diff --git a/2020/4xxx/CVE-2020-4231.json b/2020/4xxx/CVE-2020-4231.json index 31e30a48b38..a1a2c13142e 100644 --- a/2020/4xxx/CVE-2020-4231.json +++ b/2020/4xxx/CVE-2020-4231.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4231", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/6207905", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6207905 (Security Identity Governance and Intelligence)", + "url" : "https://www.ibm.com/support/pages/node/6207905" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175335", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-sig-cve20204231-sec-bypass (175335)" + } + ] + }, + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Bypass Security" + } + ] + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2020-4231", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2020-05-27T00:00:00" + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + }, + "BM" : { + "A" : "N", + "AC" : "L", + "SCORE" : "4.300", + "UI" : "N", + "PR" : "L", + "I" : "L", + "AV" : "N", + "C" : "N", + "S" : "U" + } + } + }, + "data_version" : "4.0", + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.2.6" + } + ] + }, + "product_name" : "Security Identity Governance and Intelligence" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. IBM X-Force ID: 175335.", + "lang" : "eng" + } + ] + } +} diff --git a/2020/4xxx/CVE-2020-4232.json b/2020/4xxx/CVE-2020-4232.json index 4bd822d8896..af82d00c136 100644 --- a/2020/4xxx/CVE-2020-4232.json +++ b/2020/4xxx/CVE-2020-4232.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4232", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "PR" : "N", + "UI" : "N", + "A" : "N", + "AC" : "L", + "SCORE" : "5.300", + "AV" : "N", + "C" : "L", + "S" : "U", + "I" : "N" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2020-05-27T00:00:00", + "ID" : "CVE-2020-4232", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6207906 (Security Identity Governance and Intelligence)", + "url" : "https://www.ibm.com/support/pages/node/6207906", + "name" : "https://www.ibm.com/support/pages/node/6207906" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175336", + "name" : "ibm-sig-cve20204232-info-disc (175336)" + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system. IBM X-Force ID: 175336." + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.2.6" + } + ] + }, + "product_name" : "Security Identity Governance and Intelligence" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE" +} diff --git a/2020/4xxx/CVE-2020-4233.json b/2020/4xxx/CVE-2020-4233.json index 72fba8e7fea..e42c37f0c3e 100644 --- a/2020/4xxx/CVE-2020-4233.json +++ b/2020/4xxx/CVE-2020-4233.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4233", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2020-4233", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2020-05-27T00:00:00" + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6207912 (Security Identity Governance and Intelligence)", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/6207912", + "name" : "https://www.ibm.com/support/pages/node/6207912" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175360", + "name" : "ibm-sig-cve20204233-info-disc (175360)" + } + ] + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "BM" : { + "PR" : "N", + "UI" : "N", + "SCORE" : "3.700", + "A" : "N", + "AC" : "H", + "S" : "U", + "AV" : "N", + "C" : "L", + "I" : "N" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.2.6" + } + ] + }, + "product_name" : "Security Identity Governance and Intelligence" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 175360." + } + ] + } +} diff --git a/2020/4xxx/CVE-2020-4244.json b/2020/4xxx/CVE-2020-4244.json index 62da3f3be72..b8cf42442e3 100644 --- a/2020/4xxx/CVE-2020-4244.json +++ b/2020/4xxx/CVE-2020-4244.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4244", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Security Identity Governance and Intelligence", + "version" : { + "version_data" : [ + { + "version_value" : "5.2.6" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. IBM X-Force ID: 175422." + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6207907 (Security Identity Governance and Intelligence)", + "url" : "https://www.ibm.com/support/pages/node/6207907", + "name" : "https://www.ibm.com/support/pages/node/6207907" + }, + { + "name" : "ibm-sig-cve20204244-info-disc (175422)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175422", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2020-4244", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2020-05-27T00:00:00" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "I" : "N", + "C" : "L", + "AV" : "N", + "S" : "U", + "AC" : "L", + "A" : "N", + "SCORE" : "5.300", + "PR" : "N", + "UI" : "N" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + } + } + }, + "data_version" : "4.0" +} diff --git a/2020/4xxx/CVE-2020-4245.json b/2020/4xxx/CVE-2020-4245.json index ad8e85d122d..58f0467514c 100644 --- a/2020/4xxx/CVE-2020-4245.json +++ b/2020/4xxx/CVE-2020-4245.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4245", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.2.6" + } + ] + }, + "product_name" : "Security Identity Governance and Intelligence" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 175423." + } + ] + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6207908 (Security Identity Governance and Intelligence)", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/6207908", + "name" : "https://www.ibm.com/support/pages/node/6207908" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175423", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-sig-cve20204245-info-disc (175423)" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2020-4245", + "DATE_PUBLIC" : "2020-05-27T00:00:00", + "STATE" : "PUBLIC" + }, + "impact" : { + "cvssv3" : { + "BM" : { + "SCORE" : "5.900", + "AC" : "H", + "A" : "N", + "PR" : "N", + "UI" : "N", + "I" : "N", + "S" : "U", + "C" : "H", + "AV" : "N" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + } + } + }, + "data_version" : "4.0" +} diff --git a/2020/4xxx/CVE-2020-4246.json b/2020/4xxx/CVE-2020-4246.json index 90d25f88c29..d9f93a0d514 100644 --- a/2020/4xxx/CVE-2020-4246.json +++ b/2020/4xxx/CVE-2020-4246.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4246", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "value" : "IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 175481.", + "lang" : "eng" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.2.6" + } + ] + }, + "product_name" : "Security Identity Governance and Intelligence" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "PR" : "L", + "UI" : "N", + "AC" : "L", + "A" : "L", + "SCORE" : "7.100", + "C" : "H", + "AV" : "N", + "S" : "U", + "I" : "N" + } + } + }, + "data_version" : "4.0", + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2020-05-27T00:00:00", + "ID" : "CVE-2020-4246", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/6207902", + "url" : "https://www.ibm.com/support/pages/node/6207902", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6207902 (Security Identity Governance and Intelligence)" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175481", + "name" : "ibm-sig-cve20204246-xxe (175481)" + } + ] + } +} diff --git a/2020/4xxx/CVE-2020-4249.json b/2020/4xxx/CVE-2020-4249.json index 923ab86a8b8..d6a078f9af4 100644 --- a/2020/4xxx/CVE-2020-4249.json +++ b/2020/4xxx/CVE-2020-4249.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4249", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "I" : "N", + "S" : "U", + "C" : "H", + "AV" : "N", + "SCORE" : "6.500", + "AC" : "L", + "A" : "N", + "PR" : "L", + "UI" : "N" + } + } + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/6207911", + "url" : "https://www.ibm.com/support/pages/node/6207911", + "title" : "IBM Security Bulletin 6207911 (Security Identity Governance and Intelligence)", + "refsource" : "CONFIRM" + }, + { + "name" : "ibm-sig-cve20204249-info-disc (175485)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175485", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + }, + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2020-05-27T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2020-4249" + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. IBM X-Force ID: 175485." + } + ] + }, + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.2.6" + } + ] + }, + "product_name" : "Security Identity Governance and Intelligence" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2020/4xxx/CVE-2020-4419.json b/2020/4xxx/CVE-2020-4419.json index f8c2e7bd3b8..79745a46033 100644 --- a/2020/4xxx/CVE-2020-4419.json +++ b/2020/4xxx/CVE-2020-4419.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4419", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "6.0.6" + }, + { + "version_value" : "6.0.6.1" + }, + { + "version_value" : "7.0" + } + ] + }, + "product_name" : "Jazz Reporting Service" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180071.", + "lang" : "eng" + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/6217403", + "url" : "https://www.ibm.com/support/pages/node/6217403", + "title" : "IBM Security Bulletin 6217403 (Jazz Reporting Service)", + "refsource" : "CONFIRM" + }, + { + "name" : "ibm-jazz-cve20204419-xss (180071)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/180071", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Cross-Site Scripting", + "lang" : "eng" + } + ] + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2020-05-27T00:00:00", + "ID" : "CVE-2020-4419", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "H", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "UI" : "R", + "PR" : "L", + "AC" : "L", + "A" : "N", + "SCORE" : "5.400", + "C" : "L", + "AV" : "N", + "S" : "C", + "I" : "L" + } + } + }, + "data_version" : "4.0" +}