admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-05-20 16:00:42 +00:00
parent f48d361314
commit ca7be7db90
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
15 changed files with 1089 additions and 746 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2020/21xxx/CVE-2020-21054.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21054",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized \"f\" variable in app\\vars\\vars_textarea.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-xss-21/",
"refsource": "MISC",
"name": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-xss-21/"
},
{
"url": "https://github.com/fusionpbx/fusionpbx/commit/2489004c7b7e0b14e21cd86cedaab87fed209415",
"refsource": "MISC",
"name": "https://github.com/fusionpbx/fusionpbx/commit/2489004c7b7e0b14e21cd86cedaab87fed209415"
}
]
}

61
2020/21xxx/CVE-2020-21055.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21055",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\\edit\\filerename.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-6/",
"refsource": "MISC",
"name": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-6/"
},
{
"url": "https://github.com/fusionpbx/fusionpbx/commit/1a88ca61a744914d3336cc15a40fb3edbcde9085",
"refsource": "MISC",
"name": "https://github.com/fusionpbx/fusionpbx/commit/1a88ca61a744914d3336cc15a40fb3edbcde9085"
}
]
}

61
2020/21xxx/CVE-2020-21056.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21056",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\\edit\\foldernew.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-5/",
"refsource": "MISC",
"name": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-5/"
},
{
"url": "https://github.com/fusionpbx/fusionpbx/commit/cad71240dee2a82cd5766dd67039a87849031aaa",
"refsource": "MISC",
"name": "https://github.com/fusionpbx/fusionpbx/commit/cad71240dee2a82cd5766dd67039a87849031aaa"
}
]
}

61
2020/21xxx/CVE-2020-21057.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21057",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-4/",
"refsource": "MISC",
"name": "https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-4/"
},
{
"url": "https://github.com/fusionpbx/fusionpbx/commit/026c3958c3c7ca6b2ff067addc991aac8f41cf11",
"refsource": "MISC",
"name": "https://github.com/fusionpbx/fusionpbx/commit/026c3958c3c7ca6b2ff067addc991aac8f41cf11"
}
]
}

61
2020/35xxx/CVE-2020-35580.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35580",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin's API key and the base64 encoded SHA1 password hashes of other SearchBlox users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.searchblox.com/docs/getting-started-with-searchblox",
"refsource": "MISC",
"name": "https://developer.searchblox.com/docs/getting-started-with-searchblox"
},
{
"refsource": "MISC",
"name": "https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html",
"url": "https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html"
}
]
}

182
2020/4xxx/CVE-2020-4850.json
View File

@ -1,93 +1,93 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"UI" : "N",
"PR" : "N",
"A" : "N",
"SCORE" : "4.000",
"AV" : "L",
"I" : "N",
"AC" : "L",
"C" : "L",
"S" : "U"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-05-19T00:00:00",
"ID" : "CVE-2020-4850",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6454787 (Spectrum Scale)",
"name" : "https://www.ibm.com/support/pages/node/6454787",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6454787"
},
{
"name" : "ibm-spectrum-cve20204850-info-disc (190298)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190298"
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.1.1.0"
},
{
"version_value" : "1.1.8.4"
}
]
},
"product_name" : "Spectrum Scale"
}
]
}
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"UI": "N",
"PR": "N",
"A": "N",
"SCORE": "4.000",
"AV": "L",
"I": "N",
"AC": "L",
"C": "L",
"S": "U"
}
]
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote attacker to obtain sensitive information, caused by the leftover files after configuration. IBM X-Force ID: 190298."
}
]
},
"data_type" : "CVE"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2021-05-19T00:00:00",
"ID": "CVE-2020-4850",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6454787 (Spectrum Scale)",
"name": "https://www.ibm.com/support/pages/node/6454787",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6454787"
},
{
"name": "ibm-spectrum-cve20204850-info-disc (190298)",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190298"
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.1.1.0"
},
{
"version_value": "1.1.8.4"
}
]
},
"product_name": "Spectrum Scale"
}
]
}
}
]
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote attacker to obtain sensitive information, caused by the leftover files after configuration. IBM X-Force ID: 190298."
}
]
},
"data_type": "CVE"
}

50
2021/27xxx/CVE-2021-27432.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27432",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OPC Foundation OPC UA .NET Standard and OPC UA .NET Legacy",
"version": {
"version_data": [
{
"version_value": "OPC UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED RECURSION CWE-674"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow."
}
]
}

174
2021/29xxx/CVE-2021-29682.json
View File

@ -1,90 +1,90 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997"
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6454587 (Security Identity Manager)",
"name" : "https://www.ibm.com/support/pages/node/6454587",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6454587"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199997",
"name" : "ibm-sim-cve202129682-info-disc (199997)",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"PR" : "N",
"UI" : "N",
"S" : "U",
"C" : "L",
"SCORE" : "5.300",
"AV" : "N",
"A" : "N",
"AC" : "L",
"I" : "N"
}
}
},
"CVE_data_meta" : {
"ID" : "CVE-2021-29682",
"DATE_PUBLIC" : "2021-05-19T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Security Identity Manager"
}
]
}
"lang": "eng",
"value": "IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997"
}
]
}
}
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6454587 (Security Identity Manager)",
"name": "https://www.ibm.com/support/pages/node/6454587",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199997",
"name": "ibm-sim-cve202129682-info-disc (199997)",
"title": "X-Force Vulnerability Report"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"PR": "N",
"UI": "N",
"S": "U",
"C": "L",
"SCORE": "5.300",
"AV": "N",
"A": "N",
"AC": "L",
"I": "N"
}
}
},
"CVE_data_meta": {
"ID": "CVE-2021-29682",
"DATE_PUBLIC": "2021-05-19T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.0.2"
}
]
},
"product_name": "Security Identity Manager"
}
]
}
}
]
}
}
}

172
2021/29xxx/CVE-2021-29683.json
View File

@ -1,90 +1,90 @@
{
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998."
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Identity Manager",
"version" : {
"version_data" : [
{
"version_value" : "7.0.2"
}
]
}
}
]
}
"lang": "eng",
"value": "IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998."
}
]
}
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6454587",
"title" : "IBM Security Bulletin 6454587 (Security Identity Manager)",
"name" : "https://www.ibm.com/support/pages/node/6454587"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sim-cve202129683-info-disc (199998)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199998"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2021-29683",
"DATE_PUBLIC" : "2021-05-19T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "7.0.2"
}
]
}
}
]
}
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"PR" : "L",
"SCORE" : "5.300",
"AV" : "N",
"A" : "N",
"AC" : "H",
"I" : "N",
"C" : "H",
"S" : "U"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
}
}
}
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6454587",
"title": "IBM Security Bulletin 6454587 (Security Identity Manager)",
"name": "https://www.ibm.com/support/pages/node/6454587"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-sim-cve202129683-info-disc (199998)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199998"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2021-29683",
"DATE_PUBLIC": "2021-05-19T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"PR": "L",
"SCORE": "5.300",
"AV": "N",
"A": "N",
"AC": "H",
"I": "N",
"C": "H",
"S": "U"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
}
}

172
2021/29xxx/CVE-2021-29686.json
View File

@ -1,90 +1,90 @@
{
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Identity Manager",
"version" : {
"version_data" : [
{
"version_value" : "7.0.2"
}
]
}
}
]
}
"value": "IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015",
"lang": "eng"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Bypass Security",
"lang" : "eng"
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "7.0.2"
}
]
}
}
]
}
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-29686",
"DATE_PUBLIC" : "2021-05-19T00:00:00"
},
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "L",
"UI" : "N",
"C" : "L",
"S" : "U",
"AV" : "N",
"SCORE" : "5.400",
"A" : "N",
"AC" : "L",
"I" : "L"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6454587",
"title" : "IBM Security Bulletin 6454587 (Security Identity Manager)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6454587"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sim-cve202129686-sec-bypass (200015)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/200015",
"refsource" : "XF"
}
]
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Bypass Security",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-29686",
"DATE_PUBLIC": "2021-05-19T00:00:00"
},
"impact": {
"cvssv3": {
"BM": {
"PR": "L",
"UI": "N",
"C": "L",
"S": "U",
"AV": "N",
"SCORE": "5.400",
"A": "N",
"AC": "L",
"I": "L"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6454587",
"title": "IBM Security Bulletin 6454587 (Security Identity Manager)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-sim-cve202129686-sec-bypass (200015)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200015",
"refsource": "XF"
}
]
}
}

174
2021/29xxx/CVE-2021-29687.json
View File

@ -1,90 +1,90 @@
{
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6454605",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6454605",
"title" : "IBM Security Bulletin 6454605 (Security Identity Manager)"
},
{
"name" : "ibm-sim-cve202129687-info-disc (200018)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/200018",
"refsource" : "XF"
}
]
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"A" : "N",
"SCORE" : "3.700",
"AV" : "N",
"I" : "N",
"AC" : "H",
"C" : "L",
"S" : "U",
"UI" : "N",
"PR" : "N"
}
}
},
"CVE_data_meta" : {
"ID" : "CVE-2021-29687",
"DATE_PUBLIC" : "2021-05-19T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Identity Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
}
]
}
}
]
}
"url": "https://www.ibm.com/support/pages/node/6454605",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6454605",
"title": "IBM Security Bulletin 6454605 (Security Identity Manager)"
},
{
"name": "ibm-sim-cve202129687-info-disc (200018)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200018",
"refsource": "XF"
}
]
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018",
"lang" : "eng"
}
]
},
"data_type" : "CVE"
}
]
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"A": "N",
"SCORE": "3.700",
"AV": "N",
"I": "N",
"AC": "H",
"C": "L",
"S": "U",
"UI": "N",
"PR": "N"
}
}
},
"CVE_data_meta": {
"ID": "CVE-2021-29687",
"DATE_PUBLIC": "2021-05-19T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"value": "IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018",
"lang": "eng"
}
]
},
"data_type": "CVE"
}

190
2021/29xxx/CVE-2021-29688.json
View File

@ -1,99 +1,99 @@
{
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Identity Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "7.0.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102."
}
]
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2021-29688",
"DATE_PUBLIC" : "2021-05-19T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"PR" : "N",
"UI" : "N",
"S" : "U",
"C" : "L",
"A" : "N",
"AV" : "N",
"SCORE" : "5.300",
"I" : "N",
"AC" : "L"
}
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6454587",
"name" : "https://www.ibm.com/support/pages/node/6454587",
"title" : "IBM Security Bulletin 6454587 (Security Identity Manager)"
},
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6454605",
"title" : "IBM Security Bulletin 6454605 (Security Identity Manager)",
"name" : "https://www.ibm.com/support/pages/node/6454605"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sim-cve202129688-info-disc (200102)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/200102"
}
]
},
"data_version" : "4.0"
}
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"ID": "CVE-2021-29688",
"DATE_PUBLIC": "2021-05-19T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"PR": "N",
"UI": "N",
"S": "U",
"C": "L",
"A": "N",
"AV": "N",
"SCORE": "5.300",
"I": "N",
"AC": "L"
}
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6454587",
"name": "https://www.ibm.com/support/pages/node/6454587",
"title": "IBM Security Bulletin 6454587 (Security Identity Manager)"
},
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6454605",
"title": "IBM Security Bulletin 6454605 (Security Identity Manager)",
"name": "https://www.ibm.com/support/pages/node/6454605"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-sim-cve202129688-info-disc (200102)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200102"
}
]
},
"data_version": "4.0"
}

174
2021/29xxx/CVE-2021-29691.json
View File

@ -1,90 +1,90 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252."
}
]
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2021-29691",
"DATE_PUBLIC" : "2021-05-19T00:00:00"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"C" : "H",
"S" : "U",
"I" : "N",
"AC" : "H",
"A" : "N",
"AV" : "N",
"SCORE" : "5.900",
"PR" : "N",
"UI" : "N"
}
}
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6454587",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6454587 (Security Identity Manager)",
"name" : "https://www.ibm.com/support/pages/node/6454587"
},
{
"name" : "ibm-sim-cve202129691-info-disc (200252)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/200252",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Security Identity Manager"
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252."
}
]
}
}
}
]
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2021-29691",
"DATE_PUBLIC": "2021-05-19T00:00:00"
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"C": "H",
"S": "U",
"I": "N",
"AC": "H",
"A": "N",
"AV": "N",
"SCORE": "5.900",
"PR": "N",
"UI": "N"
}
}
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6454587",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6454587 (Security Identity Manager)",
"name": "https://www.ibm.com/support/pages/node/6454587"
},
{
"name": "ibm-sim-cve202129691-info-disc (200252)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200252",
"refsource": "XF"
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.0.2"
}
]
},
"product_name": "Security Identity Manager"
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

176
2021/29xxx/CVE-2021-29692.json
View File

@ -1,90 +1,90 @@
{
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Security Identity Manager"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6454587 (Security Identity Manager)",
"name" : "https://www.ibm.com/support/pages/node/6454587",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6454587"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/200253",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sim-cve202129692-info-disc (200253)"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-05-19T00:00:00",
"ID" : "CVE-2021-29692"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.0.2"
}
]
},
"product_name": "Security Identity Manager"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"C" : "L",
"S" : "U",
"I" : "N",
"AC" : "H",
"A" : "N",
"AV" : "N",
"SCORE" : "3.100",
"PR" : "N",
"UI" : "R"
}
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 200253.",
"lang" : "eng"
}
]
}
}
}
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6454587 (Security Identity Manager)",
"name": "https://www.ibm.com/support/pages/node/6454587",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200253",
"title": "X-Force Vulnerability Report",
"name": "ibm-sim-cve202129692-info-disc (200253)"
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-05-19T00:00:00",
"ID": "CVE-2021-29692"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"C": "L",
"S": "U",
"I": "N",
"AC": "H",
"A": "N",
"AV": "N",
"SCORE": "3.100",
"PR": "N",
"UI": "R"
}
}
},
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 200253.",
"lang": "eng"
}
]
}
}

66
2021/3xxx/CVE-2021-3313.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3313",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-3313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://plone.org/download/releases/5.2.3",
"refsource": "MISC",
"name": "https://plone.org/download/releases/5.2.3"
},
{
"refsource": "MISC",
"name": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt",
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt"
},
{
"refsource": "MISC",
"name": "https://plone.org/security/hotfix/20210518",
"url": "https://plone.org/security/hotfix/20210518"
}
]
}