admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20190626-102750

Browse Source 
Added CVE-2019-4234, CVE-2019-4235, CVE-2019-4225, CVE-2019-4224, CVE-2019-4241
This commit is contained in:
Scott Moore - IBM 2019-06-26 10:27:50 -04:00
parent c79d60a639
commit badb7b8019
No known key found for this signature in database
GPG Key ID: 95B9EA1B824C2926
5 changed files with 540 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
2019/4xxx/CVE-2019-4224.json
View File

@ -1,18 +1,111 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4224",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "L",
"S" : "U",
"PR" : "L",
"AV" : "N",
"C" : "L",
"UI" : "N",
"SCORE" : "6.300",
"I" : "L",
"AC" : "L"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4224",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-05-31T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title" : "IBM Security Bulletin 885602 (PureApplication System)",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-pure-cve20194224-sql-injection (159240)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159240",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "PureApplication System",
"version" : {
"version_data" : [
{
"version_value" : "2.2.3.0"
},
{
"version_value" : "2.2.3.1"
},
{
"version_value" : "2.2.3.2"
},
{
"version_value" : "2.2.4.0"
},
{
"version_value" : "2.2.5.0"
},
{
"version_value" : "2.2.5.1"
},
{
"version_value" : "2.2.5.2"
},
{
"version_value" : "2.2.5.3"
}
]
}
}
]
}
}
]
}
]
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Data Manipulation",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0"
}

121
2019/4xxx/CVE-2019-4225.json
View File

@ -1,18 +1,111 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4225",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title" : "IBM Security Bulletin 885602 (PureApplication System)",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159242",
"name" : "ibm-pure-cve20194225-info-disc (159242)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "PureApplication System",
"version" : {
"version_data" : [
{
"version_value" : "2.2.3.0"
},
{
"version_value" : "2.2.3.1"
},
{
"version_value" : "2.2.3.2"
},
{
"version_value" : "2.2.4.0"
},
{
"version_value" : "2.2.5.0"
},
{
"version_value" : "2.2.5.1"
},
{
"version_value" : "2.2.5.2"
},
{
"version_value" : "2.2.5.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2019-4225",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-05-31T00:00:00",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"UI" : "N",
"SCORE" : "4.400",
"I" : "N",
"AC" : "L",
"A" : "N",
"S" : "U",
"PR" : "H",
"AV" : "L",
"C" : "H"
}
}
}
}

121
2019/4xxx/CVE-2019-4234.json
View File

@ -1,18 +1,111 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4234",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.2.3.0"
},
{
"version_value" : "2.2.3.1"
},
{
"version_value" : "2.2.3.2"
},
{
"version_value" : "2.2.4.0"
},
{
"version_value" : "2.2.5.0"
},
{
"version_value" : "2.2.5.1"
},
{
"version_value" : "2.2.5.2"
},
{
"version_value" : "2.2.5.3"
}
]
},
"product_name" : "PureApplication System"
}
]
}
}
]
}
]
}
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title" : "IBM Security Bulletin 885602 (PureApplication System)",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159416",
"name" : "ibm-pure-cve20194234-gain-access (159416)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-05-31T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4234"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "N",
"AV" : "N",
"S" : "U",
"PR" : "L",
"A" : "N",
"AC" : "L",
"I" : "L",
"UI" : "N",
"SCORE" : "4.300"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
}
}

121
2019/4xxx/CVE-2019-4235.json
View File

@ -1,18 +1,111 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4235",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"AC" : "H",
"I" : "N",
"UI" : "N",
"SCORE" : "5.900",
"C" : "H",
"AV" : "N",
"S" : "U",
"PR" : "N",
"A" : "N"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417."
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2019-4235",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-05-31T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title" : "IBM Security Bulletin 885602 (PureApplication System)"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-pure-cve20194235-info-disc (159417)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159417"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "PureApplication System",
"version" : {
"version_data" : [
{
"version_value" : "2.2.3.0"
},
{
"version_value" : "2.2.3.1"
},
{
"version_value" : "2.2.3.2"
},
{
"version_value" : "2.2.4.0"
},
{
"version_value" : "2.2.5.0"
},
{
"version_value" : "2.2.5.1"
},
{
"version_value" : "2.2.5.2"
},
{
"version_value" : "2.2.5.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
]
}
}
}

121
2019/4xxx/CVE-2019-4241.json
View File

@ -1,18 +1,111 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4241",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-05-31T00:00:00",
"ID" : "CVE-2019-4241"
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Bypass Security"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 885602 (PureApplication System)",
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159467",
"name" : "ibm-pure-cve20194241-auth-bypass (159467)",
"title" : "X-Force Vulnerability Report"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.2.3.0"
},
{
"version_value" : "2.2.3.1"
},
{
"version_value" : "2.2.3.2"
},
{
"version_value" : "2.2.4.0"
},
{
"version_value" : "2.2.5.0"
},
{
"version_value" : "2.2.5.1"
},
{
"version_value" : "2.2.5.2"
},
{
"version_value" : "2.2.5.3"
}
]
},
"product_name" : "PureApplication System"
}
]
}
}
]
}
]
}
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"C" : "H",
"AV" : "L",
"S" : "U",
"PR" : "N",
"A" : "H",
"AC" : "L",
"I" : "H",
"UI" : "N",
"SCORE" : "8.400"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467."
}
]
}
}