From d667fcee6295d3c81990986d37c5f9f4c23da41d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 6 Nov 2018 11:04:01 -0500 Subject: [PATCH] - Synchronized data. --- 2018/19xxx/CVE-2018-19036.json | 18 ++++++ 2018/19xxx/CVE-2018-19037.json | 18 ++++++ 2018/19xxx/CVE-2018-19038.json | 18 ++++++ 2018/1xxx/CVE-2018-1606.json | 108 ++++++++++++++++----------------- 2018/1xxx/CVE-2018-1694.json | 92 ++++++++++++++-------------- 5 files changed, 152 insertions(+), 102 deletions(-) create mode 100644 2018/19xxx/CVE-2018-19036.json create mode 100644 2018/19xxx/CVE-2018-19037.json create mode 100644 2018/19xxx/CVE-2018-19038.json diff --git a/2018/19xxx/CVE-2018-19036.json b/2018/19xxx/CVE-2018-19036.json new file mode 100644 index 00000000000..a37bd90ad87 --- /dev/null +++ b/2018/19xxx/CVE-2018-19036.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19036", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19037.json b/2018/19xxx/CVE-2018-19037.json new file mode 100644 index 00000000000..09918a3a60f --- /dev/null +++ b/2018/19xxx/CVE-2018-19037.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19037", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19038.json b/2018/19xxx/CVE-2018-19038.json new file mode 100644 index 00000000000..3dc656f1066 --- /dev/null +++ b/2018/19xxx/CVE-2018-19038.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19038", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/1xxx/CVE-2018-1606.json b/2018/1xxx/CVE-2018-1606.json index 3b55a49fad9..d331f70a23e 100644 --- a/2018/1xxx/CVE-2018-1606.json +++ b/2018/1xxx/CVE-2018-1606.json @@ -1,40 +1,18 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "L", - "I" : "N", - "UI" : "N", - "S" : "U", - "PR" : "L", - "AC" : "L", - "SCORE" : "4.300", - "A" : "N", - "AV" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796." - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-11-02T00:00:00", + "ID" : "CVE-2018-1606", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "Rational Team Concert", "version" : { "version_data" : [ { @@ -68,10 +46,10 @@ "version_value" : "5.02" } ] - }, - "product_name" : "Rational Team Concert" + } }, { + "product_name" : "Rational Software Architect Design Manager", "version" : { "version_data" : [ { @@ -90,10 +68,10 @@ "version_value" : "5.02" } ] - }, - "product_name" : "Rational Software Architect Design Manager" + } }, { + "product_name" : "Rational DOORS Next Generation", "version" : { "version_data" : [ { @@ -127,10 +105,10 @@ "version_value" : "5.02" } ] - }, - "product_name" : "Rational DOORS Next Generation" + } }, { + "product_name" : "Rational Collaborative Lifecycle Management", "version" : { "version_data" : [ { @@ -164,10 +142,10 @@ "version_value" : "5.02" } ] - }, - "product_name" : "Rational Collaborative Lifecycle Management" + } }, { + "product_name" : "Rational Rhapsody Design Manager", "version" : { "version_data" : [ { @@ -201,10 +179,10 @@ "version_value" : "5.02" } ] - }, - "product_name" : "Rational Rhapsody Design Manager" + } }, { + "product_name" : "Rational Quality Manager", "version" : { "version_data" : [ { @@ -238,8 +216,7 @@ "version_value" : "5.02" } ] - }, - "product_name" : "Rational Quality Manager" + } }, { "product_name" : "Rational Engineering Lifecycle Manager", @@ -279,12 +256,43 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "4.300", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { @@ -297,27 +305,17 @@ } ] }, - "data_type" : "CVE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2018-11-02T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1606" - }, - "data_version" : "4.0", "references" : { "reference_data" : [ { "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10738301", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738301", "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 738301 (Rational Collaborative Lifecycle Management)" + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738301" }, { - "name" : "ibm-jazz-cve20181606-info-disc (143796)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143796", - "refsource" : "XF" + "name" : "ibm-jazz-cve20181606-info-disc(143796)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143796" } ] } diff --git a/2018/1xxx/CVE-2018-1694.json b/2018/1xxx/CVE-2018-1694.json index c88c0820179..1cca0b21eab 100644 --- a/2018/1xxx/CVE-2018-1694.json +++ b/2018/1xxx/CVE-2018-1694.json @@ -1,37 +1,14 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "C" : "H", - "UI" : "N", - "I" : "N", - "S" : "U", - "PR" : "N", - "AC" : "H", - "SCORE" : "5.900", - "AV" : "N", - "A" : "N" - } - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-11-02T00:00:00", + "ID" : "CVE-2018-1694", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -72,6 +49,7 @@ } }, { + "product_name" : "Rational Software Architect Design Manager", "version" : { "version_data" : [ { @@ -90,8 +68,7 @@ "version_value" : "5.02" } ] - }, - "product_name" : "Rational Software Architect Design Manager" + } }, { "product_name" : "Rational DOORS Next Generation", @@ -242,6 +219,7 @@ } }, { + "product_name" : "Rational Engineering Lifecycle Manager", "version" : { "version_data" : [ { @@ -275,15 +253,46 @@ "version_value" : "5.02" } ] - }, - "product_name" : "Rational Engineering Lifecycle Manager" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "H", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "5.900", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { @@ -296,28 +305,17 @@ } ] }, - "data_format" : "MITRE", - "data_type" : "CVE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1694", - "DATE_PUBLIC" : "2018-11-02T00:00:00" - }, - "data_version" : "4.0", "references" : { "reference_data" : [ { "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10738301", "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738301", - "title" : "IBM Security Bulletin 738301 (Rational Collaborative Lifecycle Management)" + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738301" }, { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145609", + "name" : "ibm-jazz-cve20181694-info-disc(145609)", "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-jazz-cve20181694-info-disc (145609)" + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145609" } ] }