diff --git a/2016/9xxx/CVE-2016-9711.json b/2016/9xxx/CVE-2016-9711.json index 88954ecf864..40309748101 100644 --- a/2016/9xxx/CVE-2016-9711.json +++ b/2016/9xxx/CVE-2016-9711.json @@ -1,18 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9711", - "STATE" : "RESERVED" + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22014337", + "name" : "IBM Security Bulletin 2014337 (Cognos Analytics)" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/119619", + "name" : "X-Force Vulnerability Report" + } + ] + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-03-19T00:00:00", + "ID" : "CVE-2016-9711", + "STATE" : "PUBLIC" + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "SCORE" : "5.300", + "S" : "U", + "AC" : "L", + "I" : "N", + "AV" : "N", + "PR" : "N", + "C" : "L", + "UI" : "N" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Cognos Analytics", + "version" : { + "version_data" : [ + { + "version_value" : "11.0" + } + ] + } + } + ] + } + } + ] + } }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619.", + "lang" : "eng" } ] - } + }, + "data_format" : "MITRE", + "data_version" : "4.0", + "data_type" : "CVE" } diff --git a/2017/1xxx/CVE-2017-1571.json b/2017/1xxx/CVE-2017-1571.json index eb1322562a4..c4f3f4596e4 100644 --- a/2017/1xxx/CVE-2017-1571.json +++ b/2017/1xxx/CVE-2017-1571.json @@ -1,18 +1,90 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", "ID" : "CVE-2017-1571", - "STATE" : "RESERVED" + "DATE_PUBLIC" : "2018-03-14T00:00:00" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] }, - "data_format" : "MITRE", - "data_type" : "CVE", "data_version" : "4.0", + "data_format" : "MITRE", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853." } ] - } + }, + "references" : { + "reference_data" : [ + { + "name" : "IBM Security Bulletin 2012948 (DB2 for Linux, UNIX and Windows)", + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012948" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131853", + "name" : "X-Force Vulnerability Report" + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "PR" : "N", + "I" : "N", + "C" : "H", + "UI" : "N", + "A" : "N", + "AV" : "L", + "S" : "U", + "SCORE" : "5.100", + "AC" : "H" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "9.7" + }, + { + "version_value" : "11.1" + } + ] + }, + "product_name" : "DB2 for Linux, UNIX and Windows" + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, + "data_type" : "CVE" } diff --git a/2017/1xxx/CVE-2017-1677.json b/2017/1xxx/CVE-2017-1677.json index 19289b40ee5..c4b8d7060bd 100644 --- a/2017/1xxx/CVE-2017-1677.json +++ b/2017/1xxx/CVE-2017-1677.json @@ -1,18 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1677", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1)deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999.", + "lang" : "eng" } ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] + } + ] + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "ID" : "CVE-2017-1677", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2018-03-14T00:00:00" + }, + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "BM" : { + "UI" : "N", + "S" : "U", + "PR" : "N", + "SCORE" : "7.400", + "AC" : "H", + "I" : "H", + "C" : "H", + "AV" : "L", + "A" : "H" + } + } + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012896", + "name" : "IBM Security Bulletin 2012896 (DB2 for Linux, UNIX and Windows)" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133999", + "name" : "X-Force Vulnerability Report" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "DB2 for Linux, UNIX and Windows", + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "9.7" + }, + { + "version_value" : "11.1" + } + ] + } + } + ] + } + } + ] + } } } diff --git a/2017/1xxx/CVE-2017-1788.json b/2017/1xxx/CVE-2017-1788.json index 0d5aba3981b..0f57bdc2a0d 100644 --- a/2017/1xxx/CVE-2017-1788.json +++ b/2017/1xxx/CVE-2017-1788.json @@ -1,17 +1,80 @@ { + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "9" + } + ] + }, + "product_name" : "WebSphere Application Server" + } + ] + } + } + ] + } + }, + "data_type" : "CVE", "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-1788", - "STATE" : "RESERVED" + "DATE_PUBLIC" : "2018-03-14T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "impact" : { + "cvssv3" : { + "BM" : { + "PR" : "N", + "I" : "N", + "SCORE" : "5.300", + "AV" : "N", + "S" : "U", + "AC" : "L", + "A" : "N", + "UI" : "N", + "C" : "L" + } + } }, "data_format" : "MITRE", - "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012341", + "name" : "IBM Security Bulletin 2012341 (WebSphere Application Server)" + }, + { + "name" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137031" + } + ] + }, "data_version" : "4.0", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conducts spoofing attacks. IBM X-Force ID: 137031.", + "lang" : "eng" } ] } diff --git a/2017/1xxx/CVE-2017-1789.json b/2017/1xxx/CVE-2017-1789.json index 63d3becca94..85eef504223 100644 --- a/2017/1xxx/CVE-2017-1789.json +++ b/2017/1xxx/CVE-2017-1789.json @@ -1,18 +1,120 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1789", - "STATE" : "RESERVED" + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22014096", + "name" : "IBM Security Bulletin 2014096 (Tivoli Monitoring V6)" + }, + { + "name" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034" + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "AV" : "N", + "A" : "H", + "UI" : "N", + "SCORE" : "9.800", + "PR" : "N", + "S" : "U", + "I" : "H", + "C" : "H", + "AC" : "L" + } + } }, - "data_format" : "MITRE", "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034." } ] + }, + "data_format" : "MITRE", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2018-03-13T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2017-1789", + "STATE" : "PUBLIC" + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Tivoli Monitoring V6", + "version" : { + "version_data" : [ + { + "version_value" : "6.2.3" + }, + { + "version_value" : "6.3.0" + }, + { + "version_value" : "6.2.3.1" + }, + { + "version_value" : "6.2.3.2" + }, + { + "version_value" : "6.2.3.3" + }, + { + "version_value" : "6.2.3.4" + }, + { + "version_value" : "6.2.3.5" + }, + { + "version_value" : "6.3.0.1" + }, + { + "version_value" : "6.3.0.2" + }, + { + "version_value" : "6.3.0.3" + }, + { + "version_value" : "6.3.0.4" + }, + { + "version_value" : "6.3.0.5" + }, + { + "version_value" : "6.3.0.6" + }, + { + "version_value" : "6.3.0.7" + } + ] + } + } + ] + } + } + ] + } } } diff --git a/2018/1xxx/CVE-2018-1426.json b/2018/1xxx/CVE-2018-1426.json index 3c525b37e4d..e11c7eb5ec8 100644 --- a/2018/1xxx/CVE-2018-1426.json +++ b/2018/1xxx/CVE-2018-1426.json @@ -1,18 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1426", - "STATE" : "RESERVED" + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "DB2 for Linux, UNIX and Windows", + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "9.7" + }, + { + "version_value" : "11.1" + } + ] + } + } + ] + } + } + ] + } }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071." } ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "IBM Security Bulletin 2013756 (DB2 for Linux, UNIX and Windows)", + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013756" + }, + { + "name" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139071" + } + ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2018-03-15T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "ID" : "CVE-2018-1426" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "SCORE" : "7.400", + "C" : "H", + "AC" : "H", + "AV" : "N", + "I" : "H", + "PR" : "N", + "UI" : "N", + "S" : "U" + } + } } } diff --git a/2018/1xxx/CVE-2018-1427.json b/2018/1xxx/CVE-2018-1427.json index 5c3274d264e..87695edf8f8 100644 --- a/2018/1xxx/CVE-2018-1427.json +++ b/2018/1xxx/CVE-2018-1427.json @@ -1,17 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1427", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several enviornment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072." + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2018-03-15T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2018-1427" + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "9.7" + }, + { + "version_value" : "11.1" + } + ] + }, + "product_name" : "DB2 for Linux, UNIX and Windows" + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "H", + "PR" : "N", + "AC" : "L", + "SCORE" : "6.200", + "AV" : "L", + "S" : "U", + "C" : "N", + "I" : "N", + "UI" : "N" + } + } + }, + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "name" : "IBM Security Bulletin 2013756 (DB2 for Linux, UNIX and Windows)", + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013756" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139072", + "name" : "X-Force Vulnerability Report" + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Denial of Service", + "lang" : "eng" + } + ] } ] } diff --git a/2018/1xxx/CVE-2018-1428.json b/2018/1xxx/CVE-2018-1428.json index 37b6016ad79..6409919b91a 100644 --- a/2018/1xxx/CVE-2018-1428.json +++ b/2018/1xxx/CVE-2018-1428.json @@ -1,18 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1428", - "STATE" : "RESERVED" + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "H", + "UI" : "N", + "SCORE" : "6.200", + "S" : "U", + "I" : "N", + "A" : "N", + "AV" : "L", + "PR" : "N", + "AC" : "L" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013756", + "name" : "IBM Security Bulletin 2013756 (DB2 for Linux, UNIX and Windows)" + }, + { + "name" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139073" + } + ] }, - "data_format" : "MITRE", "data_type" : "CVE", + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "DB2 for Linux, UNIX and Windows", + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "9.7" + }, + { + "version_value" : "11.1" + } + ] + } + } + ] + } + } + ] + } + }, "data_version" : "4.0", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2018-03-15T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2018-1428" + }, "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073." } ] - } + }, + "data_format" : "MITRE" } diff --git a/2018/1xxx/CVE-2018-1448.json b/2018/1xxx/CVE-2018-1448.json index 2437c500e21..035a636aec4 100644 --- a/2018/1xxx/CVE-2018-1448.json +++ b/2018/1xxx/CVE-2018-1448.json @@ -1,18 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1448", - "STATE" : "RESERVED" + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "name" : "IBM Security Bulletin 2014388 (DB2 for Linux, UNIX and Windows)", + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22014388" + }, + { + "name" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140043" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "File Manipulation", + "lang" : "eng" + } + ] + } + ] }, "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140043.", + "lang" : "eng" } ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "DB2 for Linux, UNIX and Windows", + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "9.7" + }, + { + "version_value" : "11.1" + } + ] + } + } + ] + } + } + ] + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2018-1448", + "DATE_PUBLIC" : "2018-03-14T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC" + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "H", + "PR" : "N", + "SCORE" : "7.700", + "AV" : "L", + "I" : "H", + "S" : "U", + "AC" : "L", + "C" : "N", + "UI" : "N" + } + } } }