admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 11:37:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20201116-113317

Browse Source 
Added CVE-2020-4692, CVE-2020-4671, CVE-2020-4672, CVE-2020-4566, CVE-2020-4763, CVE-2020-4705, CVE-2020-4700, CVE-2020-4475, CVE-2020-4647, CVE-2020-4476, CVE-2020-4655, CVE-2020-4665
This commit is contained in:
Scott Moore - IBM 2020-11-16 11:33:17 -05:00
parent 14cea30cf2
commit cbaf11eb06
No known key found for this signature in database
GPG Key ID: 8E6C411D57F2D75C
12 changed files with 1137 additions and 180 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
2020/4xxx/CVE-2020-4475.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4475",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_version" : "4.0",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"C" : "L",
"PR" : "L",
"A" : "N",
"I" : "N",
"S" : "U",
"UI" : "N",
"AC" : "L",
"SCORE" : "4.300",
"AV" : "N"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system."
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6367963",
"title" : "IBM Security Bulletin 6367963 (Sterling B2B Integrator)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6367963"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181777",
"refsource" : "XF",
"name" : "ibm-sterling-cve20204475-info-disc (181777)"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4475",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-11-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "5.2.6.5"
},
{
"version_value" : "6.0.3.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
}
}

111
2020/4xxx/CVE-2020-4476.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4476",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_version" : "4.0",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"S" : "U",
"AC" : "L",
"UI" : "N",
"AV" : "N",
"SCORE" : "5.300",
"C" : "L",
"A" : "N",
"PR" : "N",
"I" : "N"
}
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6367971",
"title" : "IBM Security Bulletin 6367971 (Sterling File Gateway)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6367971"
},
{
"refsource" : "XF",
"name" : "ibm-sterling-cve20204476-info-disc (181778)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181778",
"title" : "X-Force Vulnerability Report"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.2.0.0"
},
{
"version_value" : "6.0.3.2"
},
{
"version_value" : "2.2.6.5"
},
{
"version_value" : "6.0.0.0"
}
]
},
"product_name" : "Sterling File Gateway"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-11-13T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4476"
}
}

111
2020/4xxx/CVE-2020-4566.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4566",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "5.2.6.0"
},
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "5.2.6.5"
},
{
"version_value" : "6.0.3.2"
}
]
}
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4566",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-11-13T00:00:00",
"STATE" : "PUBLIC"
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6367975",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6367975 (Sterling B2B Integrator)",
"url" : "https://www.ibm.com/support/pages/node/6367975"
},
{
"name" : "ibm-sterling-cve20204566-info-disc (184083)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184083",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"SCORE" : "6.500",
"UI" : "N",
"AC" : "L",
"S" : "U",
"I" : "N",
"A" : "N",
"PR" : "L",
"C" : "H"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083.",
"lang" : "eng"
}
]
}
}

111
2020/4xxx/CVE-2020-4647.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4647",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database."
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "L",
"PR" : "L",
"A" : "L",
"C" : "L",
"SCORE" : "6.300",
"AV" : "N",
"AC" : "L",
"UI" : "N",
"S" : "U"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"data_type" : "CVE",
"data_version" : "4.0",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-11-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4647"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.2.0.0"
},
{
"version_value" : "6.0.3.2"
},
{
"version_value" : "2.2.6.5"
},
{
"version_value" : "6.0.0.0"
}
]
},
"product_name" : "Sterling File Gateway"
}
]
}
}
]
}
}
]
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6367981",
"title" : "IBM Security Bulletin 6367981 (Sterling File Gateway)",
"name" : "https://www.ibm.com/support/pages/node/6367981",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"name" : "ibm-sterling-cve20204647-sql-injection (185809)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/185809",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Data Manipulation"
}
]
}
]
}
}

111
2020/4xxx/CVE-2020-4655.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4655",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6367995",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6367995",
"title" : "IBM Security Bulletin 6367995 (Sterling B2B Integrator)"
},
{
"name" : "ibm-sterling-cve20204655-sql-injection (186091)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186091"
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-11-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4655"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "5.2.6.5"
},
{
"version_value" : "6.0.3.2"
}
]
},
"product_name" : "Sterling B2B Integrator"
}
]
}
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Data Manipulation"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"SCORE" : "6.300",
"UI" : "N",
"AC" : "L",
"S" : "U",
"I" : "L",
"A" : "L",
"PR" : "L",
"C" : "L"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
}
}

111
2020/4xxx/CVE-2020-4665.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4665",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"UI" : "R",
"S" : "U",
"AV" : "N",
"SCORE" : "4.300",
"C" : "L",
"I" : "N",
"A" : "N",
"PR" : "N"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"data_type" : "CVE",
"data_version" : "4.0",
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4665",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-11-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.2.0.0"
},
{
"version_value" : "6.0.3.2"
},
{
"version_value" : "2.2.6.5"
},
{
"version_value" : "6.0.0.0"
}
]
},
"product_name" : "Sterling File Gateway"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6367997",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6367997",
"title" : "IBM Security Bulletin 6367997 (Sterling B2B Integrator)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186280",
"refsource" : "XF",
"name" : "ibm-sterling-cve20204665-info-disc (186280)"
}
]
}
}

111
2020/4xxx/CVE-2020-4671.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4671",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6368001",
"title" : "IBM Security Bulletin 6368001 (Sterling B2B Integrator)",
"name" : "https://www.ibm.com/support/pages/node/6368001",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186284",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-sterling-cve20204671-info-disc (186284)"
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-11-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4671"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "5.2.6.5"
},
{
"version_value" : "6.0.3.2"
}
]
}
}
]
}
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284."
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AV" : "N",
"SCORE" : "6.500",
"S" : "U",
"UI" : "N",
"AC" : "L",
"A" : "N",
"PR" : "L",
"I" : "N",
"C" : "H"
}
}
}
}

102
2020/4xxx/CVE-2020-4672.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4672",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6367813 (Business Automation Workflow)",
"url" : "https://www.ibm.com/support/pages/node/6367813",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6367813"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186285",
"refsource" : "XF",
"name" : "ibm-baw-cve20204672-xss (186285)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Business Automation Workflow",
"version" : {
"version_data" : [
{
"version_value" : "20.0.0.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4672",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-11-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285."
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "L",
"PR" : "L",
"A" : "N",
"I" : "L",
"S" : "C",
"UI" : "R",
"AC" : "L",
"SCORE" : "5.400",
"AV" : "N"
},
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
}
}
}
}

111
2020/4xxx/CVE-2020-4692.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4692",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-11-13T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4692"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "5.2.6.5"
},
{
"version_value" : "6.0.3.2"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6368009",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6368009",
"title" : "IBM Security Bulletin 6368009 (Sterling B2B Integrator)"
},
{
"name" : "ibm-sterling-cve20204692-info-disc (186780)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186780",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"C" : "L",
"I" : "N",
"A" : "N",
"PR" : "L",
"UI" : "N",
"AC" : "L",
"S" : "U",
"AV" : "N",
"SCORE" : "4.300"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE"
}

111
2020/4xxx/CVE-2020-4700.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4700",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6367979",
"title" : "IBM Security Bulletin 6367979 (Sterling B2B Integrator)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6367979"
},
{
"name" : "ibm-sterling-cve20204700-priv-escalation (187077)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187077",
"title" : "X-Force Vulnerability Report"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "5.2.6.5"
},
{
"version_value" : "6.0.3.2"
}
]
},
"product_name" : "Sterling B2B Integrator"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-11-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4700"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077."
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"I" : "H",
"PR" : "L",
"A" : "H",
"C" : "H",
"SCORE" : "7.500",
"AV" : "N",
"AC" : "H",
"UI" : "N",
"S" : "U"
}
}
}
}

105
2020/4xxx/CVE-2020-4705.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4705",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_version" : "4.0",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"SCORE" : "4.800",
"AC" : "L",
"UI" : "R",
"S" : "C",
"I" : "L",
"A" : "N",
"PR" : "H",
"C" : "L"
},
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
}
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6368013",
"title" : "IBM Security Bulletin 6368013 (Sterling B2B Integrator)",
"name" : "https://www.ibm.com/support/pages/node/6368013",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"name" : "ibm-sterling-cve20204705-xss (187190)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187190"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "6.0.3.2"
}
]
}
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4705",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-11-13T00:00:00",
"STATE" : "PUBLIC"
}
}

111
2020/4xxx/CVE-2020-4763.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4763",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.2.0.0"
},
{
"version_value" : "6.0.3.2"
},
{
"version_value" : "2.2.6.5"
},
{
"version_value" : "6.0.0.0"
}
]
},
"product_name" : "Sterling File Gateway"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4763",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-11-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6368025",
"url" : "https://www.ibm.com/support/pages/node/6368025",
"title" : "IBM Security Bulletin 6368025 (Sterling File Gateway)"
},
{
"name" : "ibm-sterling-cve20204763-info-disc (188897)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/188897",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"PR" : "N",
"I" : "N",
"C" : "L",
"AV" : "N",
"SCORE" : "4.300",
"S" : "U",
"AC" : "L",
"UI" : "R"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_type" : "CVE",
"data_version" : "4.0"
}