admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-04-25 15:00:48 +00:00
parent 445b1f20a5
commit ccbfa103a0
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
15 changed files with 1181 additions and 1099 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

194
2018/1xxx/CVE-2018-1720.json
View File

@ -1,99 +1,99 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "5.2.0.1"
},
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "5.2.6.3_6"
},
{
"version_value" : "6.0.0.1"
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0.0, and 6.0.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 147294."
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-04-20T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2018-1720"
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"C" : "H",
"SCORE" : "5.900",
"I" : "N",
"UI" : "N",
"A" : "N",
"AV" : "N",
"PR" : "N",
"S" : "U",
"AC" : "H"
}
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880601",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880601",
"title" : "IBM Security Bulletin 880601 (Sterling B2B Integrator)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147294",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sterling-cve20181720-info-disc (147294)"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value": "5.2.0.1"
},
{
"version_value": "6.0.0.0"
},
{
"version_value": "5.2.6.3_6"
},
{
"version_value": "6.0.0.1"
}
]
}
}
]
}
}
]
}
]
}
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0.0, and 6.0.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 147294."
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-04-20T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2018-1720"
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"C": "H",
"SCORE": "5.900",
"I": "N",
"UI": "N",
"A": "N",
"AV": "N",
"PR": "N",
"S": "U",
"AC": "H"
}
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880601",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880601",
"title": "IBM Security Bulletin 880601 (Sterling B2B Integrator)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147294",
"title": "X-Force Vulnerability Report",
"name": "ibm-sterling-cve20181720-info-disc (147294)"
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
}

18
2019/11xxx/CVE-2019-11523.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11523",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2019/3xxx/CVE-2019-3900.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3900",
"ASSIGNER": "lpardo@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -73,4 +74,4 @@
]
]
}
}
}

178
2019/4xxx/CVE-2019-4033.json
View File

@ -1,93 +1,93 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155999."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Content Navigator",
"version" : {
"version_data" : [
{
"version_value" : "2.0.3"
},
{
"version_value" : "3.0CD"
}
]
}
}
]
}
"lang": "eng",
"value": "IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155999."
}
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-04-19T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4033"
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "H"
},
"BM" : {
"I" : "L",
"SCORE" : "5.400",
"C" : "L",
"AC" : "L",
"S" : "C",
"PR" : "L",
"A" : "N",
"AV" : "N",
"UI" : "R"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Content Navigator",
"version": {
"version_data": [
{
"version_value": "2.0.3"
},
{
"version_value": "3.0CD"
}
]
}
}
]
}
}
]
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10869046",
"title" : "IBM Security Bulletin 869046 (Content Navigator)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10869046",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155999",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-content-cve20194033-xss (155999)"
}
]
}
}
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-04-19T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4033"
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "H"
},
"BM": {
"I": "L",
"SCORE": "5.400",
"C": "L",
"AC": "L",
"S": "C",
"PR": "L",
"A": "N",
"AV": "N",
"UI": "R"
}
}
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10869046",
"title": "IBM Security Bulletin 869046 (Content Navigator)",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10869046",
"refsource": "CONFIRM"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155999",
"title": "X-Force Vulnerability Report",
"name": "ibm-content-cve20194033-xss (155999)"
}
]
}
}

178
2019/4xxx/CVE-2019-4073.json
View File

@ -1,93 +1,93 @@
{
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-04-20T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4073"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157107."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-04-20T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4073"
},
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "6.0.0.1"
}
]
},
"product_name" : "Sterling B2B Integrator"
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157107."
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.0.0"
},
{
"version_value": "6.0.0.1"
}
]
},
"product_name": "Sterling B2B Integrator"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"title" : "IBM Security Bulletin 880591 (Sterling B2B Integrator)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157107",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sterling-cve20194073-xss (157107)",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "L",
"SCORE" : "5.400",
"C" : "L",
"AC" : "L",
"S" : "C",
"PR" : "L",
"A" : "N",
"AV" : "N",
"UI" : "R"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "H"
}
}
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"title": "IBM Security Bulletin 880591 (Sterling B2B Integrator)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880591"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157107",
"title": "X-Force Vulnerability Report",
"name": "ibm-sterling-cve20194073-xss (157107)",
"refsource": "XF"
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"I": "L",
"SCORE": "5.400",
"C": "L",
"AC": "L",
"S": "C",
"PR": "L",
"A": "N",
"AV": "N",
"UI": "R"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "H"
}
}
}
}

182
2019/4xxx/CVE-2019-4074.json
View File

@ -1,93 +1,93 @@
{
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2019-4074",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-04-20T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "6.0.0.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157108.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"title" : "IBM Security Bulletin 880591 (Sterling B2B Integrator)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157108",
"name" : "ibm-sterling-cve20194074-xss (157108)"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-4074",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-04-20T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value": "6.0.0.0"
},
{
"version_value": "6.0.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "L",
"SCORE" : "5.400",
"C" : "L",
"AC" : "L",
"AV" : "N",
"A" : "N",
"S" : "C",
"PR" : "L",
"UI" : "R"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
}
}
}
},
"description": {
"description_data": [
{
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157108.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"title": "IBM Security Bulletin 880591 (Sterling B2B Integrator)",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"refsource": "CONFIRM"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157108",
"name": "ibm-sterling-cve20194074-xss (157108)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"data_format": "MITRE",
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"I": "L",
"SCORE": "5.400",
"C": "L",
"AC": "L",
"AV": "N",
"A": "N",
"S": "C",
"PR": "L",
"UI": "R"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
}
}

180
2019/4xxx/CVE-2019-4075.json
View File

@ -1,93 +1,93 @@
{
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"title" : "IBM Security Bulletin 880591 (Sterling B2B Integrator)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-sterling-cve20194075-xss (157109)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157109",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AC" : "L",
"S" : "C",
"PR" : "L",
"A" : "N",
"AV" : "N",
"UI" : "R",
"I" : "L",
"SCORE" : "5.400",
"C" : "L"
}
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-04-20T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4075"
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157109.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "6.0.0.1"
}
]
},
"product_name" : "Sterling B2B Integrator"
}
]
}
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
}
}
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"title": "IBM Security Bulletin 880591 (Sterling B2B Integrator)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"refsource": "CONFIRM"
},
{
"name": "ibm-sterling-cve20194075-xss (157109)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157109",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"AC": "L",
"S": "C",
"PR": "L",
"A": "N",
"AV": "N",
"UI": "R",
"I": "L",
"SCORE": "5.400",
"C": "L"
}
}
},
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-04-20T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4075"
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157109.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.0.0"
},
{
"version_value": "6.0.0.1"
}
]
},
"product_name": "Sterling B2B Integrator"
}
]
}
}
]
}
}
}

182
2019/4xxx/CVE-2019-4076.json
View File

@ -1,93 +1,93 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "6.0.0.1"
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157110.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-04-20T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4076"
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "L",
"SCORE" : "5.400",
"I" : "L",
"UI" : "R",
"S" : "C",
"PR" : "L",
"AV" : "N",
"A" : "N",
"AC" : "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 880591 (Sterling B2B Integrator)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157110",
"name" : "ibm-sterling-cve20194076-xss (157110)",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value": "6.0.0.0"
},
{
"version_value": "6.0.0.1"
}
]
}
}
]
}
}
]
}
]
}
}
}
},
"description": {
"description_data": [
{
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157110.",
"lang": "eng"
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-04-20T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4076"
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"C": "L",
"SCORE": "5.400",
"I": "L",
"UI": "R",
"S": "C",
"PR": "L",
"AV": "N",
"A": "N",
"AC": "L"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880591 (Sterling B2B Integrator)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880591"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157110",
"name": "ibm-sterling-cve20194076-xss (157110)",
"refsource": "XF"
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
}
}

182
2019/4xxx/CVE-2019-4077.json
View File

@ -1,93 +1,93 @@
{
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "R",
"AC" : "L",
"S" : "C",
"PR" : "L",
"AV" : "N",
"A" : "N",
"C" : "L",
"I" : "L",
"SCORE" : "5.400"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 880591 (Sterling B2B Integrator)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-sterling-cve20194077-xss (157111)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157111",
"refsource" : "XF"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "6.0.0.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"UI": "R",
"AC": "L",
"S": "C",
"PR": "L",
"AV": "N",
"A": "N",
"C": "L",
"I": "L",
"SCORE": "5.400"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157111."
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2019-4077",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-04-20T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
}
}
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 880591 (Sterling B2B Integrator)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"refsource": "CONFIRM"
},
{
"name": "ibm-sterling-cve20194077-xss (157111)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157111",
"refsource": "XF"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value": "6.0.0.0"
},
{
"version_value": "6.0.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157111."
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-4077",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-04-20T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
}
}

180
2019/4xxx/CVE-2019-4092.json
View File

@ -1,93 +1,93 @@
{
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 874754 (Content Navigator)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10874754",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10874754"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157654",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-content-cve20194092-open-redirect (157654)",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"UI" : "R",
"AC" : "L",
"AV" : "N",
"A" : "N",
"PR" : "L",
"S" : "C",
"C" : "N",
"I" : "H",
"SCORE" : "6.800"
}
}
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2019-4092",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-04-22T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Content Navigator",
"version" : {
"version_data" : [
{
"version_value" : "2.0.3"
},
{
"version_value" : "3.0CD"
}
]
}
}
]
},
"vendor_name" : "IBM"
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 874754 (Content Navigator)",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10874754",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10874754"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157654",
"title": "X-Force Vulnerability Report",
"name": "ibm-content-cve20194092-open-redirect (157654)",
"refsource": "XF"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 157654.",
"lang" : "eng"
}
]
}
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"UI": "R",
"AC": "L",
"AV": "N",
"A": "N",
"PR": "L",
"S": "C",
"C": "N",
"I": "H",
"SCORE": "6.800"
}
}
},
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-4092",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-04-22T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Content Navigator",
"version": {
"version_data": [
{
"version_value": "2.0.3"
},
{
"version_value": "3.0CD"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"value": "IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 157654.",
"lang": "eng"
}
]
}
}

182
2019/4xxx/CVE-2019-4146.json
View File

@ -1,93 +1,93 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"AV" : "N",
"A" : "N",
"S" : "U",
"PR" : "L",
"AC" : "H",
"UI" : "N",
"SCORE" : "3.100",
"I" : "N",
"C" : "L"
}
}
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 880595 (Sterling B2B Integrator)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880595",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880595"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158401",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sterling-cve20194146-info-disc (158401)",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "6.0.0.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"AV": "N",
"A": "N",
"S": "U",
"PR": "L",
"AC": "H",
"UI": "N",
"SCORE": "3.100",
"I": "N",
"C": "L"
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to obtain sensitive document information under unusual circumstances. IBM X-Force ID: 158401."
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-04-20T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4146",
"STATE" : "PUBLIC"
},
"data_version" : "4.0"
}
}
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880595 (Sterling B2B Integrator)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880595",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880595"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158401",
"title": "X-Force Vulnerability Report",
"name": "ibm-sterling-cve20194146-info-disc (158401)",
"refsource": "XF"
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value": "6.0.0.0"
},
{
"version_value": "6.0.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to obtain sensitive document information under unusual circumstances. IBM X-Force ID: 158401."
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2019-04-20T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4146",
"STATE": "PUBLIC"
},
"data_version": "4.0"
}

178
2019/4xxx/CVE-2019-4148.json
View File

@ -1,93 +1,93 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158414.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "6.0.0.1"
}
]
},
"product_name" : "Sterling B2B Integrator"
}
]
},
"vendor_name" : "IBM"
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158414.",
"lang": "eng"
}
]
}
},
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-04-20T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4148",
"STATE" : "PUBLIC"
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"AC" : "H",
"AV" : "N",
"A" : "N",
"PR" : "H",
"S" : "C",
"UI" : "R",
"I" : "L",
"SCORE" : "4.000",
"C" : "L"
}
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.0.0"
},
{
"version_value": "6.0.0.1"
}
]
},
"product_name": "Sterling B2B Integrator"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"title" : "IBM Security Bulletin 880591 (Sterling B2B Integrator)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-sterling-cve20194148-xss (158414)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158414",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
}
}
}
},
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2019-04-20T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4148",
"STATE": "PUBLIC"
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"E": "H",
"RL": "O",
"RC": "C"
},
"BM": {
"AC": "H",
"AV": "N",
"A": "N",
"PR": "H",
"S": "C",
"UI": "R",
"I": "L",
"SCORE": "4.000",
"C": "L"
}
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"title": "IBM Security Bulletin 880591 (Sterling B2B Integrator)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880591",
"refsource": "CONFIRM"
},
{
"name": "ibm-sterling-cve20194148-xss (158414)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158414",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
}
}

182
2019/4xxx/CVE-2019-4222.json
View File

@ -1,93 +1,93 @@
{
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"UI" : "N",
"A" : "N",
"AV" : "N",
"S" : "U",
"PR" : "L",
"AC" : "L",
"C" : "L",
"SCORE" : "4.300",
"I" : "N"
}
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 880595 (Sterling B2B Integrator)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880595",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880595"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159231",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sterling-cve20194222-info-disc (159231)",
"refsource" : "XF"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "6.0.0.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"UI": "N",
"A": "N",
"AV": "N",
"S": "U",
"PR": "L",
"AC": "L",
"C": "L",
"SCORE": "4.300",
"I": "N"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to view process definition of a business process without permission. IBM X-Force ID: 159231.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-04-20T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4222",
"STATE" : "PUBLIC"
}
}
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880595 (Sterling B2B Integrator)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880595",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880595"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159231",
"title": "X-Force Vulnerability Report",
"name": "ibm-sterling-cve20194222-info-disc (159231)",
"refsource": "XF"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value": "6.0.0.0"
},
{
"version_value": "6.0.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to view process definition of a business process without permission. IBM X-Force ID: 159231.",
"lang": "eng"
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2019-04-20T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4222",
"STATE": "PUBLIC"
}
}

184
2019/4xxx/CVE-2019-4238.json
View File

@ -1,96 +1,96 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11.3"
},
{
"version_value" : "11.5"
},
{
"version_value" : "11.7"
}
]
},
"product_name" : "InfoSphere Information Server"
}
]
}
"lang": "eng",
"value": "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464."
}
]
}
},
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-04-19T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4238",
"STATE" : "PUBLIC"
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"PR" : "L",
"S" : "C",
"AV" : "N",
"A" : "N",
"UI" : "R",
"I" : "L",
"SCORE" : "5.400",
"C" : "L"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "11.3"
},
{
"version_value": "11.5"
},
{
"version_value": "11.7"
}
]
},
"product_name": "InfoSphere Information Server"
}
]
}
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 881165 (InfoSphere Information Server)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10881165",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10881165",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159464",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-infosphere-cve20194238-xss (159464)",
"refsource" : "XF"
}
]
}
}
}
},
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2019-04-19T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4238",
"STATE": "PUBLIC"
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"PR": "L",
"S": "C",
"AV": "N",
"A": "N",
"UI": "R",
"I": "L",
"SCORE": "5.400",
"C": "L"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 881165 (InfoSphere Information Server)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10881165",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10881165",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159464",
"title": "X-Force Vulnerability Report",
"name": "ibm-infosphere-cve20194238-xss (159464)",
"refsource": "XF"
}
]
}
}

75
2019/9xxx/CVE-2019-9900.json
View File

@ -1,18 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9900",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-9900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history",
"url": "https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/envoyproxy/envoy/issues/6434",
"url": "https://github.com/envoyproxy/envoy/issues/6434"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:L/C:L/I:L/PR:N/S:C/UI:N",
"version": "3.0"
}
}
}