From 753f46f99fc2aba756dbebe6f3934d031143f5c3 Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Wed, 26 May 2021 12:14:14 -0400 Subject: [PATCH] IBM20210526-121414 Added CVE-2021-20487, CVE-2019-4588, CVE-2021-20486, CVE-2021-20492 --- 2019/4xxx/CVE-2019-4588.json | 114 ++++++++++++++++++++++++++++----- 2021/20xxx/CVE-2021-20486.json | 102 ++++++++++++++++++++++++----- 2021/20xxx/CVE-2021-20487.json | 111 +++++++++++++++++++++++++++----- 2021/20xxx/CVE-2021-20492.json | 111 +++++++++++++++++++++++++++----- 4 files changed, 378 insertions(+), 60 deletions(-) diff --git a/2019/4xxx/CVE-2019-4588.json b/2019/4xxx/CVE-2019-4588.json index ad990c669bb..8184bcbd11a 100644 --- a/2019/4xxx/CVE-2019-4588.json +++ b/2019/4xxx/CVE-2019-4588.json @@ -1,18 +1,102 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4588", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "value" : "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "H", + "A" : "H", + "S" : "U", + "SCORE" : "7.400", + "AC" : "H", + "PR" : "N", + "I" : "H", + "UI" : "N", + "AV" : "L" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + } + } + }, + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "9.7" + }, + { + "version_value" : "11.1" + }, + { + "version_value" : "11.5" + } + ] + }, + "product_name" : "DB2 for Linux, UNIX and Windows" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4588", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-05-25T00:00:00" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6456029", + "name" : "https://www.ibm.com/support/pages/node/6456029", + "title" : "IBM Security Bulletin 6456029 (DB2 for Linux, UNIX and Windows)", + "refsource" : "CONFIRM" + }, + { + "name" : "ibm-db2-cve20194588-code-exec (167365)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/167365", + "refsource" : "XF" + } + ] + } +} diff --git a/2021/20xxx/CVE-2021-20486.json b/2021/20xxx/CVE-2021-20486.json index 5349f22703d..56c6b78d1ee 100644 --- a/2021/20xxx/CVE-2021-20486.json +++ b/2021/20xxx/CVE-2021-20486.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-20486", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "PR" : "L", + "AC" : "H", + "I" : "N", + "UI" : "N", + "AV" : "N", + "C" : "H", + "A" : "N", + "S" : "U", + "SCORE" : "5.300" + } + } + }, + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668." + } + ] + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6456033", + "name" : "https://www.ibm.com/support/pages/node/6456033", + "title" : "IBM Security Bulletin 6456033 (Cloud Pak for Data)", + "refsource" : "CONFIRM" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/197668", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-cp4d-cve202120486-info-disc (197668)", + "refsource" : "XF" + } + ] + }, + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "3.0" + } + ] + }, + "product_name" : "Cloud Pak for Data" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2021-20486", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-05-25T00:00:00" + } +} diff --git a/2021/20xxx/CVE-2021-20487.json b/2021/20xxx/CVE-2021-20487.json index f897d778c1b..585a1d8d5a9 100644 --- a/2021/20xxx/CVE-2021-20487.json +++ b/2021/20xxx/CVE-2021-20487.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-20487", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "value" : "IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "AV" : "N", + "UI" : "N", + "I" : "H", + "AC" : "H", + "PR" : "H", + "SCORE" : "8.000", + "S" : "C", + "A" : "H", + "C" : "H" + } + } + }, + "data_format" : "MITRE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2021-20487", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2021-05-25T00:00:00" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "FW930" + }, + { + "version_value" : "FW940" + }, + { + "version_value" : "FW941" + }, + { + "version_value" : "OP940" + } + ] + }, + "product_name" : "Power 9 Systems" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6455911 (Power 9 Systems)", + "name" : "https://www.ibm.com/support/pages/node/6455911", + "url" : "https://www.ibm.com/support/pages/node/6455911", + "refsource" : "CONFIRM" + }, + { + "title" : "X-Force Vulnerability Report", + "name" : "ibm-power9-cve202120487-priv-escalation (197730)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/197730", + "refsource" : "XF" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Privileges", + "lang" : "eng" + } + ] + } + ] + } +} diff --git a/2021/20xxx/CVE-2021-20492.json b/2021/20xxx/CVE-2021-20492.json index 9846cfc70ef..ce8f246f15a 100644 --- a/2021/20xxx/CVE-2021-20492.json +++ b/2021/20xxx/CVE-2021-20492.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-20492", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "value" : "IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197793.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "S" : "U", + "C" : "H", + "A" : "L", + "SCORE" : "6.500", + "I" : "N", + "AC" : "H", + "PR" : "N", + "AV" : "N", + "UI" : "N" + } + } + }, + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "WebSphere Application Server", + "version" : { + "version_data" : [ + { + "version_value" : "8.0" + }, + { + "version_value" : "8.5" + }, + { + "version_value" : "9.0" + }, + { + "version_value" : "Liberty" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2021-05-25T00:00:00", + "ID" : "CVE-2021-20492", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6456017", + "name" : "https://www.ibm.com/support/pages/node/6456017", + "title" : "IBM Security Bulletin 6456017 (WebSphere Application Server)", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/197793", + "name" : "ibm-was-cve202120492-xxe (197793)", + "title" : "X-Force Vulnerability Report" + } + ] + } +}