admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20201216-153157

Browse Source 
Added CVE-2020-4658, CVE-2020-4906, CVE-2020-4908, CVE-2020-4905, CVE-2020-4907, CVE-2020-4657, CVE-2020-4904
This commit is contained in:
Scott Moore - IBM 2020-12-16 15:31:57 -05:00
parent bfd2dc432d
commit ae7f15ec17
No known key found for this signature in database
GPG Key ID: 8E6C411D57F2D75C
7 changed files with 615 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
2020/4xxx/CVE-2020-4657.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4657",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-12-15T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4657",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6382414",
"name" : "https://www.ibm.com/support/pages/node/6382414",
"title" : "IBM Security Bulletin 6382414 (Sterling B2B Integrator)",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186094",
"name" : "ibm-sterling-cve20204657-xss (186094)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"I" : "L",
"A" : "N",
"C" : "L",
"PR" : "N",
"S" : "C",
"SCORE" : "6.100",
"AC" : "L",
"AV" : "N",
"UI" : "R"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "6.0.3.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094."
}
]
}
}

105
2020/4xxx/CVE-2020-4658.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4658",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4658",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-12-15T00:00:00"
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186095."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.2.0.0"
},
{
"version_value" : "6.0.3.2"
}
]
},
"product_name" : "Sterling File Gateway"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"PR" : "N",
"C" : "L",
"A" : "N",
"I" : "L",
"UI" : "R",
"AC" : "L",
"AV" : "N",
"SCORE" : "6.100",
"S" : "C"
}
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6382416 (Sterling File Gateway)",
"name" : "https://www.ibm.com/support/pages/node/6382416",
"url" : "https://www.ibm.com/support/pages/node/6382416"
},
{
"name" : "ibm-sterling-cve20204658-xss (186095)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186095",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
}
}

102
2020/4xxx/CVE-2020-4904.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4904",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4904",
"DATE_PUBLIC" : "2020-12-15T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Financial Transaction Manager",
"version" : {
"version_data" : [
{
"version_value" : "3.2.4"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"UI" : "R",
"AV" : "N",
"AC" : "L",
"SCORE" : "4.300",
"S" : "U",
"PR" : "N",
"C" : "N",
"A" : "N",
"I" : "L"
}
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6371260 (Financial Transaction Manager)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6371260",
"name" : "https://www.ibm.com/support/pages/node/6371260"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191106",
"name" : "ibm-ftm-cve20204904-csrf (191106)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
}
]
}
}

102
2020/4xxx/CVE-2020-4905.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4905",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"value" : "IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6371260",
"name" : "https://www.ibm.com/support/pages/node/6371260",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6371260 (Financial Transaction Manager)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191109",
"name" : "ibm-ftm-cve20204905-info-disc (191109)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.2.4"
}
]
},
"product_name" : "Financial Transaction Manager"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"C" : "H",
"PR" : "N",
"I" : "N",
"A" : "N",
"AV" : "N",
"AC" : "H",
"UI" : "N",
"S" : "U",
"SCORE" : "5.900"
}
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4905",
"DATE_PUBLIC" : "2020-12-15T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_type" : "CVE"
}

102
2020/4xxx/CVE-2020-4906.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4906",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system."
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6371260 (Financial Transaction Manager)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6371260",
"name" : "https://www.ibm.com/support/pages/node/6371260"
},
{
"name" : "ibm-ftm-cve20204906-info-disc (191110)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191110",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"PR" : "N",
"C" : "L",
"A" : "N",
"I" : "N",
"UI" : "N",
"AV" : "L",
"AC" : "L",
"SCORE" : "4.000",
"S" : "U"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.2.4"
}
]
},
"product_name" : "Financial Transaction Manager"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4906",
"DATE_PUBLIC" : "2020-12-15T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"data_type" : "CVE"
}

102
2020/4xxx/CVE-2020-4907.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4907",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"value" : "IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"C" : "L",
"A" : "N",
"I" : "N",
"UI" : "N",
"AC" : "L",
"AV" : "N",
"SCORE" : "5.300",
"S" : "U"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.2.4"
}
]
},
"product_name" : "Financial Transaction Manager"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6371260 (Financial Transaction Manager)",
"name" : "https://www.ibm.com/support/pages/node/6371260",
"url" : "https://www.ibm.com/support/pages/node/6371260"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191112",
"name" : "ibm-ftm-cve20204907-info-disc (191112)"
}
]
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-12-15T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4907"
}
}

102
2020/4xxx/CVE-2020-4908.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4908",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4908",
"DATE_PUBLIC" : "2020-12-15T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog. This information could be used in further attacks against the system."
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6371260 (Financial Transaction Manager)",
"url" : "https://www.ibm.com/support/pages/node/6371260",
"name" : "https://www.ibm.com/support/pages/node/6371260"
},
{
"name" : "ibm-ftm-cve20204908-info-disc (191113)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191113",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"I" : "N",
"A" : "N",
"C" : "L",
"PR" : "N",
"S" : "U",
"SCORE" : "5.300",
"AC" : "L",
"AV" : "N",
"UI" : "N"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.2.4"
}
]
},
"product_name" : "Financial Transaction Manager"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
}
}