR" : "N", - "S" : "U", - "A" : "N", - "AC" : "H", - "C" : "N" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-11-06T00:00:00", + "ID": "CVE-2020-4651", + "STATE": "PUBLIC" + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6361767", + "title": "IBM Security Bulletin 6361767 (Maximo Spatial Asset Management)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6361767" + }, + { + "name": "ibm-maximo-cve20204651-csrf (186024)", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186024" + } + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Maximo Spatial Asset Management", + "version": { + "version_data": [ + { + "version_value": "7.6.0.3" + }, + { + "version_value": "7.6.0.4" + }, + { + "version_value": "7.6.0.5" + }, + { + "version_value": "7.6.1.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_format" : "MITRE" -} + } + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "I": "H", + "UI": "R", + "SCORE": "4.800", + "AV": "A", + "PR": "N", + "S": "U", + "A": "N", + "AC": "H", + "C": "N" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4759.json b/2020/4xxx/CVE-2020-4759.json index 50ca36a4054..56048e4e4eb 100644 --- a/2020/4xxx/CVE-2020-4759.json +++ b/2020/4xxx/CVE-2020-4759.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4759", - "DATE_PUBLIC" : "2020-11-06T00:00:00" - }, - "data_type" : "CVE", - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6336917 (FileNet Content Manager)", - "name" : "https://www.ibm.com/support/pages/node/6336917", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6336917" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/188736", - "refsource" : "XF", - "name" : "ibm-filenet-cve20204759-csv-injection (188736)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736." - } - ] - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "H", - "AC" : "H", - "A" : "H", - "S" : "U", - "PR" : "N", - "AV" : "L", - "SCORE" : "7.000", - "UI" : "R", - "I" : "H" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4759", + "DATE_PUBLIC": "2020-11-06T00:00:00" + }, + "data_type": "CVE", + "data_version": "4.0", + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "5.5.4" - }, - { - "version_value" : "5.5.5" - } - ] - }, - "product_name" : "FileNet Content Manager" - } - ] - }, - "vendor_name" : "IBM" + "title": "IBM Security Bulletin 6336917 (FileNet Content Manager)", + "name": "https://www.ibm.com/support/pages/node/6336917", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6336917" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188736", + "refsource": "XF", + "name": "ibm-filenet-cve20204759-csv-injection (188736)", + "title": "X-Force Vulnerability Report" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736." + } + ] + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "C": "H", + "AC": "H", + "A": "H", + "S": "U", + "PR": "N", + "AV": "L", + "SCORE": "7.000", + "UI": "R", + "I": "H" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "5.5.4" + }, + { + "version_value": "5.5.5" + } + ] + }, + "product_name": "FileNet Content Manager" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + } +} \ No newline at end of file