admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-08-20 19:00:53 +00:00
parent f3c765e02f
commit cc705ec8f1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
34 changed files with 2734 additions and 2450 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2016/3xxx/CVE-2016-3977.json
View File

@ -91,6 +91,11 @@
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1325771",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1325771"
},
{
"refsource": "UBUNTU",
"name": "USN-4107-1",
"url": "https://usn.ubuntu.com/4107-1/"
}
]
}

5
2018/11xxx/CVE-2018-11490.json
View File

@ -61,6 +61,11 @@
"name": "https://github.com/pts/sam2p/issues/38",
"refsource": "MISC",
"url": "https://github.com/pts/sam2p/issues/38"
},
{
"refsource": "UBUNTU",
"name": "USN-4107-1",
"url": "https://usn.ubuntu.com/4107-1/"
}
]
}

172
2018/1xxx/CVE-2018-1630.json
View File

@ -1,90 +1,90 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"title" : "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144430",
"name" : "ibm-informix-cve20181630-priv-escalation (144430)"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "L",
"SCORE" : "8.200",
"A" : "H",
"I" : "H",
"PR" : "H",
"C" : "H",
"AC" : "L",
"S" : "C",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_type" : "CVE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Informix Dynamic Server Enterprise Edition",
"version" : {
"version_data" : [
{
"version_value" : "12.1"
}
]
}
}
]
}
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"title": "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144430",
"name": "ibm-informix-cve20181630-priv-escalation (144430)"
}
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1630",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-08-07T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AV": "L",
"SCORE": "8.200",
"A": "H",
"I": "H",
"PR": "H",
"C": "H",
"AC": "L",
"S": "C",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Informix Dynamic Server Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "12.1"
}
]
}
}
]
}
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430.",
"lang" : "eng"
}
]
}
}
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2018-1630",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-08-07T00:00:00"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430.",
"lang": "eng"
}
]
}
}

174
2018/1xxx/CVE-2018-1631.json
View File

@ -1,90 +1,90 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2018-1631",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-08-07T00:00:00"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "12.1"
}
]
},
"product_name" : "Informix Dynamic Server Enterprise Edition"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "H",
"PR" : "H",
"C" : "H",
"AC" : "L",
"UI" : "N",
"S" : "C",
"SCORE" : "8.200",
"AV" : "L",
"A" : "H"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"title" : "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144431",
"name" : "ibm-informix-cve20181631-priv-escalation (144431)",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"data_format" : "MITRE"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2018-1631",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-07T00:00:00"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "12.1"
}
]
},
"product_name": "Informix Dynamic Server Enterprise Edition"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"impact": {
"cvssv3": {
"BM": {
"I": "H",
"PR": "H",
"C": "H",
"AC": "L",
"UI": "N",
"S": "C",
"SCORE": "8.200",
"AV": "L",
"A": "H"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"references": {
"reference_data": [
{
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"refsource": "CONFIRM",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"title": "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144431",
"name": "ibm-informix-cve20181631-priv-escalation (144431)",
"refsource": "XF"
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"data_format": "MITRE"
}

176
2018/1xxx/CVE-2018-1632.json
View File

@ -1,90 +1,90 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Informix Dynamic Server Enterprise Edition",
"version" : {
"version_data" : [
{
"version_value" : "12.1"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2018-1632",
"DATE_PUBLIC" : "2019-08-07T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Informix Dynamic Server Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "12.1"
}
]
}
}
]
}
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144432",
"name" : "ibm-informix-cve20181632-priv-escalation (144432)"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"UI" : "N",
"S" : "C",
"AC" : "L",
"C" : "H",
"PR" : "H",
"I" : "H",
"A" : "H",
"SCORE" : "8.200",
"AV" : "L"
}
}
},
"data_version" : "4.0"
}
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2018-1632",
"DATE_PUBLIC": "2019-08-07T00:00:00"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.",
"lang": "eng"
}
]
},
"data_format": "MITRE",
"data_type": "CVE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144432",
"name": "ibm-informix-cve20181632-priv-escalation (144432)"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"UI": "N",
"S": "C",
"AC": "L",
"C": "H",
"PR": "H",
"I": "H",
"A": "H",
"SCORE": "8.200",
"AV": "L"
}
}
},
"data_version": "4.0"
}

174
2018/1xxx/CVE-2018-1633.json
View File

@ -1,90 +1,90 @@
{
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"title" : "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144434",
"name" : "ibm-informix-cve20181633-priv-escalation (144434)",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"A" : "H",
"AV" : "L",
"SCORE" : "8.200",
"PR" : "H",
"C" : "H",
"I" : "H",
"AC" : "L",
"S" : "C",
"UI" : "N"
}
}
},
"data_type" : "CVE",
"data_version" : "4.0",
"data_format" : "MITRE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-08-07T00:00:00",
"ID" : "CVE-2018-1633",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Informix Dynamic Server Enterprise Edition",
"version" : {
"version_data" : [
{
"version_value" : "12.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"title": "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144434",
"name": "ibm-informix-cve20181633-priv-escalation (144434)",
"title": "X-Force Vulnerability Report"
}
]
}
}
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"A": "H",
"AV": "L",
"SCORE": "8.200",
"PR": "H",
"C": "H",
"I": "H",
"AC": "L",
"S": "C",
"UI": "N"
}
}
},
"data_type": "CVE",
"data_version": "4.0",
"data_format": "MITRE",
"CVE_data_meta": {
"DATE_PUBLIC": "2019-08-07T00:00:00",
"ID": "CVE-2018-1633",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Informix Dynamic Server Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "12.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

176
2018/1xxx/CVE-2018-1634.json
View File

@ -1,90 +1,90 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "12.1"
}
]
},
"product_name" : "Informix Dynamic Server Enterprise Edition"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "12.1"
}
]
},
"product_name": "Informix Dynamic Server Enterprise Edition"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-08-07T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2018-1634"
},
"data_format" : "MITRE",
"data_version" : "4.0",
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144437",
"name" : "ibm-informix-cve20181634-priv-escalation (144437)",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "L",
"SCORE" : "8.200",
"A" : "H",
"S" : "C",
"UI" : "N",
"AC" : "L",
"I" : "H",
"C" : "H",
"PR" : "H"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
}
}
}
},
"description": {
"description_data": [
{
"value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2019-08-07T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2018-1634"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144437",
"name": "ibm-informix-cve20181634-priv-escalation (144437)",
"title": "X-Force Vulnerability Report"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AV": "L",
"SCORE": "8.200",
"A": "H",
"S": "C",
"UI": "N",
"AC": "L",
"I": "H",
"C": "H",
"PR": "H"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
}
}

174
2018/1xxx/CVE-2018-1635.json
View File

@ -1,90 +1,90 @@
{
"data_version" : "4.0",
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"title" : "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144439",
"name" : "ibm-informix-cve20181635-bo (144439)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "H",
"PR" : "H",
"I" : "H",
"UI" : "N",
"S" : "C",
"AC" : "L",
"A" : "H",
"AV" : "L",
"SCORE" : "8.200"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-08-07T00:00:00",
"ID" : "CVE-2018-1635",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"data_type": "CVE",
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "12.1"
}
]
},
"product_name" : "Informix Dynamic Server Enterprise Edition"
}
]
},
"vendor_name" : "IBM"
"refsource": "CONFIRM",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"title": "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144439",
"name": "ibm-informix-cve20181635-bo (144439)",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
}
}
}
]
},
"impact": {
"cvssv3": {
"BM": {
"C": "H",
"PR": "H",
"I": "H",
"UI": "N",
"S": "C",
"AC": "L",
"A": "H",
"AV": "L",
"SCORE": "8.200"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"value": "Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2019-08-07T00:00:00",
"ID": "CVE-2018-1635",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "12.1"
}
]
},
"product_name": "Informix Dynamic Server Enterprise Edition"
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

174
2018/1xxx/CVE-2018-1636.json
View File

@ -1,90 +1,90 @@
{
"description" : {
"description_data" : [
{
"value" : "Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2018-1636",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-08-07T00:00:00"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "12.1"
}
]
},
"product_name" : "Informix Dynamic Server Enterprise Edition"
}
]
},
"vendor_name" : "IBM"
"value": "Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441.",
"lang": "eng"
}
]
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"title" : "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144441",
"name" : "ibm-informix-cve20181636-bo (144441)",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"UI" : "N",
"S" : "C",
"PR" : "H",
"C" : "H",
"I" : "H",
"A" : "H",
"SCORE" : "8.200",
"AV" : "L"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_format" : "MITRE"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"ID": "CVE-2018-1636",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-07T00:00:00"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "12.1"
}
]
},
"product_name": "Informix Dynamic Server Enterprise Edition"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_version": "4.0",
"data_type": "CVE",
"references": {
"reference_data": [
{
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"refsource": "CONFIRM",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"title": "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144441",
"name": "ibm-informix-cve20181636-bo (144441)",
"title": "X-Force Vulnerability Report"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"UI": "N",
"S": "C",
"PR": "H",
"C": "H",
"I": "H",
"A": "H",
"SCORE": "8.200",
"AV": "L"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"data_format": "MITRE"
}

176
2018/1xxx/CVE-2018-1796.json
View File

@ -1,90 +1,90 @@
{
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"I" : "H",
"C" : "H",
"PR" : "L",
"UI" : "N",
"S" : "U",
"AC" : "L",
"SCORE" : "7.800",
"AV" : "L",
"A" : "H"
}
}
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"title" : "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)"
},
{
"name" : "ibm-informix-cve20181796-priv-escalation (149426)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149426",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2018-1796",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-08-07T00:00:00"
},
"description" : {
"description_data" : [
{
"value" : "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "12.1"
}
]
},
"product_name" : "Informix Dynamic Server Enterprise Edition"
}
]
}
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"I": "H",
"C": "H",
"PR": "L",
"UI": "N",
"S": "U",
"AC": "L",
"SCORE": "7.800",
"AV": "L",
"A": "H"
}
]
}
}
}
}
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"title": "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)"
},
{
"name": "ibm-informix-cve20181796-priv-escalation (149426)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149426",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"data_version": "4.0",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2018-1796",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-07T00:00:00"
},
"description": {
"description_data": [
{
"value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "12.1"
}
]
},
"product_name": "Informix Dynamic Server Enterprise Edition"
}
]
}
}
]
}
}
}

50
2019/10xxx/CVE-2019-10745.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10745",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "assign-deep",
"version": {
"version_data": [
{
"version_value": "All versions prior to 0.4.8 and version 1.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://snyk.io/vuln/SNYK-JS-ASSIGNDEEP-450211",
"url": "https://snyk.io/vuln/SNYK-JS-ASSIGNDEEP-450211"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a _proto_ payload."
}
]
}

5
2019/14xxx/CVE-2019-14795.json
View File

@ -61,6 +61,11 @@
"url": "https://www.pluginvulnerabilities.com/2019/05/16/is-this-authenticated-persistent-cross-site-scripting-xss-vulnerability-what-hackers-would-be-interested-in-toggle-the-title-for/",
"refsource": "MISC",
"name": "https://www.pluginvulnerabilities.com/2019/05/16/is-this-authenticated-persistent-cross-site-scripting-xss-vulnerability-what-hackers-would-be-interested-in-toggle-the-title-for/"
},
{
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/9516",
"url": "https://wpvulndb.com/vulnerabilities/9516"
}
]
}

5
2019/14xxx/CVE-2019-14796.json
View File

@ -61,6 +61,11 @@
"url": "https://www.pluginvulnerabilities.com/2019/05/16/is-this-authenticated-persistent-cross-site-scripting-xss-vulnerability-what-hackers-would-be-interested-in-woocommerce-products-price-bulk-edit-for/",
"refsource": "MISC",
"name": "https://www.pluginvulnerabilities.com/2019/05/16/is-this-authenticated-persistent-cross-site-scripting-xss-vulnerability-what-hackers-would-be-interested-in-woocommerce-products-price-bulk-edit-for/"
},
{
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/9515",
"url": "https://wpvulndb.com/vulnerabilities/9515"
}
]
}

5
2019/15xxx/CVE-2019-15133.json
View File

@ -56,6 +56,11 @@
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13008",
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13008"
},
{
"refsource": "UBUNTU",
"name": "USN-4107-1",
"url": "https://usn.ubuntu.com/4107-1/"
}
]
}

3
2019/3xxx/CVE-2019-3753.json
View File

@ -1,7 +1,7 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-16T04:00:00.000Z",
"DATE_PUBLIC": "2019-08-16T04:00:00.000Z",
"ID": "CVE-2019-3753",
"STATE": "PUBLIC"
},
@ -130,6 +130,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.dell.com/support/article/sln318359/",
"url": "https://www.dell.com/support/article/sln318359/"
}
]

58
2019/3xxx/CVE-2019-3968.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3968",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3968",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenEMR",
"version": {
"version_data": [
{
"version_value": "5.0.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2019-40",
"url": "https://www.tenable.com/security/research/tra-2019-40"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form."
}
]
}

192
2019/4xxx/CVE-2019-4049.json
View File

@ -1,99 +1,99 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"I" : "N",
"UI" : "N",
"SCORE" : "6.200",
"AV" : "L",
"S" : "U",
"AC" : "L",
"A" : "H",
"C" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.1.0.0"
},
{
"version_value" : "9.1.0.1"
},
{
"version_value" : "9.1.1"
},
{
"version_value" : "9.1.0.2"
}
]
},
"product_name" : "MQ"
}
]
}
"description": [
{
"value": "Denial of Service",
"lang": "eng"
}
]
}
]
}
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10870490",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10870490",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 870490 (MQ)"
},
{
"name" : "ibm-websphere-cve20194049-dos (156398)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/156398",
"refsource" : "XF"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4049",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-08-05T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398."
}
]
}
}
]
},
"impact": {
"cvssv3": {
"BM": {
"PR": "N",
"I": "N",
"UI": "N",
"SCORE": "6.200",
"AV": "L",
"S": "U",
"AC": "L",
"A": "H",
"C": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "9.1.0.0"
},
{
"version_value": "9.1.0.1"
},
{
"version_value": "9.1.1"
},
{
"version_value": "9.1.0.2"
}
]
},
"product_name": "MQ"
}
]
}
}
]
}
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10870490",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870490",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 870490 (MQ)"
},
{
"name": "ibm-websphere-cve20194049-dos (156398)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156398",
"refsource": "XF"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4049",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-08-05T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398."
}
]
}
}

182
2019/4xxx/CVE-2019-4117.json
View File

@ -1,93 +1,93 @@
{
"data_type" : "CVE",
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "N",
"A" : "N",
"AC" : "L",
"S" : "U",
"AV" : "N",
"UI" : "R",
"SCORE" : "4.300",
"PR" : "N",
"I" : "L"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-08-13T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4117"
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10878396",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10878396",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 878396 (Cloud Private)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158116",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-cloud-cve20194117-csrf (158116)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Cloud Private",
"version" : {
"version_data" : [
{
"version_value" : "3.1.1"
},
{
"version_value" : "3.1.2"
}
]
}
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"C": "N",
"A": "N",
"AC": "L",
"S": "U",
"AV": "N",
"UI": "R",
"SCORE": "4.300",
"PR": "N",
"I": "L"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
]
}
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116.",
"lang": "eng"
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4117"
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10878396",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10878396",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 878396 (Cloud Private)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158116",
"title": "X-Force Vulnerability Report",
"name": "ibm-cloud-cve20194117-csrf (158116)"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Cloud Private",
"version": {
"version_data": [
{
"version_value": "3.1.1"
},
{
"version_value": "3.1.2"
}
]
}
}
]
}
}
]
}
}
}

174
2019/4xxx/CVE-2019-4253.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4253",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-08-07T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-4253",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-07T00:00:00"
},
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Informix Dynamic Server Enterprise Edition",
"version" : {
"version_data" : [
{
"version_value" : "12.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"SCORE" : "7.800",
"AV" : "L",
"A" : "H",
"I" : "H",
"C" : "H",
"PR" : "L",
"S" : "U",
"UI" : "N",
"AC" : "L"
}
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159941",
"name" : "ibm-informix-cve20194253-priv-escalation (159941)"
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"data_format" : "MITRE"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Informix Dynamic Server Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "12.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"SCORE": "7.800",
"AV": "L",
"A": "H",
"I": "H",
"C": "H",
"PR": "L",
"S": "U",
"UI": "N",
"AC": "L"
}
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159941",
"name": "ibm-informix-cve20194253-priv-escalation (159941)"
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"data_format": "MITRE"
}

334
2019/4xxx/CVE-2019-4294.json
View File

@ -1,169 +1,169 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.0.0.3"
},
{
"version_value" : "8.0.0.4"
},
{
"version_value" : "8.0.0.5"
},
{
"version_value" : "8.0.0.6"
},
{
"version_value" : "8.0.0.0"
},
{
"version_value" : "8.0.0.8"
},
{
"version_value" : "8.0.0.10"
},
{
"version_value" : "9.1.0.0"
},
{
"version_value" : "8.0.0.11"
},
{
"version_value" : "9.1.0.1"
},
{
"version_value" : "9.1.1"
},
{
"version_value" : "8.0.0.1"
},
{
"version_value" : "8.0.0.7"
},
{
"version_value" : "8.0.0.9"
},
{
"version_value" : "8.0.0.2"
},
{
"version_value" : "8.0.0.12"
},
{
"version_value" : "9.1.0.2"
},
{
"version_value" : "9.1.2"
}
]
},
"product_name" : "MQ Appliance"
},
{
"product_name" : "DataPower Gateway",
"version" : {
"version_data" : [
{
"version_value" : "7.6.0.0"
},
{
"version_value" : "2018.4.1.0"
},
{
"version_value" : "2018.4.1.6"
},
{
"version_value" : "7.6.0.15"
},
{
"version_value" : "CD"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10887005",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 887005 (MQ Appliance)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10887005"
},
{
"title" : "IBM Security Bulletin 958933 (DataPower Gateway)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10958933",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10958933"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160701",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-mq-cve20194294-code-exec (160701)"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188."
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-08-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4294",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.0.6"
},
{
"version_value": "8.0.0.0"
},
{
"version_value": "8.0.0.8"
},
{
"version_value": "8.0.0.10"
},
{
"version_value": "9.1.0.0"
},
{
"version_value": "8.0.0.11"
},
{
"version_value": "9.1.0.1"
},
{
"version_value": "9.1.1"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.7"
},
{
"version_value": "8.0.0.9"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.12"
},
{
"version_value": "9.1.0.2"
},
{
"version_value": "9.1.2"
}
]
},
"product_name": "MQ Appliance"
},
{
"product_name": "DataPower Gateway",
"version": {
"version_data": [
{
"version_value": "7.6.0.0"
},
{
"version_value": "2018.4.1.0"
},
{
"version_value": "2018.4.1.6"
},
{
"version_value": "7.6.0.15"
},
{
"version_value": "CD"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"A" : "H",
"C" : "H",
"PR" : "N",
"I" : "H",
"UI" : "N",
"SCORE" : "8.400",
"AV" : "L",
"S" : "U"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_type" : "CVE",
"data_format" : "MITRE"
}
}
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887005",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 887005 (MQ Appliance)",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10887005"
},
{
"title": "IBM Security Bulletin 958933 (DataPower Gateway)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10958933",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10958933"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160701",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-mq-cve20194294-code-exec (160701)"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188."
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4294",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"A": "H",
"C": "H",
"PR": "N",
"I": "H",
"UI": "N",
"SCORE": "8.400",
"AV": "L",
"S": "U"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"data_type": "CVE",
"data_format": "MITRE"
}

234
2019/4xxx/CVE-2019-4308.json
View File

@ -1,119 +1,119 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"S" : "U",
"PR" : "L",
"I" : "N",
"UI" : "N",
"SCORE" : "4.300",
"A" : "N",
"C" : "L",
"AC" : "L"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Emptoris Sourcing",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.3"
}
]
}
},
{
"product_name" : "Contract Management",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.3"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.3"
}
]
},
"product_name" : "Emptoris Spend Analysis"
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"S": "U",
"PR": "L",
"I": "N",
"UI": "N",
"SCORE": "4.300",
"A": "N",
"C": "L",
"AC": "L"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4308",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-08-13T00:00:00"
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 880221 (Emptoris Sourcing)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name" : "ibm-emptoris-cve20194308-info-disc (161034)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_type": "CVE",
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
},
"product_name": "Emptoris Spend Analysis"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-4308",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00"
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194308-info-disc (161034)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034",
"title": "X-Force Vulnerability Report"
}
]
},
"data_version": "4.0"
}

176
2019/4xxx/CVE-2019-4310.json
View File

@ -1,90 +1,90 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"A" : "N",
"C" : "H",
"PR" : "N",
"I" : "N",
"UI" : "N",
"SCORE" : "7.500",
"AV" : "N",
"S" : "U"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "4.0"
}
]
},
"product_name" : "Security Guardium Big Data Intelligence"
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"A": "N",
"C": "H",
"PR": "N",
"I": "N",
"UI": "N",
"SCORE": "7.500",
"AV": "N",
"S": "U"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
]
}
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10960298",
"title" : "IBM Security Bulletin 960298 (Security Guardium Big Data Intelligence)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10960298",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161036",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-guardium-cve20194310-info-disc (161036)"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036."
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4310",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-08-16T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_type": "CVE",
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "4.0"
}
]
},
"product_name": "Security Guardium Big Data Intelligence"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10960298",
"title": "IBM Security Bulletin 960298 (Security Guardium Big Data Intelligence)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10960298",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161036",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-guardium-cve20194310-info-disc (161036)"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036."
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4310",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-08-16T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
}
}

182
2019/4xxx/CVE-2019-4402.json
View File

@ -1,93 +1,93 @@
{
"data_type" : "CVE",
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "H",
"C" : "N",
"AC" : "L",
"AV" : "N",
"S" : "C",
"PR" : "N",
"I" : "N",
"UI" : "N",
"SCORE" : "8.600"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4402",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-08-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10958193",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 958193 (API Connect)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10958193"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162263",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-api-cve20194402-dos (162263)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "API Connect",
"version" : {
"version_data" : [
{
"version_value" : "2018.1"
},
{
"version_value" : "2018.4.1.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
"data_type": "CVE",
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"C": "N",
"AC": "L",
"AV": "N",
"S": "C",
"PR": "N",
"I": "N",
"UI": "N",
"SCORE": "8.600"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
]
}
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Denial of Service",
"lang": "eng"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263.",
"lang": "eng"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4402",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10958193",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 958193 (API Connect)",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10958193"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162263",
"title": "X-Force Vulnerability Report",
"name": "ibm-api-cve20194402-dos (162263)"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "API Connect",
"version": {
"version_data": [
{
"version_value": "2018.1"
},
{
"version_value": "2018.4.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

266
2019/4xxx/CVE-2019-4419.json
View File

@ -1,135 +1,135 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "5.1.0"
},
{
"version_value" : "5.1.0.1"
},
{
"version_value" : "5.1.0.2"
},
{
"version_value" : "5.1.0.3"
},
{
"version_value" : "5.1.0.4"
},
{
"version_value" : "5.1.0.5"
},
{
"version_value" : "5.1.0.6"
},
{
"version_value" : "5.1.0.7"
},
{
"version_value" : "5.1.0.8"
},
{
"version_value" : "5.1.0.9"
},
{
"version_value" : "5.1.0.10"
},
{
"version_value" : "5.1.0.11"
},
{
"version_value" : "5.1.0.12"
},
{
"version_value" : "5.1.0.13"
},
{
"version_value" : "5.1.0.14"
},
{
"version_value" : "5.2.0"
}
]
},
"product_name" : "Intelligent Operations Center"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 956433 (Intelligent Operations Center)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10956433",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10956433"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162737",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-ioc-cve20194419-xxe (162737)"
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4419",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-08-05T00:00:00"
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "L",
"C" : "H",
"AC" : "L",
"AV" : "N",
"S" : "U",
"I" : "N",
"PR" : "L",
"SCORE" : "7.100",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.0.1"
},
{
"version_value": "5.1.0.2"
},
{
"version_value": "5.1.0.3"
},
{
"version_value": "5.1.0.4"
},
{
"version_value": "5.1.0.5"
},
{
"version_value": "5.1.0.6"
},
{
"version_value": "5.1.0.7"
},
{
"version_value": "5.1.0.8"
},
{
"version_value": "5.1.0.9"
},
{
"version_value": "5.1.0.10"
},
{
"version_value": "5.1.0.11"
},
{
"version_value": "5.1.0.12"
},
{
"version_value": "5.1.0.13"
},
{
"version_value": "5.1.0.14"
},
{
"version_value": "5.2.0"
}
]
},
"product_name": "Intelligent Operations Center"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE"
}
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 956433 (Intelligent Operations Center)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10956433",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10956433"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162737",
"title": "X-Force Vulnerability Report",
"name": "ibm-ioc-cve20194419-xxe (162737)"
}
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737.",
"lang": "eng"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-4419",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-05T00:00:00"
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"C": "H",
"AC": "L",
"AV": "N",
"S": "U",
"I": "N",
"PR": "L",
"SCORE": "7.100",
"UI": "N"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_format": "MITRE",
"data_type": "CVE"
}

266
2019/4xxx/CVE-2019-4420.json
View File

@ -1,135 +1,135 @@
{
"data_type" : "CVE",
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AC" : "L",
"C" : "H",
"A" : "N",
"SCORE" : "6.200",
"UI" : "N",
"I" : "N",
"PR" : "N",
"S" : "U",
"AV" : "L"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 956429 (Intelligent Operations Center)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10956429",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10956429"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162738",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-ioc-cve20194420-info-disc (162738)"
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-08-05T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4420",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intelligent Operations Center",
"version" : {
"version_data" : [
{
"version_value" : "5.1.0"
},
{
"version_value" : "5.1.0.1"
},
{
"version_value" : "5.1.0.2"
},
{
"version_value" : "5.1.0.3"
},
{
"version_value" : "5.1.0.4"
},
{
"version_value" : "5.1.0.5"
},
{
"version_value" : "5.1.0.6"
},
{
"version_value" : "5.1.0.7"
},
{
"version_value" : "5.1.0.8"
},
{
"version_value" : "5.1.0.9"
},
{
"version_value" : "5.1.0.10"
},
{
"version_value" : "5.1.0.11"
},
{
"version_value" : "5.1.0.12"
},
{
"version_value" : "5.1.0.13"
},
{
"version_value" : "5.1.0.14"
},
{
"version_value" : "5.2.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
"data_type": "CVE",
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"AC": "L",
"C": "H",
"A": "N",
"SCORE": "6.200",
"UI": "N",
"I": "N",
"PR": "N",
"S": "U",
"AV": "L"
}
]
}
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 956429 (Intelligent Operations Center)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10956429",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10956429"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162738",
"title": "X-Force Vulnerability Report",
"name": "ibm-ioc-cve20194420-info-disc (162738)"
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2019-08-05T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4420",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intelligent Operations Center",
"version": {
"version_data": [
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.0.1"
},
{
"version_value": "5.1.0.2"
},
{
"version_value": "5.1.0.3"
},
{
"version_value": "5.1.0.4"
},
{
"version_value": "5.1.0.5"
},
{
"version_value": "5.1.0.6"
},
{
"version_value": "5.1.0.7"
},
{
"version_value": "5.1.0.8"
},
{
"version_value": "5.1.0.9"
},
{
"version_value": "5.1.0.10"
},
{
"version_value": "5.1.0.11"
},
{
"version_value": "5.1.0.12"
},
{
"version_value": "5.1.0.13"
},
{
"version_value": "5.1.0.14"
},
{
"version_value": "5.2.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

184
2019/4xxx/CVE-2019-4425.json
View File

@ -1,96 +1,96 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771."
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-08-02T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4425"
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10959261",
"title" : "IBM Security Bulletin 959261 (Business Automation Workflow)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10959261"
},
{
"name" : "ibm-baw-cve20194425-info-disc (162771)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162771",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "18.0.0.0"
},
{
"version_value" : "18.0.0.1"
},
{
"version_value" : "18.0.0.2"
}
]
},
"product_name" : "Business Automation Workflow"
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771."
}
]
}
},
"data_type" : "CVE",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-02T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4425"
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10959261",
"title": "IBM Security Bulletin 959261 (Business Automation Workflow)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10959261"
},
{
"name": "ibm-baw-cve20194425-info-disc (162771)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162771",
"title": "X-Force Vulnerability Report"
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "18.0.0.0"
},
{
"version_value": "18.0.0.1"
},
{
"version_value": "18.0.0.2"
}
]
},
"product_name": "Business Automation Workflow"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"AC" : "L",
"A" : "N",
"C" : "H",
"PR" : "L",
"I" : "N",
"UI" : "R",
"SCORE" : "5.700",
"AV" : "N",
"S" : "U"
}
}
}
}
}
},
"data_type": "CVE",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"AC": "L",
"A": "N",
"C": "H",
"PR": "L",
"I": "N",
"UI": "R",
"SCORE": "5.700",
"AV": "N",
"S": "U"
}
}
}
}

216
2019/4xxx/CVE-2019-4433.json
View File

@ -1,112 +1,112 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162890."
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-08-14T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4433"
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 958081 (InfoSphere Global Name Management)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10958081",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10958081"
},
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10958079",
"title" : "IBM Security Bulletin 958079 (InfoSphere Identity Insight)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10958079"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162890",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-infosphere-cve20194433-xxe (162890)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.1"
},
{
"version_value" : "9.0"
}
]
},
"product_name" : "InfoSphere Identity Insight"
},
{
"product_name" : "InfoSphere Global Name Management",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "6.0"
}
]
}
}
]
}
"lang": "eng",
"value": "IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162890."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"C" : "H",
"A" : "L",
"SCORE" : "7.100",
"UI" : "N",
"I" : "N",
"PR" : "L",
"S" : "U",
"AV" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-14T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4433"
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 958081 (InfoSphere Global Name Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10958081",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10958081"
},
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10958079",
"title": "IBM Security Bulletin 958079 (InfoSphere Identity Insight)",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10958079"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162890",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-infosphere-cve20194433-xxe (162890)"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.1"
},
{
"version_value": "9.0"
}
]
},
"product_name": "InfoSphere Identity Insight"
},
{
"product_name": "InfoSphere Global Name Management",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "6.0"
}
]
}
}
]
}
}
]
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"C": "H",
"A": "L",
"SCORE": "7.100",
"UI": "N",
"I": "N",
"PR": "L",
"S": "U",
"AV": "N"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
}

182
2019/4xxx/CVE-2019-4460.json
View File

@ -1,93 +1,93 @@
{
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"A" : "N",
"C" : "L",
"AC" : "L",
"AV" : "N",
"S" : "U",
"PR" : "L",
"I" : "N",
"UI" : "N",
"SCORE" : "4.300"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10960848",
"title" : "IBM Security Bulletin 960848 (API Connect)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10960848"
},
{
"name" : "ibm-api-cve20194460-info-disc (163681)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163681",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681."
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-08-03T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4460"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "5.0.0.0"
},
{
"version_value" : "5.0.8.6"
}
]
},
"product_name" : "API Connect"
}
]
}
"data_format": "MITRE",
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"A": "N",
"C": "L",
"AC": "L",
"AV": "N",
"S": "U",
"PR": "L",
"I": "N",
"UI": "N",
"SCORE": "4.300"
}
]
}
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10960848",
"title": "IBM Security Bulletin 960848 (API Connect)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10960848"
},
{
"name": "ibm-api-cve20194460-info-disc (163681)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163681",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681."
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-03T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4460"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "5.0.0.0"
},
{
"version_value": "5.0.8.6"
}
]
},
"product_name": "API Connect"
}
]
}
}
]
}
}
}

206
2019/4xxx/CVE-2019-4481.json
View File

@ -1,106 +1,106 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Data Manipulation"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"C" : "L",
"A" : "L",
"AC" : "L",
"S" : "U",
"AV" : "N",
"UI" : "N",
"SCORE" : "7.600",
"PR" : "L",
"I" : "H"
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.3"
}
]
},
"product_name" : "Emptoris Spend Analysis"
},
{
"product_name" : "Contract Management",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.3"
}
]
}
}
]
}
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
}
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 880223 (Contract Management)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880223",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064",
"name" : "ibm-emptoris-cve20194481-sql-injection (164064)"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4481",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-08-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
}
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"C": "L",
"A": "L",
"AC": "L",
"S": "U",
"AV": "N",
"UI": "N",
"SCORE": "7.600",
"PR": "L",
"I": "H"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
},
"product_name": "Emptoris Spend Analysis"
},
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
}
]
}
}
]
}
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 880223 (Contract Management)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064",
"name": "ibm-emptoris-cve20194481-sql-injection (164064)"
}
]
},
"description": {
"description_data": [
{
"value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064.",
"lang": "eng"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4481",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
}
}

208
2019/4xxx/CVE-2019-4483.json
View File

@ -1,106 +1,106 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Contract Management",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.3"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.3"
}
]
},
"product_name" : "Emptoris Spend Analysis"
}
]
}
}
]
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880223",
"title" : "IBM Security Bulletin 880223 (Contract Management)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067",
"name" : "ibm-emptoris-cve20194483-sql-injection (164067)"
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067."
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4483",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-08-13T00:00:00"
},
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "7.600",
"UI" : "N",
"I" : "H",
"PR" : "L",
"S" : "U",
"AV" : "N",
"AC" : "L",
"C" : "L",
"A" : "L"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Data Manipulation",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
},
"product_name": "Emptoris Spend Analysis"
}
]
}
}
]
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE"
}
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223",
"title": "IBM Security Bulletin 880223 (Contract Management)",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067",
"name": "ibm-emptoris-cve20194483-sql-injection (164067)"
}
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067."
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-4483",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00"
},
"impact": {
"cvssv3": {
"BM": {
"SCORE": "7.600",
"UI": "N",
"I": "H",
"PR": "L",
"S": "U",
"AV": "N",
"AC": "L",
"C": "L",
"A": "L"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Data Manipulation",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"data_format": "MITRE"
}

234
2019/4xxx/CVE-2019-4484.json
View File

@ -1,119 +1,119 @@
{
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"I" : "N",
"PR" : "L",
"SCORE" : "4.300",
"UI" : "N",
"AV" : "N",
"S" : "U",
"AC" : "L",
"A" : "N",
"C" : "L"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4484",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-08-13T00:00:00"
},
"description" : {
"description_data" : [
{
"value" : "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 880221 (Emptoris Sourcing)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name" : "ibm-emptoris-cve20194484-info-disc (164068)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.3"
}
]
},
"product_name" : "Contract Management"
},
{
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.3"
}
]
},
"product_name" : "Emptoris Spend Analysis"
},
{
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.3"
}
]
},
"product_name" : "Emptoris Sourcing"
}
]
},
"vendor_name" : "IBM"
"data_format": "MITRE",
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"I": "N",
"PR": "L",
"SCORE": "4.300",
"UI": "N",
"AV": "N",
"S": "U",
"AC": "L",
"A": "N",
"C": "L"
}
]
}
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-4484",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00"
},
"description": {
"description_data": [
{
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.",
"lang": "eng"
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194484-info-disc (164068)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
},
"product_name": "Contract Management"
},
{
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
},
"product_name": "Emptoris Spend Analysis"
},
{
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
},
"product_name": "Emptoris Sourcing"
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

234
2019/4xxx/CVE-2019-4485.json
View File

@ -1,119 +1,119 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Contract Management",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.3"
}
]
}
},
{
"product_name" : "Emptoris Spend Analysis",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.3"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.3"
}
]
},
"product_name" : "Emptoris Sourcing"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-08-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4485",
"STATE" : "PUBLIC"
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 880221 (Emptoris Sourcing)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name" : "ibm-emptoris-cve20194485-info-disc (164069)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
},
"product_name": "Emptoris Sourcing"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"UI" : "N",
"SCORE" : "4.300",
"PR" : "L",
"I" : "N",
"S" : "U",
"AV" : "N",
"AC" : "L",
"C" : "L",
"A" : "N"
}
}
},
"data_type" : "CVE",
"data_format" : "MITRE"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.",
"lang": "eng"
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4485",
"STATE": "PUBLIC"
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194485-info-disc (164069)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"UI": "N",
"SCORE": "4.300",
"PR": "L",
"I": "N",
"S": "U",
"AV": "N",
"AC": "L",
"C": "L",
"A": "N"
}
}
},
"data_type": "CVE",
"data_format": "MITRE"
}

91
2019/7xxx/CVE-2019-7593.json
View File

@ -1,9 +1,40 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "productsecurity@jci.com",
"ID": "CVE-2019-7593",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Metasys use of shared RSA key pairs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasys versions prior to 9.0",
"version": {
"version_data": [
{
"version_affected": "!",
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "Johnson Controls"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "harpocrates.ghost@protonmail.com "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
@ -11,8 +42,62 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Metasys\u00ae ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-323: Reusing a Nonce, Key Pair in Encryption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf",
"refsource": "CONFIRM",
"url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf"
},
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade Metasys\u00ae devices to Release 9.0 or later and configure sites with trusted certificates."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

91
2019/7xxx/CVE-2019-7594.json
View File

@ -1,9 +1,40 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "productsecurity@jci.com",
"ID": "CVE-2019-7594",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Metasys use of hardcoded RC2 key"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasys versions prior to 9.0",
"version": {
"version_data": [
{
"version_affected": "!",
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "Johnson Controls"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "harpocrates.ghost@protonmail.com "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
@ -11,8 +42,62 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Metasys\u00ae ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321 Use of Hard-coded Cryptographic Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf",
"refsource": "CONFIRM",
"url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf"
},
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade Metasys\u00ae devices to Release 9.0 or later and configure sites with trusted certificates."
}
],
"source": {
"discovery": "EXTERNAL"
}
}