diff --git a/2018/1xxx/CVE-2018-1897.json b/2018/1xxx/CVE-2018-1897.json index 61c838fe0f6..020c37e895e 100644 --- a/2018/1xxx/CVE-2018-1897.json +++ b/2018/1xxx/CVE-2018-1897.json @@ -1,17 +1,98 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1897", - "STATE" : "RESERVED" - }, "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.1" + }, + { + "version_value" : "9.7" + }, + { + "version_value" : "11.1" + } + ] + }, + "product_name" : "DB2 for Linux, UNIX and Windows" + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10737295", + "title" : "IBM Security Bulletin 737295 (DB2 for Linux, UNIX and Windows)", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10737295" + }, + { + "refsource" : "XF", + "name" : "ibm-db2-cve20181897-bo (152462)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152462" + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ID" : "CVE-2018-1897", + "DATE_PUBLIC" : "2018-11-27T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + }, "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462." + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "AC" : "L", + "A" : "H", + "UI" : "N", + "AV" : "L", + "C" : "H", + "SCORE" : "8.400", + "S" : "U", + "PR" : "N", + "I" : "H" + }, + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + } + } + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Privileges", + "lang" : "eng" + } + ] } ] } diff --git a/2018/1xxx/CVE-2018-1927.json b/2018/1xxx/CVE-2018-1927.json index 92f45281cf0..8755ea2a4ce 100644 --- a/2018/1xxx/CVE-2018-1927.json +++ b/2018/1xxx/CVE-2018-1927.json @@ -1,18 +1,90 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-11-28T00:00:00", "ID" : "CVE-2018-1927", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118.", + "lang" : "eng" } ] - } + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10741605", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10741605", + "title" : "IBM Security Bulletin 741605 (StoredIQ)" + }, + { + "name" : "ibm-storeiq-cve20181927-csrf (153118)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153118", + "refsource" : "XF" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "StoredIQ", + "version" : { + "version_data" : [ + { + "version_value" : "7.6" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "BM" : { + "SCORE" : "6.500", + "S" : "U", + "I" : "H", + "PR" : "N", + "C" : "N", + "AV" : "N", + "AC" : "L", + "A" : "N", + "UI" : "R" + }, + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + } + } + }, + "data_type" : "CVE" } diff --git a/2018/1xxx/CVE-2018-1928.json b/2018/1xxx/CVE-2018-1928.json index 3f68ec6f92f..0c34e09d488 100644 --- a/2018/1xxx/CVE-2018-1928.json +++ b/2018/1xxx/CVE-2018-1928.json @@ -1,17 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1928", - "STATE" : "RESERVED" + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + }, + "BM" : { + "A" : "N", + "UI" : "N", + "AC" : "H", + "AV" : "L", + "C" : "H", + "SCORE" : "6.700", + "S" : "U", + "PR" : "N", + "I" : "H" + } + } + }, + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] + } + ] + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "StoredIQ", + "version" : { + "version_data" : [ + { + "version_value" : "7.6.0" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" + } + ] + } }, "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2018-11-28T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2018-1928", + "STATE" : "PUBLIC" + }, "description" : { "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119." + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10741611", + "title" : "IBM Security Bulletin 741611 (StoredIQ)", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10741611", + "refsource" : "CONFIRM" + }, + { + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153119", + "name" : "ibm-storeiq-cve20181928-priv-escalation (153119)", + "refsource" : "XF" } ] }