diff --git a/2017/15xxx/CVE-2017-15691.json b/2017/15xxx/CVE-2017-15691.json index a4c89682606..a7513fdfc82 100644 --- a/2017/15xxx/CVE-2017-15691.json +++ b/2017/15xxx/CVE-2017-15691.json @@ -69,6 +69,11 @@ "name": "https://uima.apache.org/security_report#CVE-2017-15691", "refsource": "CONFIRM", "url": "https://uima.apache.org/security_report#CVE-2017-15691" + }, + { + "refsource": "MLIST", + "name": "[uima-commits] 20190501 svn commit: r1858489 - in /uima/site/trunk/uima-website: docs/security_report.html xdocs/security_report.xml", + "url": "https://lists.apache.org/thread.html/00407c65738e625a8cc9d732923a4ab2d8299603cc7c7e5cc2da9c79@%3Ccommits.uima.apache.org%3E" } ] } diff --git a/2018/18xxx/CVE-2018-18696.json b/2018/18xxx/CVE-2018-18696.json index 2fa39390a5f..98185dbfdcd 100644 --- a/2018/18xxx/CVE-2018-18696.json +++ b/2018/18xxx/CVE-2018-18696.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF." + "value": "** DISPUTED ** main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided (https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=en_US) and disagrees that this issue is a vulnerability. They also claim that MicroStrategy was never properly informed of this issue via normal support channels or their vulnerability reporting page on their website, so they were unable to evaluate the report or explain how this is something their customers view as a feature and not a security vulnerability." } ] }, @@ -61,6 +61,11 @@ "name": "20181203 CSRF Vulnerability in MicroStrategy Web application", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2018/Dec/3" + }, + { + "refsource": "MISC", + "name": "https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=en_US", + "url": "https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=en_US" } ] } diff --git a/2018/1xxx/CVE-2018-1608.json b/2018/1xxx/CVE-2018-1608.json index a297b53708c..1d7ceec6f44 100644 --- a/2018/1xxx/CVE-2018-1608.json +++ b/2018/1xxx/CVE-2018-1608.json @@ -1,108 +1,108 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10882778", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10882778", - "title" : "IBM Security Bulletin 882778 (Rational Engineering Lifecycle Manager)" - }, - { - "name" : "ibm-relm-cve20181608-info-disc (143798)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143798", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798." - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Engineering Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.0.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-04-29T00:00:00", - "ID" : "CVE-2018-1608" - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "AV" : "N", - "A" : "N", - "C" : "H", - "UI" : "N", - "S" : "U", - "SCORE" : "5.900", - "PR" : "N", - "I" : "N", - "AC" : "H" - } - } - }, - "data_format" : "MITRE" -} + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10882778", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10882778", + "title": "IBM Security Bulletin 882778 (Rational Engineering Lifecycle Manager)" + }, + { + "name": "ibm-relm-cve20181608-info-disc (143798)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143798", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Engineering Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.0.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-04-29T00:00:00", + "ID": "CVE-2018-1608" + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "AV": "N", + "A": "N", + "C": "H", + "UI": "N", + "S": "U", + "SCORE": "5.900", + "PR": "N", + "I": "N", + "AC": "H" + } + } + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1933.json b/2018/1xxx/CVE-2018-1933.json index 0546ac8b7e3..cc6c9731238 100644 --- a/2018/1xxx/CVE-2018-1933.json +++ b/2018/1xxx/CVE-2018-1933.json @@ -1,108 +1,108 @@ { - "data_version" : "4.0", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-04-29T00:00:00", - "ID" : "CVE-2018-1933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.0.3" - }, - { - "version_value" : "2.0" - }, - { - "version_value" : "2.0.1" - }, - { - "version_value" : "2.0.2" - }, - { - "version_value" : "2.0.4" - }, - { - "version_value" : "2.0.5" - }, - { - "version_value" : "2.0.6" - } - ] - }, - "product_name" : "Planning Analytics" - } - ] - } - } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153177.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "S" : "C", - "I" : "L", - "SCORE" : "5.400", - "PR" : "L", - "A" : "N", - "C" : "L", - "UI" : "R", - "AV" : "N" - }, - "TM" : { - "RC" : "C", - "E" : "H", - "RL" : "O" - } - } - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-04-29T00:00:00", + "ID": "CVE-2018-1933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.0.3" + }, + { + "version_value": "2.0" + }, + { + "version_value": "2.0.1" + }, + { + "version_value": "2.0.2" + }, + { + "version_value": "2.0.4" + }, + { + "version_value": "2.0.5" + }, + { + "version_value": "2.0.6" + } + ] + }, + "product_name": "Planning Analytics" + } + ] + } + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 879407 (Planning Analytics)", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879407", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879407" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153177", - "name" : "ibm-planning-cve20181933-xss (153177)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_type" : "CVE" -} + } + }, + "description": { + "description_data": [ + { + "value": "IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153177.", + "lang": "eng" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AC": "L", + "S": "C", + "I": "L", + "SCORE": "5.400", + "PR": "L", + "A": "N", + "C": "L", + "UI": "R", + "AV": "N" + }, + "TM": { + "RC": "C", + "E": "H", + "RL": "O" + } + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 879407 (Planning Analytics)", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10879407", + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10879407" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153177", + "name": "ibm-planning-cve20181933-xss (153177)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0213.json b/2019/0xxx/CVE-2019-0213.json index e25ee10c44b..c68b2fc62f3 100644 --- a/2019/0xxx/CVE-2019-0213.json +++ b/2019/0xxx/CVE-2019-0213.json @@ -73,6 +73,11 @@ "refsource": "MISC", "name": "http://archiva.apache.org/security.html#CVE-2019-0213", "url": "http://archiva.apache.org/security.html#CVE-2019-0213" + }, + { + "refsource": "MLIST", + "name": "[archiva-issues] 20190501 [jira] [Created] (MRM-1987) Port security fixes for 2.2.4 to 3.0.0", + "url": "https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb@%3Cissues.archiva.apache.org%3E" } ] }, diff --git a/2019/0xxx/CVE-2019-0214.json b/2019/0xxx/CVE-2019-0214.json index ed82813441f..3ba54dafb97 100644 --- a/2019/0xxx/CVE-2019-0214.json +++ b/2019/0xxx/CVE-2019-0214.json @@ -73,6 +73,11 @@ "refsource": "CONFIRM", "name": "http://archiva.apache.org/security.html#CVE-2019-0214", "url": "http://archiva.apache.org/security.html#CVE-2019-0214" + }, + { + "refsource": "MLIST", + "name": "[archiva-issues] 20190501 [jira] [Created] (MRM-1987) Port security fixes for 2.2.4 to 3.0.0", + "url": "https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb@%3Cissues.archiva.apache.org%3E" } ] }, diff --git a/2019/11xxx/CVE-2019-11596.json b/2019/11xxx/CVE-2019-11596.json index 1d9ba38a652..6e36f52c439 100644 --- a/2019/11xxx/CVE-2019-11596.json +++ b/2019/11xxx/CVE-2019-11596.json @@ -66,6 +66,11 @@ "url": "https://github.com/memcached/memcached/compare/ee1cfe3...50bdc9f", "refsource": "MISC", "name": "https://github.com/memcached/memcached/compare/ee1cfe3...50bdc9f" + }, + { + "refsource": "UBUNTU", + "name": "USN-3963-1", + "url": "https://usn.ubuntu.com/3963-1/" } ] } diff --git a/2019/11xxx/CVE-2019-11635.json b/2019/11xxx/CVE-2019-11635.json new file mode 100644 index 00000000000..56950f01e45 --- /dev/null +++ b/2019/11xxx/CVE-2019-11635.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11635", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4258.json b/2019/4xxx/CVE-2019-4258.json index 0fd288e2a1b..6b9e328826f 100644 --- a/2019/4xxx/CVE-2019-4258.json +++ b/2019/4xxx/CVE-2019-4258.json @@ -1,93 +1,93 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } - ] - } - ] - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 880591 (Sterling B2B Integrator)", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10880591", - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10880591" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159946", - "refsource" : "XF", - "name" : "ibm-sterling-cve20194258-xss (159946)" - } - ] - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "6.0.0.1" - } - ] - }, - "product_name" : "Sterling B2B Integrator" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] } - ] - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2019-4258", - "DATE_PUBLIC" : "2019-04-29T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159946." - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "H" - }, - "BM" : { - "SCORE" : "5.400", - "I" : "L", - "PR" : "L", - "S" : "C", - "UI" : "R", - "C" : "L", - "A" : "N", - "AV" : "N", - "AC" : "L" - } - } - } -} + ] + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 880591 (Sterling B2B Integrator)", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10880591", + "refsource": "CONFIRM", + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10880591" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159946", + "refsource": "XF", + "name": "ibm-sterling-cve20194258-xss (159946)" + } + ] + }, + "data_version": "4.0", + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.0.0.0" + }, + { + "version_value": "6.0.0.1" + } + ] + }, + "product_name": "Sterling B2B Integrator" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2019-4258", + "DATE_PUBLIC": "2019-04-29T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159946." + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "H" + }, + "BM": { + "SCORE": "5.400", + "I": "L", + "PR": "L", + "S": "C", + "UI": "R", + "C": "L", + "A": "N", + "AV": "N", + "AC": "L" + } + } + } +} \ No newline at end of file