mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
1ef6b8a121
commit
d27cdfa963
@ -53,9 +53,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/ImageMagick/ImageMagick/compare/master@%7B2019-07-15%7D...master@%7B2019-07-16%7D",
|
||||
"url": "https://github.com/ImageMagick/ImageMagick/compare/7.0.8-53...7.0.8-54",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/ImageMagick/ImageMagick/compare/master@%7B2019-07-15%7D...master@%7B2019-07-16%7D"
|
||||
"name": "https://github.com/ImageMagick/ImageMagick/compare/7.0.8-53...7.0.8-54"
|
||||
},
|
||||
{
|
||||
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15826",
|
||||
@ -63,14 +63,19 @@
|
||||
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15826"
|
||||
},
|
||||
{
|
||||
"refsource": "SECTRACK",
|
||||
"name": "Security Tracker",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942578",
|
||||
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942578"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security-tracker.debian.org/tracker/CVE-2019-17540",
|
||||
"url": "https://security-tracker.debian.org/tracker/CVE-2019-17540"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942578",
|
||||
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942578"
|
||||
"name": "https://github.com/ImageMagick/ImageMagick/compare/master@%7B2019-07-15%7D...master@%7B2019-07-17%7D",
|
||||
"url": "https://github.com/ImageMagick/ImageMagick/compare/master@%7B2019-07-15%7D...master@%7B2019-07-17%7D"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,135 +1,135 @@
|
||||
{
|
||||
"impact" : {
|
||||
"cvssv3" : {
|
||||
"TM" : {
|
||||
"RL" : "O",
|
||||
"RC" : "C",
|
||||
"E" : "U"
|
||||
},
|
||||
"BM" : {
|
||||
"AC" : "H",
|
||||
"UI" : "N",
|
||||
"S" : "U",
|
||||
"PR" : "L",
|
||||
"C" : "H",
|
||||
"A" : "N",
|
||||
"SCORE" : "5.300",
|
||||
"I" : "N",
|
||||
"AV" : "N"
|
||||
}
|
||||
}
|
||||
},
|
||||
"CVE_data_meta" : {
|
||||
"DATE_PUBLIC" : "2019-10-23T00:00:00",
|
||||
"ID" : "CVE-2019-4397",
|
||||
"ASSIGNER" : "psirt@us.ibm.com",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Obtain Information"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239"
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Cloud Orchestrator",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "2.4"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.4.0.1"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.4.0.2"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.1"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.4.0.3"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.2"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.4.0.4"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.3"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.4"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.4.0.5"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.5"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.6"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.7"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.8"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.9"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "IBM"
|
||||
"impact": {
|
||||
"cvssv3": {
|
||||
"TM": {
|
||||
"RL": "O",
|
||||
"RC": "C",
|
||||
"E": "U"
|
||||
},
|
||||
"BM": {
|
||||
"AC": "H",
|
||||
"UI": "N",
|
||||
"S": "U",
|
||||
"PR": "L",
|
||||
"C": "H",
|
||||
"A": "N",
|
||||
"SCORE": "5.300",
|
||||
"I": "N",
|
||||
"AV": "N"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_version" : "4.0",
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://www.ibm.com/support/pages/node/1077147",
|
||||
"title" : "IBM Security Bulletin 1077147 (Cloud Orchestrator)",
|
||||
"name" : "https://www.ibm.com/support/pages/node/1077147"
|
||||
},
|
||||
{
|
||||
"name" : "ibm-co-cve20194397-info-disc (162239)",
|
||||
"title" : "X-Force Vulnerability Report",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162239",
|
||||
"refsource" : "XF"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"CVE_data_meta": {
|
||||
"DATE_PUBLIC": "2019-10-23T00:00:00",
|
||||
"ID": "CVE-2019-4397",
|
||||
"ASSIGNER": "psirt@us.ibm.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Obtain Information"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239"
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Cloud Orchestrator",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2.4"
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0.1"
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0.2"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.1"
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0.3"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.2"
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0.4"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.3"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.4"
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0.5"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.5"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.6"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.7"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.8"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.9"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "IBM"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_version": "4.0",
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.ibm.com/support/pages/node/1077147",
|
||||
"title": "IBM Security Bulletin 1077147 (Cloud Orchestrator)",
|
||||
"name": "https://www.ibm.com/support/pages/node/1077147"
|
||||
},
|
||||
{
|
||||
"name": "ibm-co-cve20194397-info-disc (162239)",
|
||||
"title": "X-Force Vulnerability Report",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162239",
|
||||
"refsource": "XF"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -1,135 +1,135 @@
|
||||
{
|
||||
"impact" : {
|
||||
"cvssv3" : {
|
||||
"BM" : {
|
||||
"I" : "N",
|
||||
"AV" : "L",
|
||||
"A" : "N",
|
||||
"SCORE" : "4.000",
|
||||
"C" : "L",
|
||||
"S" : "U",
|
||||
"PR" : "N",
|
||||
"AC" : "L",
|
||||
"UI" : "N"
|
||||
},
|
||||
"TM" : {
|
||||
"RL" : "O",
|
||||
"RC" : "C",
|
||||
"E" : "U"
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_version" : "4.0",
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Cloud Orchestrator",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "2.4"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.4.0.1"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.4.0.2"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.1"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.4.0.3"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.2"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.4.0.4"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.3"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.4"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.4.0.5"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.5"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.6"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.7"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.8"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.9"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "IBM"
|
||||
"impact": {
|
||||
"cvssv3": {
|
||||
"BM": {
|
||||
"I": "N",
|
||||
"AV": "L",
|
||||
"A": "N",
|
||||
"SCORE": "4.000",
|
||||
"C": "L",
|
||||
"S": "U",
|
||||
"PR": "N",
|
||||
"AC": "L",
|
||||
"UI": "N"
|
||||
},
|
||||
"TM": {
|
||||
"RL": "O",
|
||||
"RC": "C",
|
||||
"E": "U"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"refsource" : "CONFIRM",
|
||||
"title" : "IBM Security Bulletin 1077123 (Cloud Orchestrator)",
|
||||
"url" : "https://www.ibm.com/support/pages/node/1077123",
|
||||
"name" : "https://www.ibm.com/support/pages/node/1077123"
|
||||
},
|
||||
{
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162259",
|
||||
"title" : "X-Force Vulnerability Report",
|
||||
"name" : "ibm-co-cve20194398-info-disc (162259)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"data_type" : "CVE",
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"value" : "Obtain Information",
|
||||
"lang" : "eng"
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_version": "4.0",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Cloud Orchestrator",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2.4"
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0.1"
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0.2"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.1"
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0.3"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.2"
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0.4"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.3"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.4"
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0.5"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.5"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.6"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.7"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.8"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.9"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "IBM"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"CVE_data_meta" : {
|
||||
"STATE" : "PUBLIC",
|
||||
"DATE_PUBLIC" : "2019-10-23T00:00:00",
|
||||
"ASSIGNER" : "psirt@us.ibm.com",
|
||||
"ID" : "CVE-2019-4398"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"title": "IBM Security Bulletin 1077123 (Cloud Orchestrator)",
|
||||
"url": "https://www.ibm.com/support/pages/node/1077123",
|
||||
"name": "https://www.ibm.com/support/pages/node/1077123"
|
||||
},
|
||||
{
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162259",
|
||||
"title": "X-Force Vulnerability Report",
|
||||
"name": "ibm-co-cve20194398-info-disc (162259)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"data_type": "CVE",
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"value": "Obtain Information",
|
||||
"lang": "eng"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"STATE": "PUBLIC",
|
||||
"DATE_PUBLIC": "2019-10-23T00:00:00",
|
||||
"ASSIGNER": "psirt@us.ibm.com",
|
||||
"ID": "CVE-2019-4398"
|
||||
}
|
||||
}
|
||||
@ -1,135 +1,135 @@
|
||||
{
|
||||
"impact" : {
|
||||
"cvssv3" : {
|
||||
"TM" : {
|
||||
"RL" : "O",
|
||||
"RC" : "C",
|
||||
"E" : "H"
|
||||
},
|
||||
"BM" : {
|
||||
"AC" : "L",
|
||||
"UI" : "R",
|
||||
"C" : "L",
|
||||
"PR" : "L",
|
||||
"S" : "C",
|
||||
"A" : "N",
|
||||
"SCORE" : "5.400",
|
||||
"I" : "L",
|
||||
"AV" : "N"
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_type" : "CVE",
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "2.4"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.4.0.1"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.4.0.2"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.1"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.4.0.3"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.2"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.4.0.4"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.3"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.4"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.4.0.5"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.5"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.6"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.7"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.8"
|
||||
},
|
||||
{
|
||||
"version_value" : "2.5.0.9"
|
||||
}
|
||||
]
|
||||
},
|
||||
"product_name" : "Cloud Orchestrator"
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "IBM"
|
||||
"impact": {
|
||||
"cvssv3": {
|
||||
"TM": {
|
||||
"RL": "O",
|
||||
"RC": "C",
|
||||
"E": "H"
|
||||
},
|
||||
"BM": {
|
||||
"AC": "L",
|
||||
"UI": "R",
|
||||
"C": "L",
|
||||
"PR": "L",
|
||||
"S": "C",
|
||||
"A": "N",
|
||||
"SCORE": "5.400",
|
||||
"I": "L",
|
||||
"AV": "N"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163656."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://www.ibm.com/support/pages/node/1096342",
|
||||
"url" : "https://www.ibm.com/support/pages/node/1096342",
|
||||
"title" : "IBM Security Bulletin 1096342 (Cloud Orchestrator)",
|
||||
"refsource" : "CONFIRM"
|
||||
},
|
||||
{
|
||||
"name" : "ibm-co-cve20194459-xss (163656)",
|
||||
"title" : "X-Force Vulnerability Report",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163656",
|
||||
"refsource" : "XF"
|
||||
}
|
||||
]
|
||||
},
|
||||
"data_version" : "4.0",
|
||||
"CVE_data_meta" : {
|
||||
"ID" : "CVE-2019-4459",
|
||||
"ASSIGNER" : "psirt@us.ibm.com",
|
||||
"DATE_PUBLIC" : "2019-10-23T00:00:00",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"value" : "Cross-Site Scripting",
|
||||
"lang" : "eng"
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2.4"
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0.1"
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0.2"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.1"
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0.3"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.2"
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0.4"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.3"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.4"
|
||||
},
|
||||
{
|
||||
"version_value": "2.4.0.5"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.5"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.6"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.7"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.8"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.0.9"
|
||||
}
|
||||
]
|
||||
},
|
||||
"product_name": "Cloud Orchestrator"
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "IBM"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163656."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.ibm.com/support/pages/node/1096342",
|
||||
"url": "https://www.ibm.com/support/pages/node/1096342",
|
||||
"title": "IBM Security Bulletin 1096342 (Cloud Orchestrator)",
|
||||
"refsource": "CONFIRM"
|
||||
},
|
||||
{
|
||||
"name": "ibm-co-cve20194459-xss (163656)",
|
||||
"title": "X-Force Vulnerability Report",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163656",
|
||||
"refsource": "XF"
|
||||
}
|
||||
]
|
||||
},
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2019-4459",
|
||||
"ASSIGNER": "psirt@us.ibm.com",
|
||||
"DATE_PUBLIC": "2019-10-23T00:00:00",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"value": "Cross-Site Scripting",
|
||||
"lang": "eng"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -1,90 +1,90 @@
|
||||
{
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"value" : "Cross-Site Scripting",
|
||||
"lang" : "eng"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"CVE_data_meta" : {
|
||||
"STATE" : "PUBLIC",
|
||||
"ID" : "CVE-2019-4486",
|
||||
"ASSIGNER" : "psirt@us.ibm.com",
|
||||
"DATE_PUBLIC" : "2019-10-22T00:00:00"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"vendor_name" : "IBM",
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Maximo Asset Management",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "7.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
"description": [
|
||||
{
|
||||
"value": "Cross-Site Scripting",
|
||||
"lang": "eng"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"value" : "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.",
|
||||
"lang" : "eng"
|
||||
}
|
||||
]
|
||||
},
|
||||
"data_version" : "4.0",
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://www.ibm.com/support/pages/node/1075023",
|
||||
"title" : "IBM Security Bulletin 1075023 (Maximo Asset Management)",
|
||||
"url" : "https://www.ibm.com/support/pages/node/1075023",
|
||||
"refsource" : "CONFIRM"
|
||||
},
|
||||
{
|
||||
"name" : "ibm-maximo-cve20194486-xss (164070)",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070",
|
||||
"title" : "X-Force Vulnerability Report",
|
||||
"refsource" : "XF"
|
||||
}
|
||||
]
|
||||
},
|
||||
"data_type" : "CVE",
|
||||
"impact" : {
|
||||
"cvssv3" : {
|
||||
"BM" : {
|
||||
"UI" : "R",
|
||||
"AC" : "L",
|
||||
"C" : "L",
|
||||
"S" : "C",
|
||||
"PR" : "L",
|
||||
"SCORE" : "5.400",
|
||||
"A" : "N",
|
||||
"AV" : "N",
|
||||
"I" : "L"
|
||||
},
|
||||
"TM" : {
|
||||
"RC" : "C",
|
||||
"RL" : "O",
|
||||
"E" : "H"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"STATE": "PUBLIC",
|
||||
"ID": "CVE-2019-4486",
|
||||
"ASSIGNER": "psirt@us.ibm.com",
|
||||
"DATE_PUBLIC": "2019-10-22T00:00:00"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "IBM",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Maximo Asset Management",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "7.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.",
|
||||
"lang": "eng"
|
||||
}
|
||||
]
|
||||
},
|
||||
"data_version": "4.0",
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.ibm.com/support/pages/node/1075023",
|
||||
"title": "IBM Security Bulletin 1075023 (Maximo Asset Management)",
|
||||
"url": "https://www.ibm.com/support/pages/node/1075023",
|
||||
"refsource": "CONFIRM"
|
||||
},
|
||||
{
|
||||
"name": "ibm-maximo-cve20194486-xss (164070)",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070",
|
||||
"title": "X-Force Vulnerability Report",
|
||||
"refsource": "XF"
|
||||
}
|
||||
]
|
||||
},
|
||||
"data_type": "CVE",
|
||||
"impact": {
|
||||
"cvssv3": {
|
||||
"BM": {
|
||||
"UI": "R",
|
||||
"AC": "L",
|
||||
"C": "L",
|
||||
"S": "C",
|
||||
"PR": "L",
|
||||
"SCORE": "5.400",
|
||||
"A": "N",
|
||||
"AV": "N",
|
||||
"I": "L"
|
||||
},
|
||||
"TM": {
|
||||
"RC": "C",
|
||||
"RL": "O",
|
||||
"E": "H"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user