admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20190626-102750

Browse Source 
Added CVE-2019-4234, CVE-2019-4235, CVE-2019-4225, CVE-2019-4224, CVE-2019-4241
This commit is contained in:
Scott Moore - IBM 2019-06-26 10:27:50 -04:00
parent c79d60a639
commit badb7b8019
No known key found for this signature in database
GPG Key ID: 95B9EA1B824C2926
5 changed files with 540 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
2019/4xxx/CVE-2019-4224.json
View File

@ -1,18 +1,111 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4224",
"STATE": "RESERVED"
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "L",
"S" : "U",
"PR" : "L",
"AV" : "N",
"C" : "L",
"UI" : "N",
"SCORE" : "6.300",
"I" : "L",
"AC" : "L"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4224",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-05-31T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title" : "IBM Security Bulletin 885602 (PureApplication System)",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-pure-cve20194224-sql-injection (159240)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159240",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "PureApplication System",
"version" : {
"version_data" : [
{
"version_value" : "2.2.3.0"
},
{
"version_value" : "2.2.3.1"
},
{
"version_value" : "2.2.3.2"
},
{
"version_value" : "2.2.4.0"
},
{
"version_value" : "2.2.5.0"
},
{
"version_value" : "2.2.5.1"
},
{
"version_value" : "2.2.5.2"
},
{
"version_value" : "2.2.5.3"
}
]
}
}
]
}
}
]
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Data Manipulation",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0"
}

113
2019/4xxx/CVE-2019-4225.json
View File

@ -1,18 +1,111 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4225",
"STATE": "RESERVED"
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version" : "4.0",
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title" : "IBM Security Bulletin 885602 (PureApplication System)",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159242",
"name" : "ibm-pure-cve20194225-info-disc (159242)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PureApplication System",
"version" : {
"version_data" : [
{
"version_value" : "2.2.3.0"
},
{
"version_value" : "2.2.3.1"
},
{
"version_value" : "2.2.3.2"
},
{
"version_value" : "2.2.4.0"
},
{
"version_value" : "2.2.5.0"
},
{
"version_value" : "2.2.5.1"
},
{
"version_value" : "2.2.5.2"
},
{
"version_value" : "2.2.5.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2019-4225",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-05-31T00:00:00",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"UI" : "N",
"SCORE" : "4.400",
"I" : "N",
"AC" : "L",
"A" : "N",
"S" : "U",
"PR" : "H",
"AV" : "L",
"C" : "H"
}
}
}
}

113
2019/4xxx/CVE-2019-4234.json
View File

@ -1,18 +1,111 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4234",
"STATE": "RESERVED"
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version" : "4.0",
"description": {
"description_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.2.3.0"
},
{
"version_value" : "2.2.3.1"
},
{
"version_value" : "2.2.3.2"
},
{
"version_value" : "2.2.4.0"
},
{
"version_value" : "2.2.5.0"
},
{
"version_value" : "2.2.5.1"
},
{
"version_value" : "2.2.5.2"
},
{
"version_value" : "2.2.5.3"
}
]
},
"product_name" : "PureApplication System"
}
]
}
}
]
}
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title" : "IBM Security Bulletin 885602 (PureApplication System)",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159416",
"name" : "ibm-pure-cve20194234-gain-access (159416)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-05-31T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4234"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "N",
"AV" : "N",
"S" : "U",
"PR" : "L",
"A" : "N",
"AC" : "L",
"I" : "L",
"UI" : "N",
"SCORE" : "4.300"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
}
}

109
2019/4xxx/CVE-2019-4235.json
View File

@ -1,18 +1,111 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4235",
"STATE": "RESERVED"
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"AC" : "H",
"I" : "N",
"UI" : "N",
"SCORE" : "5.900",
"C" : "H",
"AV" : "N",
"S" : "U",
"PR" : "N",
"A" : "N"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417."
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2019-4235",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-05-31T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title" : "IBM Security Bulletin 885602 (PureApplication System)"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-pure-cve20194235-info-disc (159417)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159417"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PureApplication System",
"version" : {
"version_data" : [
{
"version_value" : "2.2.3.0"
},
{
"version_value" : "2.2.3.1"
},
{
"version_value" : "2.2.3.2"
},
{
"version_value" : "2.2.4.0"
},
{
"version_value" : "2.2.5.0"
},
{
"version_value" : "2.2.5.1"
},
{
"version_value" : "2.2.5.2"
},
{
"version_value" : "2.2.5.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
}

111
2019/4xxx/CVE-2019-4241.json
View File

@ -1,17 +1,110 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4241",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-05-31T00:00:00",
"ID" : "CVE-2019-4241"
},
"data_version" : "4.0",
"description": {
"description_data": [
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Bypass Security"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 885602 (PureApplication System)",
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159467",
"name" : "ibm-pure-cve20194241-auth-bypass (159467)",
"title" : "X-Force Vulnerability Report"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.2.3.0"
},
{
"version_value" : "2.2.3.1"
},
{
"version_value" : "2.2.3.2"
},
{
"version_value" : "2.2.4.0"
},
{
"version_value" : "2.2.5.0"
},
{
"version_value" : "2.2.5.1"
},
{
"version_value" : "2.2.5.2"
},
{
"version_value" : "2.2.5.3"
}
]
},
"product_name" : "PureApplication System"
}
]
}
}
]
}
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"C" : "H",
"AV" : "L",
"S" : "U",
"PR" : "N",
"A" : "H",
"AC" : "L",
"I" : "H",
"UI" : "N",
"SCORE" : "8.400"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467."
}
]
}