From e0a2c3bd4214459c807b642717cca4f9b3bc90d4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 23 Nov 2020 17:01:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/14xxx/CVE-2019-14563.json | 62 +++++++++++ 2019/14xxx/CVE-2019-14575.json | 62 +++++++++++ 2019/14xxx/CVE-2019-14586.json | 62 +++++++++++ 2019/14xxx/CVE-2019-14587.json | 62 +++++++++++ 2020/0xxx/CVE-2020-0569.json | 62 +++++++++++ 2020/12xxx/CVE-2020-12351.json | 50 ++++++++- 2020/12xxx/CVE-2020-12352.json | 50 ++++++++- 2020/27xxx/CVE-2020-27216.json | 25 +++++ 2020/4xxx/CVE-2020-4771.json | 192 ++++++++++++++++----------------- 2020/4xxx/CVE-2020-4783.json | 182 +++++++++++++++---------------- 2020/4xxx/CVE-2020-4854.json | 180 +++++++++++++++---------------- 2020/6xxx/CVE-2020-6939.json | 74 ++++++++++++- 2020/7xxx/CVE-2020-7928.json | 5 +- 13 files changed, 780 insertions(+), 288 deletions(-) create mode 100644 2019/14xxx/CVE-2019-14563.json create mode 100644 2019/14xxx/CVE-2019-14575.json create mode 100644 2019/14xxx/CVE-2019-14586.json create mode 100644 2019/14xxx/CVE-2019-14587.json create mode 100644 2020/0xxx/CVE-2020-0569.json diff --git a/2019/14xxx/CVE-2019-14563.json b/2019/14xxx/CVE-2019-14563.json new file mode 100644 index 00000000000..51c3d0ca082 --- /dev/null +++ b/2019/14xxx/CVE-2019-14563.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14563", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Extensible Firmware Interface Development Kit (EDK II)", + "version": { + "version_data": [ + { + "version_value": "EDK II" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.tianocore.org/show_bug.cgi?id=2001", + "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2001" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14575.json b/2019/14xxx/CVE-2019-14575.json new file mode 100644 index 00000000000..bd712a69258 --- /dev/null +++ b/2019/14xxx/CVE-2019-14575.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14575", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Extensible Firmware Interface Development Kit (EDK II)", + "version": { + "version_data": [ + { + "version_value": "EDK II" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.tianocore.org/show_bug.cgi?id=1608", + "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1608" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14586.json b/2019/14xxx/CVE-2019-14586.json new file mode 100644 index 00000000000..374368836f5 --- /dev/null +++ b/2019/14xxx/CVE-2019-14586.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14586", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Extensible Firmware Interface Development Kit (EDK II)", + "version": { + "version_data": [ + { + "version_value": "EDK II" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege, information disclosure, denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.tianocore.org/show_bug.cgi?id=1995", + "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1995" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14587.json b/2019/14xxx/CVE-2019-14587.json new file mode 100644 index 00000000000..b89a6a797bf --- /dev/null +++ b/2019/14xxx/CVE-2019-14587.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14587", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Extensible Firmware Interface Development Kit (EDK II)", + "version": { + "version_data": [ + { + "version_value": "EDK II" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.tianocore.org/show_bug.cgi?id=1989", + "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1989" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0569.json b/2020/0xxx/CVE-2020-0569.json new file mode 100644 index 00000000000..6d8cec5b611 --- /dev/null +++ b/2020/0xxx/CVE-2020-0569.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0569", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) PROSet/Wireless WiFi products on Windows 10", + "version": { + "version_data": [ + { + "version_value": "before version 21.70" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12351.json b/2020/12xxx/CVE-2020-12351.json index fc9e7c73883..4f9ee232061 100644 --- a/2020/12xxx/CVE-2020-12351.json +++ b/2020/12xxx/CVE-2020-12351.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12351", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BlueZ", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access." } ] } diff --git a/2020/12xxx/CVE-2020-12352.json b/2020/12xxx/CVE-2020-12352.json index 913880cca1d..65d0452e33e 100644 --- a/2020/12xxx/CVE-2020-12352.json +++ b/2020/12xxx/CVE-2020-12352.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12352", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BlueZ", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access." } ] } diff --git a/2020/27xxx/CVE-2020-27216.json b/2020/27xxx/CVE-2020-27216.json index 7d72ab42aa9..f97cc477a79 100644 --- a/2020/27xxx/CVE-2020-27216.json +++ b/2020/27xxx/CVE-2020-27216.json @@ -120,6 +120,31 @@ "refsource": "MLIST", "name": "[zookeeper-dev] 20201123 Owasp test failing - Jetty 9.4.32 - CVE-2020-27216", "url": "https://lists.apache.org/thread.html/raf9c581b793c30ff8f55f2415c7bd337eb69775aae607bf9ed1b16fb@%3Cdev.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20201123 [jira] [Created] (ZOOKEEPER-4017) Owasp check failing - Jetty 9.4.32 - CVE-2020-27216", + "url": "https://lists.apache.org/thread.html/rafb023a7c61180a1027819678eb2068b0b60cd5c2559cb8490e26c81@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20201123 [GitHub] [zookeeper] anmolnar opened a new pull request #1549: ZOOKEEPER-4017. Owasp check failing - Jetty 9.4.32 - CVE-2020-27216", + "url": "https://lists.apache.org/thread.html/r1ed79516bd6d248ea9f0e704dbfd7de740d5a75b71c7be8699fec824@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20201123 [jira] [Updated] (ZOOKEEPER-4017) Owasp check failing - Jetty 9.4.32 - CVE-2020-27216", + "url": "https://lists.apache.org/thread.html/r4f29fb24639ebc5d15fc477656ebc2b3aa00fcfbe197000009c26b40@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20201123 Re: Owasp test failing - Jetty 9.4.32 - CVE-2020-27216", + "url": "https://lists.apache.org/thread.html/r568d354961fa88f206dc345411fb11d245c6dc1a8da3e80187fc6706@%3Cdev.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20201123 [jira] [Created] (ZOOKEEPER-4017) Owasp check failing - Jetty 9.4.32 - CVE-2020-27216", + "url": "https://lists.apache.org/thread.html/r0df8fe10fc36028cf6d0381ab66510917d0d68bc5ef7042001d03830@%3Cdev.zookeeper.apache.org%3E" } ] } diff --git a/2020/4xxx/CVE-2020-4771.json b/2020/4xxx/CVE-2020-4771.json index c1565d785e2..3780ca19d0e 100644 --- a/2020/4xxx/CVE-2020-4771.json +++ b/2020/4xxx/CVE-2020-4771.json @@ -1,99 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4771", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-11-20T00:00:00" - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "SCORE" : "5.300", - "C" : "L", - "A" : "N", - "AV" : "N", - "AC" : "L", - "UI" : "N", - "PR" : "N", - "S" : "U", - "I" : "N" - } - } - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6369101 (Spectrum Protect Operations Center)", - "name" : "https://www.ibm.com/support/pages/node/6369101", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6369101" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/188993", - "refsource" : "XF", - "name" : "ibm-spectrum-cve20204771-info-disc (188993)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Spectrum Protect Operations Center", - "version" : { - "version_data" : [ - { - "version_value" : "8.1" - }, - { - "version_value" : "8.1.10" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "7.1.11" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4771", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-11-20T00:00:00" + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "SCORE": "5.300", + "C": "L", + "A": "N", + "AV": "N", + "AC": "L", + "UI": "N", + "PR": "N", + "S": "U", + "I": "N" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + } + }, + "data_version": "4.0", + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6369101 (Spectrum Protect Operations Center)", + "name": "https://www.ibm.com/support/pages/node/6369101", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6369101" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188993", + "refsource": "XF", + "name": "ibm-spectrum-cve20204771-info-disc (188993)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spectrum Protect Operations Center", + "version": { + "version_data": [ + { + "version_value": "8.1" + }, + { + "version_value": "8.1.10" + }, + { + "version_value": "7.1" + }, + { + "version_value": "7.1.11" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993." - } - ] - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993." + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4783.json b/2020/4xxx/CVE-2020-4783.json index 81e82597e2b..8b06b912125 100644 --- a/2020/4xxx/CVE-2020-4783.json +++ b/2020/4xxx/CVE-2020-4783.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-11-20T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4783" - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "AV" : "N", - "AC" : "H", - "SCORE" : "5.900", - "A" : "N", - "C" : "H", - "UI" : "N", - "PR" : "N", - "I" : "N", - "S" : "U" - } - } - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6368601 (Spectrum Protect Plus)", - "name" : "https://www.ibm.com/support/pages/node/6368601", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6368601" - }, - { - "name" : "ibm-spectrum-cve20204783-info-disc (189214)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189214" - } - ] - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.6" - } - ] - }, - "product_name" : "Spectrum Protect Plus" - } - ] - } + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-11-20T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4783" + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "AV": "N", + "AC": "H", + "SCORE": "5.900", + "A": "N", + "C": "H", + "UI": "N", + "PR": "N", + "I": "N", + "S": "U" } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214.", - "lang" : "eng" - } - ] - } -} + } + }, + "data_version": "4.0", + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6368601 (Spectrum Protect Plus)", + "name": "https://www.ibm.com/support/pages/node/6368601", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6368601" + }, + { + "name": "ibm-spectrum-cve20204783-info-disc (189214)", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189214" + } + ] + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.6" + } + ] + }, + "product_name": "Spectrum Protect Plus" + } + ] + } + } + ] + } + }, + "description": { + "description_data": [ + { + "value": "IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4854.json b/2020/4xxx/CVE-2020-4854.json index ec6057afb48..c395e94b2fd 100644 --- a/2020/4xxx/CVE-2020-4854.json +++ b/2020/4xxx/CVE-2020-4854.json @@ -1,93 +1,93 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Spectrum Protect Plus", - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454." } - ] - } - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6367823", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6367823", - "title" : "IBM Security Bulletin 6367823 (Spectrum Protect Plus)" - }, - { - "name" : "ibm-spectrum-cve20204854-info-disc (190454)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190454", - "refsource" : "XF" - } - ] - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "UI" : "N", - "PR" : "N", - "S" : "U", - "I" : "H", - "SCORE" : "9.800", - "A" : "H", - "C" : "H", - "AC" : "L", - "AV" : "N" - } - } - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-11-20T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4854", - "ASSIGNER" : "psirt@us.ibm.com" - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spectrum Protect Plus", + "version": { + "version_data": [ + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6367823", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6367823", + "title": "IBM Security Bulletin 6367823 (Spectrum Protect Plus)" + }, + { + "name": "ibm-spectrum-cve20204854-info-disc (190454)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190454", + "refsource": "XF" + } + ] + }, + "data_format": "MITRE", + "data_version": "4.0", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "UI": "N", + "PR": "N", + "S": "U", + "I": "H", + "SCORE": "9.800", + "A": "H", + "C": "H", + "AC": "L", + "AV": "N" + } + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-11-20T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2020-4854", + "ASSIGNER": "psirt@us.ibm.com" + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6939.json b/2020/6xxx/CVE-2020-6939.json index ee632bcebd1..318ce99c6c0 100644 --- a/2020/6xxx/CVE-2020-6939.json +++ b/2020/6xxx/CVE-2020-6939.json @@ -4,14 +4,82 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6939", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@salesforce.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Tableau Server", + "version": { + "version_data": [ + { + "version_value": "versions affected on both Windows and Linux are: 2018.2 through 2018.2.27" + }, + { + "version_value": "2018.3 through 2018.3.24" + }, + { + "version_value": "2019.1 through 2019.1.22" + }, + { + "version_value": "2019.2 through 2019.2.18" + }, + { + "version_value": "2019.3 through 2019.3.14" + }, + { + "version_value": "2019.4 through 2019.4.13" + }, + { + "version_value": "2020.1 through 2020.1.10" + }, + { + "version_value": "2020.2 through 2020.2.7" + }, + { + "version_value": "2020.3 through 2020.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://help.salesforce.com/articleView?id=000355686&type=1&mode=1", + "url": "https://help.salesforce.com/articleView?id=000355686&type=1&mode=1" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2." } ] } diff --git a/2020/7xxx/CVE-2020-7928.json b/2020/7xxx/CVE-2020-7928.json index 4df2456801c..f67bac3ddbe 100644 --- a/2020/7xxx/CVE-2020-7928.json +++ b/2020/7xxx/CVE-2020-7928.json @@ -96,8 +96,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://jira.mongodb.org/browse/SERVER-49404" + "refsource": "MISC", + "url": "https://jira.mongodb.org/browse/SERVER-49404", + "name": "https://jira.mongodb.org/browse/SERVER-49404" } ] },