From 862dbebfd608c2b0c18268d03c367386f36aa20f Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Thu, 21 Mar 2019 10:33:03 -0400 Subject: [PATCH] IBM20190321-10333 Added CVE-2017-1713, CVE-2018-1992 --- 2017/1xxx/CVE-2017-1713.json | 102 ++++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1992.json | 108 ++++++++++++++++++++++++++++++----- 2 files changed, 180 insertions(+), 30 deletions(-) diff --git a/2017/1xxx/CVE-2017-1713.json b/2017/1xxx/CVE-2017-1713.json index ce53790ad66..e56783495ea 100644 --- a/2017/1xxx/CVE-2017-1713.json +++ b/2017/1xxx/CVE-2017-1713.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-1713", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "value" : "IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "4.2.1" + } + ] + }, + "product_name" : "Streams" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 2016056 (Streams)", + "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016056", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016056" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134632", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-infosphere-cve20171713-info-disc (134632)", + "refsource" : "XF" + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "UI" : "N", + "I" : "N", + "S" : "U", + "PR" : "N", + "SCORE" : "5.900", + "AV" : "N", + "C" : "H", + "A" : "N", + "AC" : "H" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-05-02T00:00:00", + "ID" : "CVE-2017-1713" + } +} diff --git a/2018/1xxx/CVE-2018-1992.json b/2018/1xxx/CVE-2018-1992.json index b08c7a43805..a995d1ca823 100644 --- a/2018/1xxx/CVE-2018-1992.json +++ b/2018/1xxx/CVE-2018-1992.json @@ -1,18 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1992", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "value" : "The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "data_format" : "MITRE", + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "SCORE" : "6.400", + "PR" : "H", + "AV" : "L", + "S" : "U", + "I" : "H", + "UI" : "N", + "AC" : "H", + "A" : "H", + "C" : "H" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Privileges", + "lang" : "eng" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10868992", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 868992 (Power 9 Systems)", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10868992" + }, + { + "name" : "ibm-power9-cve20181992-code-exec (154345)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/154345" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Power 9 Systems", + "version" : { + "version_data" : [ + { + "version_value" : "FW910" + }, + { + "version_value" : "OP910" + }, + { + "version_value" : "OP920" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-02-18T00:00:00", + "ID" : "CVE-2018-1992", + "STATE" : "PUBLIC" + } +}