From badb7b80195a3101cba6ba9be2af35d67e7d2154 Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Wed, 26 Jun 2019 10:27:50 -0400 Subject: [PATCH] IBM20190626-102750 Added CVE-2019-4234, CVE-2019-4235, CVE-2019-4225, CVE-2019-4224, CVE-2019-4241 --- 2019/4xxx/CVE-2019-4224.json | 123 ++++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4225.json | 123 ++++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4234.json | 123 ++++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4235.json | 123 ++++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4241.json | 123 ++++++++++++++++++++++++++++++----- 5 files changed, 540 insertions(+), 75 deletions(-) diff --git a/2019/4xxx/CVE-2019-4224.json b/2019/4xxx/CVE-2019-4224.json index 06d7a3c2a43..57fb21d6c70 100644 --- a/2019/4xxx/CVE-2019-4224.json +++ b/2019/4xxx/CVE-2019-4224.json @@ -1,18 +1,111 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4224", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "L", + "S" : "U", + "PR" : "L", + "AV" : "N", + "C" : "L", + "UI" : "N", + "SCORE" : "6.300", + "I" : "L", + "AC" : "L" + }, + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + } + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.", + "lang" : "eng" + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4224", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-05-31T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "title" : "IBM Security Bulletin 885602 (PureApplication System)", + "refsource" : "CONFIRM" + }, + { + "title" : "X-Force Vulnerability Report", + "name" : "ibm-pure-cve20194224-sql-injection (159240)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159240", + "refsource" : "XF" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "PureApplication System", + "version" : { + "version_data" : [ + { + "version_value" : "2.2.3.0" + }, + { + "version_value" : "2.2.3.1" + }, + { + "version_value" : "2.2.3.2" + }, + { + "version_value" : "2.2.4.0" + }, + { + "version_value" : "2.2.5.0" + }, + { + "version_value" : "2.2.5.1" + }, + { + "version_value" : "2.2.5.2" + }, + { + "version_value" : "2.2.5.3" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Data Manipulation", + "lang" : "eng" + } + ] + } + ] + }, + "data_version" : "4.0" +} diff --git a/2019/4xxx/CVE-2019-4225.json b/2019/4xxx/CVE-2019-4225.json index 12f65c3ad5c..ede80ba681f 100644 --- a/2019/4xxx/CVE-2019-4225.json +++ b/2019/4xxx/CVE-2019-4225.json @@ -1,18 +1,111 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4225", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "title" : "IBM Security Bulletin 885602 (PureApplication System)", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159242", + "name" : "ibm-pure-cve20194225-info-disc (159242)" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "PureApplication System", + "version" : { + "version_data" : [ + { + "version_value" : "2.2.3.0" + }, + { + "version_value" : "2.2.3.1" + }, + { + "version_value" : "2.2.3.2" + }, + { + "version_value" : "2.2.4.0" + }, + { + "version_value" : "2.2.5.0" + }, + { + "version_value" : "2.2.5.1" + }, + { + "version_value" : "2.2.5.2" + }, + { + "version_value" : "2.2.5.3" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "CVE_data_meta" : { + "ID" : "CVE-2019-4225", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-05-31T00:00:00", + "STATE" : "PUBLIC" + }, + "description" : { + "description_data" : [ + { + "value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.", + "lang" : "eng" + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "UI" : "N", + "SCORE" : "4.400", + "I" : "N", + "AC" : "L", + "A" : "N", + "S" : "U", + "PR" : "H", + "AV" : "L", + "C" : "H" + } + } + } +} diff --git a/2019/4xxx/CVE-2019-4234.json b/2019/4xxx/CVE-2019-4234.json index 0a01c6bf87c..6732ebd734e 100644 --- a/2019/4xxx/CVE-2019-4234.json +++ b/2019/4xxx/CVE-2019-4234.json @@ -1,18 +1,111 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4234", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Access", + "lang" : "eng" + } + ] + } + ] + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.2.3.0" + }, + { + "version_value" : "2.2.3.1" + }, + { + "version_value" : "2.2.3.2" + }, + { + "version_value" : "2.2.4.0" + }, + { + "version_value" : "2.2.5.0" + }, + { + "version_value" : "2.2.5.1" + }, + { + "version_value" : "2.2.5.2" + }, + { + "version_value" : "2.2.5.3" + } + ] + }, + "product_name" : "PureApplication System" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "title" : "IBM Security Bulletin 885602 (PureApplication System)", + "refsource" : "CONFIRM" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159416", + "name" : "ibm-pure-cve20194234-gain-access (159416)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-05-31T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4234" + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "N", + "AV" : "N", + "S" : "U", + "PR" : "L", + "A" : "N", + "AC" : "L", + "I" : "L", + "UI" : "N", + "SCORE" : "4.300" + }, + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + } + } + } +} diff --git a/2019/4xxx/CVE-2019-4235.json b/2019/4xxx/CVE-2019-4235.json index 242898d72ff..5a989d8336c 100644 --- a/2019/4xxx/CVE-2019-4235.json +++ b/2019/4xxx/CVE-2019-4235.json @@ -1,18 +1,111 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4235", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + }, + "BM" : { + "AC" : "H", + "I" : "N", + "UI" : "N", + "SCORE" : "5.900", + "C" : "H", + "AV" : "N", + "S" : "U", + "PR" : "N", + "A" : "N" + } + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417." + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "ID" : "CVE-2019-4235", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-05-31T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "title" : "IBM Security Bulletin 885602 (PureApplication System)" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-pure-cve20194235-info-disc (159417)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159417" + } + ] + }, + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "PureApplication System", + "version" : { + "version_data" : [ + { + "version_value" : "2.2.3.0" + }, + { + "version_value" : "2.2.3.1" + }, + { + "version_value" : "2.2.3.2" + }, + { + "version_value" : "2.2.4.0" + }, + { + "version_value" : "2.2.5.0" + }, + { + "version_value" : "2.2.5.1" + }, + { + "version_value" : "2.2.5.2" + }, + { + "version_value" : "2.2.5.3" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2019/4xxx/CVE-2019-4241.json b/2019/4xxx/CVE-2019-4241.json index d72cffc0f5f..73ad0d7b294 100644 --- a/2019/4xxx/CVE-2019-4241.json +++ b/2019/4xxx/CVE-2019-4241.json @@ -1,18 +1,111 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4241", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_type" : "CVE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-05-31T00:00:00", + "ID" : "CVE-2019-4241" + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Bypass Security" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 885602 (PureApplication System)", + "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159467", + "name" : "ibm-pure-cve20194241-auth-bypass (159467)", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.2.3.0" + }, + { + "version_value" : "2.2.3.1" + }, + { + "version_value" : "2.2.3.2" + }, + { + "version_value" : "2.2.4.0" + }, + { + "version_value" : "2.2.5.0" + }, + { + "version_value" : "2.2.5.1" + }, + { + "version_value" : "2.2.5.2" + }, + { + "version_value" : "2.2.5.3" + } + ] + }, + "product_name" : "PureApplication System" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "C" : "H", + "AV" : "L", + "S" : "U", + "PR" : "N", + "A" : "H", + "AC" : "L", + "I" : "H", + "UI" : "N", + "SCORE" : "8.400" + } + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467." + } + ] + } +}