diff --git a/2020/4xxx/CVE-2020-4226.json b/2020/4xxx/CVE-2020-4226.json index 2e3b4085776..f536c690139 100644 --- a/2020/4xxx/CVE-2020-4226.json +++ b/2020/4xxx/CVE-2020-4226.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4226", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "description" : { + "description_data" : [ + { + "value" : "IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 175207.", + "lang" : "eng" + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "PR" : "N", + "A" : "N", + "I" : "N", + "C" : "H", + "AV" : "N", + "S" : "U", + "AC" : "H", + "SCORE" : "5.900", + "UI" : "N" + }, + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + } + } + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2020-05-26T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2020-4226" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "MobileFirst Platform Foundation", + "version" : { + "version_data" : [ + { + "version_value" : "8.0.0.0" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6216813", + "name" : "https://www.ibm.com/support/pages/node/6216813", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6216813 (MobileFirst Platform Foundation)" + }, + { + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175207", + "refsource" : "XF", + "name" : "ibm-worklight-cve20204226-info-disc (175207)" + } + ] + } +} diff --git a/2020/4xxx/CVE-2020-4348.json b/2020/4xxx/CVE-2020-4348.json index 6fe1175c42c..5c461d61f86 100644 --- a/2020/4xxx/CVE-2020-4348.json +++ b/2020/4xxx/CVE-2020-4348.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4348", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/6213739", + "url" : "https://www.ibm.com/support/pages/node/6213739", + "title" : "IBM Security Bulletin 6213739 (Spectrum Scale)" + }, + { + "name" : "ibm-spectrum-cve20204348-weak-sec (178414)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/178414", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2020-4348", + "DATE_PUBLIC" : "2020-05-26T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Spectrum Scale", + "version" : { + "version_data" : [ + { + "version_value" : "4.2.0.0" + }, + { + "version_value" : "5.0.0.0" + }, + { + "version_value" : "4.2.3.21" + }, + { + "version_value" : "5.0.4.4" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Access", + "lang" : "eng" + } + ] + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414" + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "I" : "H", + "PR" : "L", + "C" : "N", + "AV" : "N", + "S" : "U", + "SCORE" : "6.500", + "AC" : "L", + "UI" : "N" + }, + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + } + } + }, + "data_version" : "4.0" +} diff --git a/2020/4xxx/CVE-2020-4349.json b/2020/4xxx/CVE-2020-4349.json index 24d1f292c65..d1ce9f3bb36 100644 --- a/2020/4xxx/CVE-2020-4349.json +++ b/2020/4xxx/CVE-2020-4349.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4349", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2020-05-26T00:00:00", + "ID" : "CVE-2020-4349", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Spectrum Scale", + "version" : { + "version_data" : [ + { + "version_value" : "5.0.0" + }, + { + "version_value" : "5.0.4.4" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423.", + "lang" : "eng" + } + ] + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "I" : "N", + "PR" : "N", + "AV" : "N", + "C" : "H", + "S" : "U", + "UI" : "N", + "SCORE" : "5.900", + "AC" : "H" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + } + } + }, + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6214482", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/6214482", + "title" : "IBM Security Bulletin 6214482 (Spectrum Scale)" + }, + { + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/178423", + "name" : "ibm-spectrum-cve20204349-info-disc (178423)", + "refsource" : "XF" + } + ] + } +} diff --git a/2020/4xxx/CVE-2020-4350.json b/2020/4xxx/CVE-2020-4350.json index aa5a29736f8..e6d13d95fe6 100644 --- a/2020/4xxx/CVE-2020-4350.json +++ b/2020/4xxx/CVE-2020-4350.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4350", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6214480 (Spectrum Scale)", + "url" : "https://www.ibm.com/support/pages/node/6214480", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/6214480" + }, + { + "refsource" : "XF", + "name" : "ibm-spectrum-cve20204350-info-disc (178424)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/178424", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "value" : "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424.", + "lang" : "eng" + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "H", + "AV" : "N", + "AC" : "H", + "SCORE" : "5.900", + "UI" : "N", + "S" : "U", + "I" : "N", + "A" : "N", + "PR" : "N" + }, + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + } + } + }, + "data_version" : "4.0", + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Spectrum Scale", + "version" : { + "version_data" : [ + { + "version_value" : "5.0.0" + }, + { + "version_value" : "5.0.4.4" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2020-4350", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2020-05-26T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + } +} diff --git a/2020/4xxx/CVE-2020-4357.json b/2020/4xxx/CVE-2020-4357.json index e56a5e34e53..9ea880cdc86 100644 --- a/2020/4xxx/CVE-2020-4357.json +++ b/2020/4xxx/CVE-2020-4357.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4357", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6214478 (Spectrum Scale)", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/6214478", + "url" : "https://www.ibm.com/support/pages/node/6214478" + }, + { + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-spectrum-cve20204357-info-disc (178761)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/178761" + } + ] + }, + "data_type" : "CVE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.0.0" + }, + { + "version_value" : "5.0.4.4" + } + ] + }, + "product_name" : "Spectrum Scale" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2020-05-26T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2020-4357", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761." + } + ] + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + }, + "BM" : { + "A" : "N", + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "4.300", + "UI" : "N", + "AC" : "L", + "C" : "L", + "AV" : "N" + } + } + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + } +} diff --git a/2020/4xxx/CVE-2020-4358.json b/2020/4xxx/CVE-2020-4358.json index 0a95caa2dc4..b016c754e08 100644 --- a/2020/4xxx/CVE-2020-4358.json +++ b/2020/4xxx/CVE-2020-4358.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4358", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/6214481", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/6214481", + "title" : "IBM Security Bulletin 6214481 (Spectrum Scale)" + }, + { + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/178762", + "refsource" : "XF", + "name" : "ibm-spectrum-cve20204358-xss (178762)" + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178762.", + "lang" : "eng" + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "H", + "RL" : "O" + }, + "BM" : { + "PR" : "L", + "I" : "L", + "A" : "N", + "C" : "L", + "AV" : "N", + "AC" : "L", + "SCORE" : "5.400", + "UI" : "R", + "S" : "C" + } + } + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2020-05-26T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2020-4358", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.0.0" + }, + { + "version_value" : "5.0.4.4" + } + ] + }, + "product_name" : "Spectrum Scale" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2020/4xxx/CVE-2020-4378.json b/2020/4xxx/CVE-2020-4378.json index a68bec5f159..8d916cf44a1 100644 --- a/2020/4xxx/CVE-2020-4378.json +++ b/2020/4xxx/CVE-2020-4378.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4378", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6214484", + "name" : "https://www.ibm.com/support/pages/node/6214484", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6214484 (Spectrum Scale)" + }, + { + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-spectrum-cve20204378-sec-bypass (179157)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/179157" + } + ] + }, + "data_type" : "CVE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.0.0" + }, + { + "version_value" : "5.0.4.4" + } + ] + }, + "product_name" : "Spectrum Scale" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2020-05-26T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2020-4378", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + }, + "BM" : { + "S" : "U", + "UI" : "N", + "SCORE" : "4.900", + "AC" : "L", + "C" : "N", + "AV" : "N", + "A" : "N", + "I" : "H", + "PR" : "H" + } + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. IBM X-Force ID: 179157.", + "lang" : "eng" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Bypass Security" + } + ] + } + ] + }, + "data_format" : "MITRE" +} diff --git a/2020/4xxx/CVE-2020-4379.json b/2020/4xxx/CVE-2020-4379.json index 53738d67396..e2bddc868c3 100644 --- a/2020/4xxx/CVE-2020-4379.json +++ b/2020/4xxx/CVE-2020-4379.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4379", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/6214483", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/6214483", + "title" : "IBM Security Bulletin 6214483 (Spectrum Scale)" + }, + { + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/179158", + "refsource" : "XF", + "name" : "ibm-spectrum-cve20204379-info-disc (179158)" + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158.", + "lang" : "eng" + } + ] + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "BM" : { + "AV" : "N", + "C" : "H", + "AC" : "H", + "SCORE" : "5.900", + "UI" : "N", + "S" : "U", + "PR" : "N", + "I" : "N", + "A" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2020-4379", + "DATE_PUBLIC" : "2020-05-26T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.0.0" + }, + { + "version_value" : "5.0.4.4" + } + ] + }, + "product_name" : "Spectrum Scale" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +}