From e1dc9ea59c45e428577da7c8ae73d057aa8b75e6 Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Fri, 8 Nov 2019 20:35:51 -0500 Subject: [PATCH] IBM20191108-203551 Added CVE-2019-4509, CVE-2019-4412, CVE-2019-4334, CVE-2019-4556, CVE-2019-4470, CVE-2019-4411, CVE-2019-4645, CVE-2018-1721, CVE-2019-4450, CVE-2019-4581, CVE-2019-4454 --- 2018/1xxx/CVE-2018-1721.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4334.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4411.json | 111 ++++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4412.json | 111 ++++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4450.json | 108 +++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4454.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4470.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4509.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4556.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4581.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4645.json | 105 ++++++++++++++++++++++++++++----- 11 files changed, 1005 insertions(+), 165 deletions(-) diff --git a/2018/1xxx/CVE-2018-1721.json b/2018/1xxx/CVE-2018-1721.json index f398b2db525..0dadefa2530 100644 --- a/2018/1xxx/CVE-2018-1721.json +++ b/2018/1xxx/CVE-2018-1721.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1721", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "S" : "U", + "AV" : "N", + "AC" : "L", + "C" : "H", + "A" : "L", + "I" : "H", + "UI" : "N", + "PR" : "L", + "SCORE" : "8.300" + } + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.", + "lang" : "eng" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Cognos Analytics", + "version" : { + "version_data" : [ + { + "version_value" : "11.0" + }, + { + "version_value" : "11.1" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-11-05T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2018-1721" + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/1074144", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/1074144", + "title" : "IBM Security Bulletin 1074144 (Cognos Analytics)" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147369", + "refsource" : "XF", + "name" : "ibm-cognos-cve20181721-xxe (147369)", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4334.json b/2019/4xxx/CVE-2019-4334.json index 3bb167d472c..d310611c9d3 100644 --- a/2019/4xxx/CVE-2019-4334.json +++ b/2019/4xxx/CVE-2019-4334.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4334", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 1074144 (Cognos Analytics)", + "name" : "https://www.ibm.com/support/pages/node/1074144", + "url" : "https://www.ibm.com/support/pages/node/1074144", + "refsource" : "CONFIRM" + }, + { + "title" : "X-Force Vulnerability Report", + "name" : "ibm-cognos-cve20194334-info-disc (161271)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161271", + "refsource" : "XF" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "data_format" : "MITRE", + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Cognos Analytics", + "version" : { + "version_data" : [ + { + "version_value" : "11.0" + }, + { + "version_value" : "11.1" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4334", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-11-05T00:00:00", + "STATE" : "PUBLIC" + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "L", + "A" : "N", + "S" : "U", + "AC" : "L", + "AV" : "N", + "PR" : "L", + "SCORE" : "4.300", + "UI" : "N", + "I" : "N" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "data_type" : "CVE" +} diff --git a/2019/4xxx/CVE-2019-4411.json b/2019/4xxx/CVE-2019-4411.json index 8ada9803cad..9f0eb68c0d3 100644 --- a/2019/4xxx/CVE-2019-4411.json +++ b/2019/4xxx/CVE-2019-4411.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4411", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/1086123", + "name" : "https://www.ibm.com/support/pages/node/1086123", + "title" : "IBM Security Bulletin 1086123 (Cognos Controller)" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162658", + "refsource" : "XF", + "name" : "ibm-cognos-cve20194411-info-disc (162658)", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "UI" : "N", + "SCORE" : "4.300", + "PR" : "L", + "I" : "N", + "S" : "U", + "AV" : "N", + "AC" : "L", + "A" : "N", + "C" : "L" + }, + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + } + } + }, + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "value" : "IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.", + "lang" : "eng" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Cognos Controller", + "version" : { + "version_data" : [ + { + "version_value" : "10.3.1" + }, + { + "version_value" : "10.3.0" + }, + { + "version_value" : "10.4.0" + }, + { + "version_value" : "10.4.1" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-11-08T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4411", + "ASSIGNER" : "psirt@us.ibm.com" + } +} diff --git a/2019/4xxx/CVE-2019-4412.json b/2019/4xxx/CVE-2019-4412.json index 37f29fdb44a..36d006d8513 100644 --- a/2019/4xxx/CVE-2019-4412.json +++ b/2019/4xxx/CVE-2019-4412.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4412", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4412", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-11-08T00:00:00" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "10.3.1" + }, + { + "version_value" : "10.3.0" + }, + { + "version_value" : "10.4.0" + }, + { + "version_value" : "10.4.1" + } + ] + }, + "product_name" : "Cognos Controller" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "AC" : "H", + "AV" : "N", + "S" : "U", + "C" : "L", + "A" : "N", + "UI" : "N", + "PR" : "N", + "SCORE" : "3.700", + "I" : "N" + } + } + }, + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "value" : "IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659.", + "lang" : "eng" + } + ] + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/1086123", + "title" : "IBM Security Bulletin 1086123 (Cognos Controller)", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/1086123" + }, + { + "title" : "X-Force Vulnerability Report", + "name" : "ibm-cognos-cve20194412-info-disc (162659)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162659", + "refsource" : "XF" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4450.json b/2019/4xxx/CVE-2019-4450.json index d70bc68dadf..990d63d6467 100644 --- a/2019/4xxx/CVE-2019-4450.json +++ b/2019/4xxx/CVE-2019-4450.json @@ -1,18 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4450", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "value" : "IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492.", + "lang" : "eng" + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "C" : "L", + "AC" : "L", + "AV" : "N", + "S" : "C", + "PR" : "N", + "SCORE" : "6.100", + "UI" : "R", + "I" : "L" + }, + "TM" : { + "RC" : "C", + "E" : "H", + "RL" : "O" + } + } + }, + "data_type" : "CVE", + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "i", + "version" : { + "version_data" : [ + { + "version_value" : "7.2" + }, + { + "version_value" : "7.3" + }, + { + "version_value" : "7.4" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-10-31T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4450" + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/1100085", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/1100085", + "title" : "IBM Security Bulletin 1100085 (i)" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163492", + "name" : "ibm-i-cve20194450-xss (163492)", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "data_format" : "MITRE" +} diff --git a/2019/4xxx/CVE-2019-4454.json b/2019/4xxx/CVE-2019-4454.json index 3e4688d6b4b..e00a53f37b4 100644 --- a/2019/4xxx/CVE-2019-4454.json +++ b/2019/4xxx/CVE-2019-4454.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4454", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 1103499 (QRadar)", + "name" : "https://www.ibm.com/support/pages/node/1103499", + "url" : "https://www.ibm.com/support/pages/node/1103499", + "refsource" : "CONFIRM" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163618", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-qradar-cve20194454-xss (163618)" + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4454", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-11-06T00:00:00", + "STATE" : "PUBLIC" + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "7.3.0" + }, + { + "version_value" : "7.3.2Patch4" + } + ] + }, + "product_name" : "QRadar" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163618.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "I" : "L", + "SCORE" : "5.400", + "PR" : "L", + "UI" : "R", + "A" : "N", + "C" : "L", + "S" : "C", + "AC" : "L", + "AV" : "N" + }, + "TM" : { + "RC" : "C", + "E" : "H", + "RL" : "O" + } + } + } +} diff --git a/2019/4xxx/CVE-2019-4470.json b/2019/4xxx/CVE-2019-4470.json index 7a639d8a7cf..c2015803c91 100644 --- a/2019/4xxx/CVE-2019-4470.json +++ b/2019/4xxx/CVE-2019-4470.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4470", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Cross-Site Scripting", + "lang" : "eng" + } + ] + } + ] + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/1103517", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/1103517", + "title" : "IBM Security Bulletin 1103517 (QRadar)" + }, + { + "title" : "X-Force Vulnerability Report", + "name" : "ibm-qradar-cve20194470-xss (163779)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163779", + "refsource" : "XF" + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779." + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "H" + }, + "BM" : { + "C" : "L", + "A" : "N", + "AC" : "L", + "AV" : "N", + "S" : "C", + "I" : "L", + "PR" : "L", + "SCORE" : "5.400", + "UI" : "R" + } + } + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4470", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-11-06T00:00:00" + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "QRadar", + "version" : { + "version_data" : [ + { + "version_value" : "7.3.0" + }, + { + "version_value" : "7.3.2Patch4" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2019/4xxx/CVE-2019-4509.json b/2019/4xxx/CVE-2019-4509.json index 83be7c63704..18e43a6be5c 100644 --- a/2019/4xxx/CVE-2019-4509.json +++ b/2019/4xxx/CVE-2019-4509.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4509", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/1103931", + "title" : "IBM Security Bulletin 1103931 (QRadar)", + "name" : "https://www.ibm.com/support/pages/node/1103931" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/164430", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-qradar-cve20194509-info-disc (164430)" + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "UI" : "N", + "PR" : "L", + "SCORE" : "4.300", + "I" : "N", + "S" : "U", + "AV" : "N", + "AC" : "L", + "C" : "L", + "A" : "N" + }, + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + } + } + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-11-06T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4509" + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "7.3.0" + }, + { + "version_value" : "7.3.2Patch4" + } + ] + }, + "product_name" : "QRadar" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2019/4xxx/CVE-2019-4556.json b/2019/4xxx/CVE-2019-4556.json index 0fe74fd368b..0f7da533975 100644 --- a/2019/4xxx/CVE-2019-4556.json +++ b/2019/4xxx/CVE-2019-4556.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4556", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Access", + "lang" : "eng" + } + ] + } + ] + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/1102443", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/1102443", + "title" : "IBM Security Bulletin 1102443 (Qradar Advisor)" + }, + { + "name" : "ibm-qradar-cve20194556-input-validation (166205)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/166205", + "refsource" : "XF" + } + ] + }, + "description" : { + "description_data" : [ + { + "value" : "IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205.", + "lang" : "eng" + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "AV" : "N", + "AC" : "L", + "S" : "U", + "A" : "N", + "C" : "N", + "I" : "L", + "UI" : "N", + "PR" : "L", + "SCORE" : "4.300" + } + } + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-11-01T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4556", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Qradar Advisor", + "version" : { + "version_data" : [ + { + "version_value" : "1.0.0" + }, + { + "version_value" : "2.4.0" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2019/4xxx/CVE-2019-4581.json b/2019/4xxx/CVE-2019-4581.json index 65135a23ac2..c67d8a12b11 100644 --- a/2019/4xxx/CVE-2019-4581.json +++ b/2019/4xxx/CVE-2019-4581.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4581", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Cross-Site Scripting", + "lang" : "eng" + } + ] + } + ] + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/1103373", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 1103373 (QRadar)", + "name" : "https://www.ibm.com/support/pages/node/1103373" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/167239", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-qradar-cve20194581-xss (167239)" + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4581", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-11-05T00:00:00", + "STATE" : "PUBLIC" + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "QRadar", + "version" : { + "version_data" : [ + { + "version_value" : "7.3.0" + }, + { + "version_value" : "7.3.2Patch4" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167239." + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "H", + "RL" : "O" + }, + "BM" : { + "S" : "C", + "AC" : "L", + "AV" : "N", + "A" : "N", + "C" : "L", + "I" : "L", + "UI" : "R", + "PR" : "N", + "SCORE" : "6.100" + } + } + }, + "data_type" : "CVE" +} diff --git a/2019/4xxx/CVE-2019-4645.json b/2019/4xxx/CVE-2019-4645.json index 1a00082c6d0..9647d35c4bf 100644 --- a/2019/4xxx/CVE-2019-4645.json +++ b/2019/4xxx/CVE-2019-4645.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4645", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/1074144", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 1074144 (Cognos Analytics)", + "name" : "https://www.ibm.com/support/pages/node/1074144" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/170881", + "refsource" : "XF", + "name" : "ibm-cognos-cve20194645-xss (170881)", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "H" + }, + "BM" : { + "C" : "L", + "A" : "N", + "S" : "C", + "AC" : "L", + "AV" : "N", + "I" : "L", + "PR" : "N", + "SCORE" : "6.100", + "UI" : "R" + } + } + }, + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881." + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4645", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-11-05T00:00:00", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Cognos Analytics", + "version" : { + "version_data" : [ + { + "version_value" : "11.0" + }, + { + "version_value" : "11.1" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0" +}