diff --git a/2018/1xxx/CVE-2018-1661.json b/2018/1xxx/CVE-2018-1661.json index 538bd8a5611..96f91cb89aa 100644 --- a/2018/1xxx/CVE-2018-1661.json +++ b/2018/1xxx/CVE-2018-1661.json @@ -1,77 +1,18 @@ { - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10744189", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10744189", - "title" : "IBM Security Bulletin 744189 (DataPower Gateways)" - }, - { - "name" : "ibm-websphere-cve20181661-csrf (144887)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144887" - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887." - } - ] - }, - "data_version" : "4.0", - "data_type" : "CVE", "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2018-1661", "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-12-12T00:00:00" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "UI" : "R", - "C" : "N", - "I" : "H", - "A" : "N", - "AV" : "N", - "SCORE" : "6.500", - "S" : "U", - "PR" : "N", - "AC" : "L" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } + "DATE_PUBLIC" : "2018-12-12T00:00:00", + "ID" : "CVE-2018-1661", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "DataPower Gateways", "version" : { "version_data" : [ { @@ -87,13 +28,70 @@ "version_value" : "7.6" } ] - }, - "product_name" : "DataPower Gateways" + } } ] - } + }, + "vendor_name" : "IBM" } ] } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "N", + "I" : "H", + "PR" : "N", + "S" : "U", + "SCORE" : "6.500", + "UI" : "R" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10744189", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10744189" + }, + { + "name" : "ibm-websphere-cve20181661-csrf(144887)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144887" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1677.json b/2018/1xxx/CVE-2018-1677.json index 1b2b89849c1..c534d1e95a4 100644 --- a/2018/1xxx/CVE-2018-1677.json +++ b/2018/1xxx/CVE-2018-1677.json @@ -1,28 +1,14 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Denial of Service", - "lang" : "eng" - } - ] - } - ] - }, - "data_format" : "MITRE", "CVE_data_meta" : { - "ID" : "CVE-2018-1677", - "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2018-12-12T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" + "ID" : "CVE-2018-1677", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -54,55 +40,67 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171." + } + ] + }, "impact" : { "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, "BM" : { - "PR" : "N", + "A" : "H", "AC" : "H", + "AV" : "L", "C" : "N", - "UI" : "N", + "I" : "N", + "PR" : "N", "S" : "U", "SCORE" : "5.100", - "AV" : "L", - "A" : "H", - "I" : "N" + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" } } }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Denial of Service" + } + ] + } + ] + }, "references" : { "reference_data" : [ { "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10744555", - "title" : "IBM Security Bulletin 744555 (DataPower Gateways)", "refsource" : "CONFIRM", "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10744555" }, { + "name" : "ibm-websphere-cve20181677-dos(145171)", "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145171", - "name" : "ibm-websphere-cve20181677-dos (145171)", - "title" : "X-Force Vulnerability Report" + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145171" } ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "data_type" : "CVE" + } } diff --git a/2018/1xxx/CVE-2018-1771.json b/2018/1xxx/CVE-2018-1771.json index eac389f85d1..955a1691cbb 100644 --- a/2018/1xxx/CVE-2018-1771.json +++ b/2018/1xxx/CVE-2018-1771.json @@ -1,29 +1,14 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "PR" : "N", - "AC" : "L", - "AV" : "L", - "A" : "H", - "I" : "H", - "SCORE" : "8.400", - "S" : "U", - "UI" : "N", - "C" : "H" - } - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-12-18T00:00:00", + "ID" : "CVE-2018-1771", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -40,16 +25,42 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, - "CVE_data_meta" : { - "ID" : "CVE-2018-1771", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-12-18T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "H", + "AC" : "L", + "AV" : "L", + "C" : "H", + "I" : "H", + "PR" : "N", + "S" : "U", + "SCORE" : "8.400", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } }, "problemtype" : { "problemtype_data" : [ @@ -63,31 +74,18 @@ } ] }, - "data_format" : "MITRE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687.", - "lang" : "eng" - } - ] - }, "references" : { "reference_data" : [ { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10743405", "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10743405", - "title" : "IBM Security Bulletin 743405 (Domino)", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10743405" + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10743405" }, { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148687", + "name" : "ibm-notes-cve20181771-priv-escalation(148687)", "refsource" : "XF", - "name" : "ibm-notes-cve20181771-priv-escalation (148687)", - "title" : "X-Force Vulnerability Report" + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148687" } ] - }, - "data_type" : "CVE" + } } diff --git a/2018/1xxx/CVE-2018-1778.json b/2018/1xxx/CVE-2018-1778.json index 599a92daf8c..d2a6c3af750 100644 --- a/2018/1xxx/CVE-2018-1778.json +++ b/2018/1xxx/CVE-2018-1778.json @@ -1,35 +1,14 @@ { - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if f the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to the other user’s data / access to their privileges (if the user happens to be an Admin for example). IBM X-Force ID: 148801." - } - ] - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733883", - "title" : "IBM Security Bulletin 733883 (API Connect)", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733883" - }, - { - "name" : "ibm-loopback-cve20181778-auth-bypass (148801)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148801", - "refsource" : "XF" - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-12-17T00:00:00", + "ID" : "CVE-2018-1778", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -52,48 +31,67 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if f the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to the other user’s data / access to their privileges (if the user happens to be an Admin for example). IBM X-Force ID: 148801." + } + ] + }, "impact" : { "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, "BM" : { - "PR" : "N", + "A" : "L", "AC" : "H", "AV" : "N", - "A" : "L", + "C" : "H", "I" : "H", + "PR" : "N", "S" : "U", "SCORE" : "7.700", - "C" : "H", "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" } } }, - "data_format" : "MITRE", "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Bypass Security", - "lang" : "eng" + "lang" : "eng", + "value" : "Bypass Security" } ] } ] }, - "CVE_data_meta" : { - "ID" : "CVE-2018-1778", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-12-17T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733883", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733883" + }, + { + "name" : "ibm-loopback-cve20181778-auth-bypass(148801)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148801" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1784.json b/2018/1xxx/CVE-2018-1784.json index 56eca9a47c7..78c926df4fa 100644 --- a/2018/1xxx/CVE-2018-1784.json +++ b/2018/1xxx/CVE-2018-1784.json @@ -1,4 +1,10 @@ { + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-12-18T00:00:00", + "ID" : "CVE-2018-1784", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ @@ -25,23 +31,34 @@ ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807." + } + ] + }, "impact" : { "cvssv3" : { "BM" : { - "UI" : "N", - "C" : "H", - "AV" : "N", "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "H", "I" : "L", - "SCORE" : "7.100", - "S" : "U", "PR" : "L", - "AC" : "L" + "S" : "U", + "SCORE" : "7.100", + "UI" : "N" }, "TM" : { "E" : "U", - "RL" : "O", - "RC" : "C" + "RC" : "C", + "RL" : "O" } } }, @@ -50,44 +67,25 @@ { "description" : [ { - "value" : "Gain Access", - "lang" : "eng" + "lang" : "eng", + "value" : "Gain Access" } ] } ] }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2018-12-18T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1784", - "STATE" : "PUBLIC" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807." - } - ] - }, "references" : { "reference_data" : [ { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10737883", "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10737883", - "title" : "IBM Security Bulletin 737883 (API Connect)", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10737883" + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10737883" }, { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-api-cve20181784-nosql-injection (148807)", + "name" : "ibm-api-cve20181784-nosql-injection(148807)", "refsource" : "XF", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148807" } ] - }, - "data_version" : "4.0", - "data_type" : "CVE" + } } diff --git a/2018/1xxx/CVE-2018-1973.json b/2018/1xxx/CVE-2018-1973.json index 25d149e2b59..ee88c7c02c7 100644 --- a/2018/1xxx/CVE-2018-1973.json +++ b/2018/1xxx/CVE-2018-1973.json @@ -1,49 +1,9 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914." - } - ] - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10788339", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 788339 (API Connect)", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10788339" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153914", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-api-cve20181973-priv-escalation (153914)" - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "PR" : "H", - "AC" : "L", - "C" : "H", - "UI" : "N", - "AV" : "N", - "A" : "H", - "I" : "H", - "S" : "U", - "SCORE" : "7.200" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-12-18T00:00:00", + "ID" : "CVE-2018-1973", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { @@ -52,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "API Connect", "version" : { "version_data" : [ { @@ -61,8 +22,7 @@ "version_value" : "5.0.8.4" } ] - }, - "product_name" : "API Connect" + } } ] }, @@ -71,11 +31,36 @@ ] } }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2018-1973", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-12-18T00:00:00" + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "H", + "AC" : "L", + "AV" : "N", + "C" : "H", + "I" : "H", + "PR" : "H", + "S" : "U", + "SCORE" : "7.200", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } }, "problemtype" : { "problemtype_data" : [ @@ -89,5 +74,18 @@ } ] }, - "data_format" : "MITRE" + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10788339", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10788339" + }, + { + "name" : "ibm-api-cve20181973-priv-escalation(153914)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153914" + } + ] + } } diff --git a/2018/5xxx/CVE-2018-5198.json b/2018/5xxx/CVE-2018-5198.json index cf282cc2591..8ade63ec897 100644 --- a/2018/5xxx/CVE-2018-5198.json +++ b/2018/5xxx/CVE-2018-5198.json @@ -39,7 +39,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "A race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. This results in remote code execution." + "value" : "In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. This results in remote code execution." } ] }, @@ -74,7 +74,8 @@ "references" : { "reference_data" : [ { - "refsource" : "CONFIRM", + "name" : "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30112", + "refsource" : "MISC", "url" : "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30112" } ] diff --git a/2018/5xxx/CVE-2018-5199.json b/2018/5xxx/CVE-2018-5199.json index c04bfba49a5..883c9cf66d8 100644 --- a/2018/5xxx/CVE-2018-5199.json +++ b/2018/5xxx/CVE-2018-5199.json @@ -39,7 +39,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Due to insufficient domain validation, It is possible to overwrite installation file to malicious file. A remote unauthenticated attacker may use this vulnerability to execute arbitrary file." + "value" : "In Veraport G3 ALL on MacOS, due to insufficient domain validation, It is possible to overwrite installation file to malicious file. A remote unauthenticated attacker may use this vulnerability to execute arbitrary file." } ] }, @@ -74,7 +74,8 @@ "references" : { "reference_data" : [ { - "refsource" : "CONFIRM", + "name" : "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30112", + "refsource" : "MISC", "url" : "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30112" } ] diff --git a/2018/5xxx/CVE-2018-5200.json b/2018/5xxx/CVE-2018-5200.json index ee29bc0fcc0..d15edf637e9 100644 --- a/2018/5xxx/CVE-2018-5200.json +++ b/2018/5xxx/CVE-2018-5200.json @@ -39,7 +39,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "KMPlayer have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution." + "value" : "KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution." } ] }, @@ -74,7 +74,8 @@ "references" : { "reference_data" : [ { - "refsource" : "CONFIRM", + "name" : "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30113", + "refsource" : "MISC", "url" : "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30113" } ] diff --git a/2018/6xxx/CVE-2018-6669.json b/2018/6xxx/CVE-2018-6669.json index 49c0941dd2e..fea738d40a4 100644 --- a/2018/6xxx/CVE-2018-6669.json +++ b/2018/6xxx/CVE-2018-6669.json @@ -1,92 +1,92 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@mcafee.com", - "ID": "CVE-2018-6669", - "STATE": "PUBLIC", - "TITLE": "Bypass Application Control through an ASP.NET form" + "CVE_data_meta" : { + "ASSIGNER" : "psirt@mcafee.com", + "ID" : "CVE-2018-6669", + "STATE" : "PUBLIC", + "TITLE" : "Bypass Application Control through an ASP.NET form" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "Application and Change Control", - "version": { - "version_data": [ + "product_name" : "Application and Change Control", + "version" : { + "version_data" : [ { - "affected": "<=", - "platform": "x86", - "version_name": "7.0.1", - "version_value": "7.0.1" + "affected" : "<=", + "platform" : "x86", + "version_name" : "7.0.1", + "version_value" : "7.0.1" } ] } } ] }, - "vendor_name": "McAfee" + "vendor_name" : "McAfee" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form." + "lang" : "eng", + "value" : "A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 6.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "version": "3.0" + "impact" : { + "cvss" : { + "attackComplexity" : "LOW", + "attackVector" : "ADJACENT_NETWORK", + "availabilityImpact" : "HIGH", + "baseScore" : 6.3, + "baseSeverity" : "MEDIUM", + "confidentialityImpact" : "LOW", + "integrityImpact" : "NONE", + "privilegesRequired" : "LOW", + "scope" : "UNCHANGED", + "userInteraction" : "NONE", + "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "version" : "3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "whitelist bypass vulnerability " + "lang" : "eng", + "value" : "whitelist bypass vulnerability " } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10261", - "refsource": "CONFIRM", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10261" + "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10261", + "refsource" : "CONFIRM", + "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10261" } ] }, - "solution": [ + "solution" : [ { - "lang": "eng", - "value": "Install or update to McAfee Application and Change Control (MACC) Application 8.0.0 and MACC ePO extension 8.0.0 or later." + "lang" : "eng", + "value" : "Install or update to McAfee Application and Change Control (MACC) Application 8.0.0 and MACC ePO extension 8.0.0 or later." } ], - "source": { - "advisory": "SB10261", - "discovery": "EXTERNAL" + "source" : { + "advisory" : "SB10261", + "discovery" : "EXTERNAL" } } diff --git a/2018/7xxx/CVE-2018-7365.json b/2018/7xxx/CVE-2018-7365.json index bd972eeeddd..4b5050f1a88 100644 --- a/2018/7xxx/CVE-2018-7365.json +++ b/2018/7xxx/CVE-2018-7365.json @@ -70,6 +70,7 @@ "references" : { "reference_data" : [ { + "name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010005", "refsource" : "CONFIRM", "url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010005" }