From ab6ada7e6da764f97166d45ced56270a00f64f4f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 7 Sep 2018 12:05:18 -0400 Subject: [PATCH] - Synchronized data. --- 2017/1xxx/CVE-2017-1114.json | 64 ++++++++------- 2017/1xxx/CVE-2017-1115.json | 140 ++++++++++++++++----------------- 2017/2xxx/CVE-2017-2792.json | 4 +- 2017/2xxx/CVE-2017-2795.json | 4 +- 2018/16xxx/CVE-2018-16661.json | 18 +++++ 2018/16xxx/CVE-2018-16662.json | 18 +++++ 2018/1xxx/CVE-2018-1567.json | 104 ++++++++++++------------ 2018/1xxx/CVE-2018-1756.json | 74 +++++++++-------- 2018/1xxx/CVE-2018-1757.json | 100 ++++++++++++----------- 2018/1xxx/CVE-2018-1789.json | 124 ++++++++++++++--------------- 10 files changed, 339 insertions(+), 311 deletions(-) create mode 100644 2018/16xxx/CVE-2018-16661.json create mode 100644 2018/16xxx/CVE-2018-16662.json diff --git a/2017/1xxx/CVE-2017-1114.json b/2017/1xxx/CVE-2017-1114.json index b886cf52085..433af33ed4e 100644 --- a/2017/1xxx/CVE-2017-1114.json +++ b/2017/1xxx/CVE-2017-1114.json @@ -1,13 +1,18 @@ { - "data_version" : "4.0", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-08-29T00:00:00", + "ID" : "CVE-2017-1114", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "Campaign", "version" : { "version_data" : [ { @@ -20,49 +25,46 @@ "version_value" : "10" } ] - }, - "product_name" : "Campaign" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121152." + } + ] + }, "impact" : { "cvssv3" : { "BM" : { "A" : "N", - "PR" : "L", "AC" : "L", - "S" : "C", - "UI" : "R", + "AV" : "N", "C" : "L", "I" : "L", + "PR" : "L", + "S" : "C", "SCORE" : "5.400", - "AV" : "N" + "UI" : "R" }, "TM" : { - "RL" : "O", "E" : "H", - "RC" : "C" + "RC" : "C", + "RL" : "O" } } }, - "description" : { - "description_data" : [ - { - "value" : "IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121152.", - "lang" : "eng" - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-08-29T00:00:00", - "ID" : "CVE-2017-1114", - "STATE" : "PUBLIC" - }, "problemtype" : { "problemtype_data" : [ { @@ -79,18 +81,14 @@ "reference_data" : [ { "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10729773", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10729773", "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 0729773 (Campaign)" + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10729773" }, { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121152", + "name" : "ibm-campaign-cve20171114-xss(121152)", "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-campaign-cve20171114-xss (121152)" + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121152" } ] - }, - "data_type" : "CVE", - "data_format" : "MITRE" + } } diff --git a/2017/1xxx/CVE-2017-1115.json b/2017/1xxx/CVE-2017-1115.json index 9deb41bada6..72f300da016 100644 --- a/2017/1xxx/CVE-2017-1115.json +++ b/2017/1xxx/CVE-2017-1115.json @@ -1,6 +1,70 @@ { + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-08-29T00:00:00", + "ID" : "CVE-2017-1115", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Campaign", + "version" : { + "version_data" : [ + { + "version_value" : "9.1" + }, + { + "version_value" : "9.1.2" + }, + { + "version_value" : "10" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, "data_format" : "MITRE", "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { @@ -16,81 +80,15 @@ "references" : { "reference_data" : [ { - "title" : "IBM Security Bulletin 0729769 (Campaign)", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10729769", "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10729769", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10729769" + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10729769" }, { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121153", + "name" : "ibm-campaign-cve20171115-html-injection(121153)", "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-campaign-cve20171115-html-injection (121153)" + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121153" } ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2018-08-29T00:00:00", - "ID" : "CVE-2017-1115", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153." - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "SCORE" : "5.400", - "AV" : "N", - "C" : "L", - "I" : "L", - "S" : "C", - "AC" : "L", - "UI" : "R", - "PR" : "L", - "A" : "N" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "9.1" - }, - { - "version_value" : "9.1.2" - }, - { - "version_value" : "10" - } - ] - }, - "product_name" : "Campaign" - } - ] - } - } - ] - } - }, - "data_version" : "4.0" + } } diff --git a/2017/2xxx/CVE-2017-2792.json b/2017/2xxx/CVE-2017-2792.json index 36a9cfeb9dc..7fbdc0c4ea6 100644 --- a/2017/2xxx/CVE-2017-2792.json +++ b/2017/2xxx/CVE-2017-2792.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of AntennaHouse DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to trigger this vulnerability." + "value" : "An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to trigger this vulnerability." } ] }, @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0284", + "refsource" : "MISC", "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0284" } ] diff --git a/2017/2xxx/CVE-2017-2795.json b/2017/2xxx/CVE-2017-2795.json index de809a046ab..c0341921398 100644 --- a/2017/2xxx/CVE-2017-2795.json +++ b/2017/2xxx/CVE-2017-2795.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "An exploitable heap corruption vulnerability exists in the Txo functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability." + "value" : "An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability." } ] }, @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0288", + "refsource" : "MISC", "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0288" } ] diff --git a/2018/16xxx/CVE-2018-16661.json b/2018/16xxx/CVE-2018-16661.json new file mode 100644 index 00000000000..3e79bc3eb89 --- /dev/null +++ b/2018/16xxx/CVE-2018-16661.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-16661", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/16xxx/CVE-2018-16662.json b/2018/16xxx/CVE-2018-16662.json new file mode 100644 index 00000000000..6f21b0cc629 --- /dev/null +++ b/2018/16xxx/CVE-2018-16662.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-16662", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/1xxx/CVE-2018-1567.json b/2018/1xxx/CVE-2018-1567.json index 3fb54b2f995..0b20cc91a92 100644 --- a/2018/1xxx/CVE-2018-1567.json +++ b/2018/1xxx/CVE-2018-1567.json @@ -1,48 +1,10 @@ { "CVE_data_meta" : { "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1567", "DATE_PUBLIC" : "2018-09-05T00:00:00", + "ID" : "CVE-2018-1567", "STATE" : "PUBLIC" }, - "description" : { - "description_data" : [ - { - "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024.", - "lang" : "eng" - } - ] - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg22016254", - "title" : "IBM Security Bulletin 2016254 (WebSphere Application Server)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg22016254" - }, - { - "name" : "ibm-websphere-cve20181567-code-exec (143024)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143024" - } - ] - }, "affects" : { "vendor" : { "vendor_data" : [ @@ -50,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "WebSphere Application Server", "version" : { "version_data" : [ { @@ -65,8 +28,7 @@ "version_value" : "9.0" } ] - }, - "product_name" : "WebSphere Application Server" + } } ] }, @@ -75,25 +37,61 @@ ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024." + } + ] + }, "impact" : { "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, "BM" : { "A" : "H", - "PR" : "N", - "UI" : "N", "AC" : "L", - "S" : "U", - "I" : "H", - "C" : "H", "AV" : "N", - "SCORE" : "9.800" + "C" : "H", + "I" : "H", + "PR" : "N", + "S" : "U", + "SCORE" : "9.800", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" } } }, - "data_version" : "4.0" + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=swg22016254", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=swg22016254" + }, + { + "name" : "ibm-websphere-cve20181567-code-exec(143024)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143024" + } + ] + } } diff --git a/2018/1xxx/CVE-2018-1756.json b/2018/1xxx/CVE-2018-1756.json index 33438227e15..599c3c14829 100644 --- a/2018/1xxx/CVE-2018-1756.json +++ b/2018/1xxx/CVE-2018-1756.json @@ -1,5 +1,10 @@ { - "data_version" : "4.0", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-08-27T00:00:00", + "ID" : "CVE-2018-1756", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ @@ -7,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "Security Identity Governance and Intelligence", "version" : { "version_data" : [ { @@ -16,8 +22,7 @@ "version_value" : "5.2.4" } ] - }, - "product_name" : "Security Identity Governance and Intelligence" + } } ] }, @@ -26,41 +31,37 @@ ] } }, - "impact" : { - "cvssv3" : { - "BM" : { - "SCORE" : "7.500", - "AV" : "N", - "C" : "H", - "I" : "N", - "PR" : "N", - "A" : "N", - "AC" : "L", - "S" : "U", - "UI" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599." + "value" : "IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599." } ] }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-08-27T00:00:00", - "ID" : "CVE-2018-1756" + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "7.500", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } }, - "data_format" : "MITRE", "problemtype" : { "problemtype_data" : [ { @@ -73,20 +74,17 @@ } ] }, - "data_type" : "CVE", "references" : { "reference_data" : [ { "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10728883", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10728883", - "title" : "IBM Security Bulletin 0728883 (Security Identity Governance and Intelligence)", - "refsource" : "CONFIRM" + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10728883" }, { - "name" : "ibm-sig-cve20181756-sql-injection (148599)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148599", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" + "name" : "ibm-sig-cve20181756-sql-injection(148599)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148599" } ] } diff --git a/2018/1xxx/CVE-2018-1757.json b/2018/1xxx/CVE-2018-1757.json index 645626bd5b5..9e6cf7953d7 100644 --- a/2018/1xxx/CVE-2018-1757.json +++ b/2018/1xxx/CVE-2018-1757.json @@ -1,49 +1,10 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. IBM X-Force ID: 148601.", - "lang" : "eng" - } - ] - }, "CVE_data_meta" : { "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", "DATE_PUBLIC" : "2018-08-27T00:00:00", - "ID" : "CVE-2018-1757" + "ID" : "CVE-2018-1757", + "STATE" : "PUBLIC" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 0728883 (Security Identity Governance and Intelligence)", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10728883", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10728883" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148601", - "name" : "ibm-sig-cve20181757-info-disc (148601)" - } - ] - }, - "data_version" : "4.0", "affects" : { "vendor" : { "vendor_data" : [ @@ -70,24 +31,61 @@ ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. IBM X-Force ID: 148601." + } + ] + }, "impact" : { "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, "BM" : { - "SCORE" : "5.300", + "A" : "N", + "AC" : "L", "AV" : "N", "C" : "L", "I" : "N", - "S" : "U", - "AC" : "L", - "UI" : "N", "PR" : "N", - "A" : "N" + "S" : "U", + "SCORE" : "5.300", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" } } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10728883", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10728883" + }, + { + "name" : "ibm-sig-cve20181757-info-disc(148601)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148601" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1789.json b/2018/1xxx/CVE-2018-1789.json index 3784368030f..8007c6f9ba6 100644 --- a/2018/1xxx/CVE-2018-1789.json +++ b/2018/1xxx/CVE-2018-1789.json @@ -1,67 +1,9 @@ { "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2018-09-04T00:00:00", "ID" : "CVE-2018-1789", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939." - } - ] - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 0728517 (API Connect)", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10728517", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10728517" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148939", - "name" : "ibm-api-cve20181789-ssrf (148939)" - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "SCORE" : "8.400", - "AV" : "N", - "C" : "H", - "I" : "H", - "PR" : "L", - "A" : "L", - "S" : "C", - "AC" : "H", - "UI" : "N" - } - } + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { @@ -70,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "API Connect", "version" : { "version_data" : [ { @@ -121,8 +64,7 @@ "version_value" : "2018.3.4" } ] - }, - "product_name" : "API Connect" + } } ] }, @@ -131,5 +73,61 @@ ] } }, - "data_version" : "4.0" + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "L", + "AC" : "H", + "AV" : "N", + "C" : "H", + "I" : "H", + "PR" : "L", + "S" : "C", + "SCORE" : "8.400", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10728517", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10728517" + }, + { + "name" : "ibm-api-cve20181789-ssrf(148939)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148939" + } + ] + } }