admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20201012-9225

Browse Source 
Added CVE-2020-4699, CVE-2020-4779, CVE-2020-4778, CVE-2020-4772, CVE-2020-4781, CVE-2020-4780, CVE-2020-4775, CVE-2020-4773, CVE-2020-4660, CVE-2020-4776, CVE-2020-4774, CVE-2020-4661
This commit is contained in:
Scott Moore - IBM 2020-10-12 09:02:25 -04:00
parent c74d1d670a
commit c9e905ed65
No known key found for this signature in database
GPG Key ID: 8E6C411D57F2D75C
12 changed files with 1101 additions and 180 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
2020/4xxx/CVE-2020-4660.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4660",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "A",
"A" : "N",
"SCORE" : "5.300",
"PR" : "N",
"UI" : "N",
"S" : "U",
"C" : "H",
"I" : "N",
"AC" : "H"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.0.7"
}
]
},
"product_name" : "Security Access Manager"
},
{
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
},
"product_name" : "Security Verify Access"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-10-08T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4660"
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6346619",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6346619",
"title" : "IBM Security Bulletin 6346619 (Security Verify Access)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140",
"name" : "ibm-sam-cve20204660-info-disc (186140)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE"
}

112
2020/4xxx/CVE-2020-4661.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4661",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"AC" : "H",
"I" : "N",
"C" : "H",
"UI" : "N",
"S" : "U",
"PR" : "N",
"A" : "N",
"SCORE" : "5.300",
"AV" : "A"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager",
"version" : {
"version_data" : [
{
"version_value" : "9.0.7"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
},
"product_name" : "Security Verify Access"
}
]
}
}
]
}
}
]
}
},
"data_version" : "4.0",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-10-08T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4661"
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6346619",
"name" : "https://www.ibm.com/support/pages/node/6346619",
"title" : "IBM Security Bulletin 6346619 (Security Verify Access)",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142",
"refsource" : "XF",
"name" : "ibm-sam-cve20204661-info-disc (186142)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE"
}

112
2020/4xxx/CVE-2020-4699.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4699",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.0.7"
}
]
},
"product_name" : "Security Access Manager"
},
{
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
},
"product_name" : "Security Verify Access"
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947."
}
]
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"AC" : "H",
"I" : "N",
"C" : "H",
"S" : "U",
"UI" : "N",
"PR" : "N",
"SCORE" : "5.300",
"A" : "N",
"AV" : "A"
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6346619 (Security Verify Access)",
"name" : "https://www.ibm.com/support/pages/node/6346619",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6346619"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sam-cve20204699-info-disc (186947)",
"refsource" : "XF"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4699",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-10-08T00:00:00",
"STATE" : "PUBLIC"
}
}

105
2020/4xxx/CVE-2020-4772.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4772",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"I" : "N",
"C" : "H",
"S" : "U",
"UI" : "N",
"PR" : "L",
"A" : "L",
"SCORE" : "7.100",
"AV" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Curam SPM",
"version" : {
"version_data" : [
{
"version_value" : "7.0.9"
},
{
"version_value" : "7.0.10"
}
]
}
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-10-08T00:00:00",
"ID" : "CVE-2020-4772",
"ASSIGNER" : "psirt@us.ibm.com"
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6344069",
"name" : "https://www.ibm.com/support/pages/node/6344069",
"title" : "IBM Security Bulletin 6344069 (Curam SPM)",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189150",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-curam-cve20204772-xxe (189150)",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE"
}

105
2020/4xxx/CVE-2020-4773.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4773",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_type" : "CVE",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6344097",
"name" : "https://www.ibm.com/support/pages/node/6344097",
"title" : "IBM Security Bulletin 6344097 (Curam SPM)",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189151",
"refsource" : "XF",
"name" : "ibm-curam-cve20204773-csrf (189151)",
"title" : "X-Force Vulnerability Report"
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-10-08T00:00:00",
"ID" : "CVE-2020-4773",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0.9"
},
{
"version_value" : "7.0.10"
}
]
},
"product_name" : "Curam SPM"
}
]
}
}
]
}
}
]
}
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"C" : "N",
"S" : "U",
"UI" : "R",
"AC" : "L",
"I" : "H",
"A" : "N",
"SCORE" : "6.500",
"AV" : "N",
"PR" : "N"
}
}
}
}

105
2020/4xxx/CVE-2020-4774.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4774",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-10-08T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4774"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6346595",
"title" : "IBM Security Bulletin 6346595 (Curam SPM)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6346595"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-curam-cve20204774-info-disc (189152)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189152"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "L",
"UI" : "N",
"S" : "U",
"AC" : "L",
"I" : "L",
"A" : "N",
"SCORE" : "5.400",
"AV" : "N",
"PR" : "L"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information such as XML document structure and content. IBM X-Force ID: 189152.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0.9"
},
{
"version_value" : "7.0.10"
}
]
},
"product_name" : "Curam SPM"
}
]
}
}
]
}
}
]
}
},
"data_version" : "4.0"
}

105
2020/4xxx/CVE-2020-4775.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4775",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0.9"
},
{
"version_value" : "7.0.10"
}
]
},
"product_name" : "Curam SPM"
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. IBM X-Force ID: 189153.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"UI" : "R",
"S" : "C",
"C" : "L",
"I" : "L",
"AC" : "L",
"AV" : "N",
"A" : "N",
"SCORE" : "5.400",
"PR" : "L"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6346571",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6346571",
"title" : "IBM Security Bulletin 6346571 (Curam SPM)"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-curam-cve20204775-xss (189153)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189153"
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4775",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-10-08T00:00:00"
}
}

105
2020/4xxx/CVE-2020-4776.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4776",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"A" : "N",
"SCORE" : "5.300",
"PR" : "N",
"S" : "U",
"UI" : "N",
"C" : "L",
"I" : "N",
"AC" : "L"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0.9"
},
{
"version_value" : "7.0.10"
}
]
},
"product_name" : "Curam SPM"
}
]
}
}
]
}
}
]
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID: 189154."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-10-08T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4776",
"ASSIGNER" : "psirt@us.ibm.com"
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6346573",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6346573 (Curam SPM)",
"name" : "https://www.ibm.com/support/pages/node/6346573"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189154",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-curam-cve20204776-path-traversal (189154)"
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE"
}

105
2020/4xxx/CVE-2020-4778.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4778",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_type" : "CVE",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6346575",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6346575 (Curam SPM)",
"name" : "https://www.ibm.com/support/pages/node/6346575"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189156",
"name" : "ibm-curam-cve20204778-info-disc (189156)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-10-08T00:00:00",
"ID" : "CVE-2020-4778",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Curam SPM",
"version" : {
"version_data" : [
{
"version_value" : "7.0.9"
},
{
"version_value" : "7.0.10"
}
]
}
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"I" : "N",
"AC" : "H",
"UI" : "N",
"S" : "U",
"C" : "H",
"PR" : "N",
"AV" : "N",
"SCORE" : "5.900",
"A" : "N"
}
}
}
}

105
2020/4xxx/CVE-2020-4779.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4779",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"A" : "N",
"SCORE" : "8.100",
"PR" : "L",
"S" : "U",
"UI" : "N",
"C" : "H",
"I" : "H",
"AC" : "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Curam SPM",
"version" : {
"version_data" : [
{
"version_value" : "7.0.9"
},
{
"version_value" : "7.0.10"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Bypass Security",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4779",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-10-08T00:00:00",
"STATE" : "PUBLIC"
},
"data_type" : "CVE",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6346579",
"title" : "IBM Security Bulletin 6346579 (Curam SPM)",
"url" : "https://www.ibm.com/support/pages/node/6346579"
},
{
"name" : "ibm-curam-cve20204779-sec-bypass (189157)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189157"
}
]
}
}

105
2020/4xxx/CVE-2020-4780.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4780",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"ID" : "CVE-2020-4780",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-10-08T00:00:00"
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6346581",
"title" : "IBM Security Bulletin 6346581 (Curam SPM)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6346581"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189158",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-curam-cve20204780-info-disc (189158)"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"PR" : "N",
"AV" : "N",
"A" : "N",
"SCORE" : "4.300",
"I" : "N",
"AC" : "L",
"S" : "U",
"UI" : "R",
"C" : "L"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0.9"
},
{
"version_value" : "7.0.10"
}
]
},
"product_name" : "Curam SPM"
}
]
}
}
]
}
}
]
}
},
"data_version" : "4.0"
}

105
2020/4xxx/CVE-2020-4781.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4781",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"A" : "H",
"SCORE" : "6.500",
"AV" : "N",
"PR" : "L",
"C" : "N",
"UI" : "N",
"S" : "U",
"AC" : "L",
"I" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0.9"
},
{
"version_value" : "7.0.10"
}
]
},
"product_name" : "Curam SPM"
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4781",
"DATE_PUBLIC" : "2020-10-08T00:00:00",
"STATE" : "PUBLIC"
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6346585 (Curam SPM)",
"name" : "https://www.ibm.com/support/pages/node/6346585",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6346585"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189159",
"refsource" : "XF",
"name" : "ibm-curam-cve20204781-dos (189159)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE"
}