admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-07 21:47:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2019-02-21 12:05:45 -05:00
parent dd8dbcc774
commit c850025fef
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
11 changed files with 595 additions and 607 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
2018/1xxx/CVE-2018-1944.json
View File

@ -1,39 +1,14 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153386."
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-02-18T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2018-1944",
"ASSIGNER" : "psirt@us.ibm.com"
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 0872142 (Security Identity Governance and Intelligence)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153386",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sig-cve20181944-info-disc (153386)"
}
]
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -71,11 +46,43 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153386."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "L",
"C" : "H",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.100",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
@ -88,27 +95,18 @@
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"AC" : "H",
"PR" : "N",
"I" : "N",
"AV" : "L",
"SCORE" : "5.100",
"UI" : "N",
"A" : "N",
"C" : "H"
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
{
"name" : "ibm-sig-cve20181944-info-disc(153386)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153386"
}
}
},
"data_version" : "4.0"
]
}
}

90
2018/1xxx/CVE-2018-1945.json
View File

@ -1,34 +1,10 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 153387.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1945",
"DATE_PUBLIC" : "2019-02-18T00:00:00",
"ID" : "CVE-2018-1945",
"STATE" : "PUBLIC"
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 0872142 (Security Identity Governance and Intelligence)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153387",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-sig-cve20181945-clickjacking (153387)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
@ -76,6 +52,37 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 153387."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "N",
"S" : "C",
"SCORE" : "6.100",
"UI" : "R"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
@ -88,27 +95,18 @@
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142"
},
"BM" : {
"UI" : "R",
"SCORE" : "6.100",
"C" : "L",
"A" : "N",
"I" : "L",
"PR" : "N",
"AV" : "N",
"AC" : "L",
"S" : "C"
{
"name" : "ibm-sig-cve20181945-clickjacking(153387)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153387"
}
}
},
"data_version" : "4.0"
]
}
}

78
2018/1xxx/CVE-2018-1946.json
View File

@ -1,9 +1,14 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-02-18T00:00:00",
"ID" : "CVE-2018-1946",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -41,60 +46,40 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 0872142 (Security Identity Governance and Intelligence)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"name" : "ibm-sig-cve20181946-info-disc (153388)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153388"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1946",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-02-18T00:00:00"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 153388."
"value" : "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 153388."
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"S" : "U",
"AC" : "H",
"SCORE" : "5.900",
"UI" : "N",
"C" : "H",
"A" : "N",
"PR" : "N",
"AC" : "H",
"AV" : "N",
"C" : "H",
"I" : "N",
"AV" : "N"
"PR" : "N",
"S" : "U",
"SCORE" : "5.900",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
@ -110,5 +95,18 @@
}
]
},
"data_format" : "MITRE"
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"name" : "ibm-sig-cve20181946-info-disc(153388)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153388"
}
]
}
}

102
2018/1xxx/CVE-2018-1947.json
View File

@ -1,61 +1,18 @@
{
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "H"
},
"BM" : {
"S" : "C",
"AC" : "L",
"A" : "N",
"C" : "L",
"SCORE" : "6.100",
"UI" : "R",
"AV" : "N",
"PR" : "N",
"I" : "L"
}
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153427."
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1947",
"DATE_PUBLIC" : "2019-02-18T00:00:00",
"ID" : "CVE-2018-1947",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Identity Governance and Intelligence",
"version" : {
"version_data" : [
{
@ -86,28 +43,69 @@
"version_value" : "5.2.4.1"
}
]
},
"product_name" : "Security Identity Governance and Intelligence"
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153427."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "N",
"S" : "C",
"SCORE" : "6.100",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142",
"title" : "IBM Security Bulletin 0872142 (Security Identity Governance and Intelligence)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"name" : "ibm-sig-cve20181947-xss (153427)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153427",
"name" : "ibm-sig-cve20181947-xss(153427)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153427"
}
]
}

128
2018/1xxx/CVE-2018-1948.json
View File

@ -1,77 +1,18 @@
{
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"AC" : "L",
"C" : "L",
"A" : "N",
"SCORE" : "4.300",
"UI" : "R",
"AV" : "N",
"PR" : "N",
"I" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 153428."
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-02-18T00:00:00",
"ID" : "CVE-2018-1948",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-02-18T00:00:00"
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 0872142 (Security Identity Governance and Intelligence)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153428",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sig-cve20181948-info-disc (153428)"
}
]
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Identity Governance and Intelligence",
"version" : {
"version_data" : [
{
@ -102,13 +43,70 @@
"version_value" : "5.2.4.1"
}
]
},
"product_name" : "Security Identity Governance and Intelligence"
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 153428."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "4.300",
"UI" : "R"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"name" : "ibm-sig-cve20181948-info-disc(153428)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153428"
}
]
}
}

124
2018/1xxx/CVE-2018-1949.json
View File

@ -1,74 +1,14 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "L",
"I" : "N",
"AV" : "N",
"SCORE" : "4.300",
"UI" : "N",
"A" : "N",
"C" : "L",
"S" : "U",
"AC" : "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153429.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-02-18T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2018-1949",
"ASSIGNER" : "psirt@us.ibm.com"
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 0872142 (Security Identity Governance and Intelligence)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153429",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sig-cve20181949-info-disc (153429)"
}
]
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
@ -106,9 +46,67 @@
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153429."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "4.300",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"name" : "ibm-sig-cve20181949-info-disc(153429)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153429"
}
]
}
}

96
2018/1xxx/CVE-2018-1950.json
View File

@ -1,33 +1,9 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data which could be used in further attacks against the system. IBM X-Force ID: 153430.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2018-1950",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-02-18T00:00:00"
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142",
"title" : "IBM Security Bulletin 0872142 (Security Identity Governance and Intelligence)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153430",
"name" : "ibm-sig-cve20181950-info-disc (153430)"
}
]
"DATE_PUBLIC" : "2019-02-18T00:00:00",
"ID" : "CVE-2018-1950",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
@ -36,6 +12,7 @@
"product" : {
"product_data" : [
{
"product_name" : "Security Identity Governance and Intelligence",
"version" : {
"version_data" : [
{
@ -66,8 +43,7 @@
"version_value" : "5.2.4.1"
}
]
},
"product_name" : "Security Identity Governance and Intelligence"
}
}
]
},
@ -77,6 +53,36 @@
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data which could be used in further attacks against the system. IBM X-Force ID: 153430."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "4.300",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
@ -89,26 +95,18 @@
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872142"
},
"BM" : {
"UI" : "N",
"SCORE" : "4.300",
"C" : "L",
"A" : "N",
"I" : "N",
"PR" : "L",
"AV" : "N",
"AC" : "L",
"S" : "U"
{
"name" : "ibm-sig-cve20181950-info-disc(153430)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153430"
}
}
},
"data_version" : "4.0"
]
}
}

96
2018/2xxx/CVE-2018-2006.json
View File

@ -1,90 +1,88 @@
{
"CVE_data_meta" : {
"ID" : "CVE-2018-2006",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-02-19T00:00:00"
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 794133 (Robotic Process Automation with Automation Anywhere)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10794133",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10794133"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155008",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-rpa-cve20182006-dir-traversal (155008)"
}
]
"DATE_PUBLIC" : "2019-02-19T00:00:00",
"ID" : "CVE-2018-2006",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Robotic Process Automation with Automation Anywhere",
"version" : {
"version_data" : [
{
"version_value" : "11"
}
]
},
"product_name" : "Robotic Process Automation with Automation Anywhere"
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to upload arbitrary files to the system. IBM X-Force ID: 155008."
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "File Manipulation",
"lang" : "eng"
}
]
"value" : "IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to upload arbitrary files to the system. IBM X-Force ID: 155008."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"AC" : "L",
"S" : "U",
"UI" : "N",
"SCORE" : "4.900",
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "N",
"I" : "H",
"PR" : "H",
"AV" : "N"
"S" : "U",
"SCORE" : "4.900",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_type" : "CVE"
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "File Manipulation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10794133",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10794133"
},
{
"name" : "ibm-rpa-cve20182006-dir-traversal(155008)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155008"
}
]
}
}

168
2019/1xxx/CVE-2019-1662.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-02-20T16:00:00-0800",
"ID": "CVE-2019-1662",
"STATE": "PUBLIC",
"TITLE": "Cisco Prime Collaboration Assurance Software Unauthenticated Access Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Prime Collaboration Assurance ",
"version": {
"version_data": [
{
"affected:": "<",
"version_value": "12.1 SP2"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-02-20T16:00:00-0800",
"ID" : "CVE-2019-1662",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Prime Collaboration Assurance Software Unauthenticated Access Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Prime Collaboration Assurance ",
"version" : {
"version_data" : [
{
"affected:" : "<",
"version_value" : "12.1 SP2"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the QOVR service with a valid username. A successful exploit could allow the attacker to perform actions with the privileges of the user that is used for access. This vulnerability affects Cisco PCA Software Releases prior to 12.1 SP2."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "8.2",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-287"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the QOVR service with a valid username. A successful exploit could allow the attacker to perform actions with the privileges of the user that is used for access. This vulnerability affects Cisco PCA Software Releases prior to 12.1 SP2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "8.2",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190220 Cisco Prime Collaboration Assurance Software Unauthenticated Access Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-pca-access"
}
]
},
"source": {
"advisory": "cisco-sa-20190220-pca-access",
"defect": [
[
"CSCvj07241"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190220 Cisco Prime Collaboration Assurance Software Unauthenticated Access Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-pca-access"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190220-pca-access",
"defect" : [
[
"CSCvj07241"
]
],
"discovery" : "INTERNAL"
}
}

112
2019/3xxx/CVE-2019-3474.json
View File

@ -1,93 +1,95 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-3474",
"STATE": "PUBLIC",
"TITLE": "Path traversal vulnerability in Filr web application"
"CVE_data_meta" : {
"ASSIGNER" : "security@microfocus.com",
"ID" : "CVE-2019-3474",
"STATE" : "PUBLIC",
"TITLE" : "Path traversal vulnerability in Filr web application"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Filr",
"version": {
"version_data": [
"product_name" : "Filr",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "3",
"version_value": "3.0 Security Update 6"
"affected" : "<",
"version_name" : "3",
"version_value" : "3.0 Security Update 6"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
"vendor_name" : "Micro Focus"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "This vulnerability was discovered and researched by Matias Choren from SecureAuth."
"lang" : "eng",
"value" : "This vulnerability was discovered and researched by Matias Choren from SecureAuth."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server.\nThis vulnerability affects all versions of Filr 3.x prior to Security Update 6."
"lang" : "eng",
"value" : "A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "NONE",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Path traversal [CWE-22]"
"lang" : "eng",
"value" : "Path traversal [CWE-22]"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7023726"
"name" : "https://download.novell.com/Download?buildid=nZUCSDkvpxk~",
"refsource" : "MISC",
"url" : "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
},
{
"refsource": "CONFIRM",
"url": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
"name" : "https://support.microfocus.com/kb/doc.php?id=7023726",
"refsource" : "MISC",
"url" : "https://support.microfocus.com/kb/doc.php?id=7023726"
}
]
},
"source": {
"discovery": "EXTERNAL"
"source" : {
"discovery" : "EXTERNAL"
}
}
}

112
2019/3xxx/CVE-2019-3475.json
View File

@ -1,93 +1,95 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-3475",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation in Filr famtd"
"CVE_data_meta" : {
"ASSIGNER" : "security@microfocus.com",
"ID" : "CVE-2019-3475",
"STATE" : "PUBLIC",
"TITLE" : "Local privilege escalation in Filr famtd"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Filr",
"version": {
"version_data": [
"product_name" : "Filr",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "3",
"version_value": "3.0 Security Update 6"
"affected" : "<",
"version_name" : "3",
"version_value" : "3.0 Security Update 6"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
"vendor_name" : "Micro Focus"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "This vulnerability was discovered and researched by Matias Choren from SecureAuth."
"lang" : "eng",
"value" : "This vulnerability was discovered and researched by Matias Choren from SecureAuth."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. \nThis vulnerability affects all versions of Filr 3.x prior to Security Update 6."
"lang" : "eng",
"value" : "A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 7.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Privileges, and Access Control [CWE-264]"
"lang" : "eng",
"value" : "Privileges, and Access Control [CWE-264]"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7023727"
"name" : "https://download.novell.com/Download?buildid=nZUCSDkvpxk~",
"refsource" : "MISC",
"url" : "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
},
{
"refsource": "CONFIRM",
"url": "https://download.novell.com/Download?buildid=nZUCSDkvpxk~"
"name" : "https://support.microfocus.com/kb/doc.php?id=7023727",
"refsource" : "MISC",
"url" : "https://support.microfocus.com/kb/doc.php?id=7023727"
}
]
},
"source": {
"discovery": "EXTERNAL"
"source" : {
"discovery" : "EXTERNAL"
}
}
}