admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 14:08:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20191108-203551

Browse Source 
Added CVE-2019-4509, CVE-2019-4412, CVE-2019-4334, CVE-2019-4556, CVE-2019-4470, CVE-2019-4411, CVE-2019-4645, CVE-2018-1721, CVE-2019-4450, CVE-2019-4581, CVE-2019-4454
This commit is contained in:
Scott Moore - IBM 2019-11-08 20:35:51 -05:00
parent 0eb716dc8d
commit e1dc9ea59c
No known key found for this signature in database
GPG Key ID: 8E6C411D57F2D75C
11 changed files with 1005 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
2018/1xxx/CVE-2018-1721.json
View File

@ -1,18 +1,93 @@
{ {
"CVE_data_meta": { "data_type" : "CVE",
"ASSIGNER": "cve@mitre.org", "impact" : {
"ID": "CVE-2018-1721", "cvssv3" : {
"STATE": "RESERVED" "TM" : {
}, "RC" : "C",
"data_format": "MITRE", "E" : "U",
"data_type": "CVE", "RL" : "O"
"data_version": "4.0", },
"description": { "BM" : {
"description_data": [ "S" : "U",
"AV" : "N",
"AC" : "L",
"C" : "H",
"A" : "L",
"I" : "H",
"UI" : "N",
"PR" : "L",
"SCORE" : "8.300"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{ {
"lang": "eng", "vendor_name" : "IBM",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product" : {
"product_data" : [
{
"product_name" : "Cognos Analytics",
"version" : {
"version_data" : [
{
"version_value" : "11.0"
},
{
"version_value" : "11.1"
}
]
}
}
]
}
} }
] ]
} }
} },
"data_version" : "4.0",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-11-05T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1721"
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1074144",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1074144",
"title" : "IBM Security Bulletin 1074144 (Cognos Analytics)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147369",
"refsource" : "XF",
"name" : "ibm-cognos-cve20181721-xxe (147369)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
}
}

105
2019/4xxx/CVE-2019-4334.json
View File

@ -1,18 +1,93 @@
{ {
"CVE_data_meta": { "references" : {
"ASSIGNER": "cve@mitre.org", "reference_data" : [
"ID": "CVE-2019-4334", {
"STATE": "RESERVED" "title" : "IBM Security Bulletin 1074144 (Cognos Analytics)",
}, "name" : "https://www.ibm.com/support/pages/node/1074144",
"data_format": "MITRE", "url" : "https://www.ibm.com/support/pages/node/1074144",
"data_type": "CVE", "refsource" : "CONFIRM"
"data_version": "4.0", },
"description": { {
"description_data": [ "title" : "X-Force Vulnerability Report",
"name" : "ibm-cognos-cve20194334-info-disc (161271)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161271",
"refsource" : "XF"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{ {
"lang": "eng", "vendor_name" : "IBM",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product" : {
"product_data" : [
{
"product_name" : "Cognos Analytics",
"version" : {
"version_data" : [
{
"version_value" : "11.0"
},
{
"version_value" : "11.1"
}
]
}
}
]
}
} }
] ]
} }
} },
"CVE_data_meta" : {
"ID" : "CVE-2019-4334",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-11-05T00:00:00",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "L",
"A" : "N",
"S" : "U",
"AC" : "L",
"AV" : "N",
"PR" : "L",
"SCORE" : "4.300",
"UI" : "N",
"I" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_type" : "CVE"
}

111
2019/4xxx/CVE-2019-4411.json
View File

@ -1,18 +1,99 @@
{ {
"CVE_data_meta": { "references" : {
"ASSIGNER": "cve@mitre.org", "reference_data" : [
"ID": "CVE-2019-4411", {
"STATE": "RESERVED" "refsource" : "CONFIRM",
}, "url" : "https://www.ibm.com/support/pages/node/1086123",
"data_format": "MITRE", "name" : "https://www.ibm.com/support/pages/node/1086123",
"data_type": "CVE", "title" : "IBM Security Bulletin 1086123 (Cognos Controller)"
"data_version": "4.0", },
"description": { {
"description_data": [ "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162658",
"refsource" : "XF",
"name" : "ibm-cognos-cve20194411-info-disc (162658)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"SCORE" : "4.300",
"PR" : "L",
"I" : "N",
"S" : "U",
"AV" : "N",
"AC" : "L",
"A" : "N",
"C" : "L"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{ {
"lang": "eng", "product" : {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_data" : [
{
"product_name" : "Cognos Controller",
"version" : {
"version_data" : [
{
"version_value" : "10.3.1"
},
{
"version_value" : "10.3.0"
},
{
"version_value" : "10.4.0"
},
{
"version_value" : "10.4.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
} }
] ]
} }
} },
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-11-08T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4411",
"ASSIGNER" : "psirt@us.ibm.com"
}
}

111
2019/4xxx/CVE-2019-4412.json
View File

@ -1,18 +1,99 @@
{ {
"CVE_data_meta": { "CVE_data_meta" : {
"ASSIGNER": "cve@mitre.org", "ASSIGNER" : "psirt@us.ibm.com",
"ID": "CVE-2019-4412", "ID" : "CVE-2019-4412",
"STATE": "RESERVED" "STATE" : "PUBLIC",
}, "DATE_PUBLIC" : "2019-11-08T00:00:00"
"data_format": "MITRE", },
"data_type": "CVE", "affects" : {
"data_version": "4.0", "vendor" : {
"description": { "vendor_data" : [
"description_data": [
{ {
"lang": "eng", "product" : {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.3.1"
},
{
"version_value" : "10.3.0"
},
{
"version_value" : "10.4.0"
},
{
"version_value" : "10.4.1"
}
]
},
"product_name" : "Cognos Controller"
}
]
},
"vendor_name" : "IBM"
} }
] ]
} }
} },
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AC" : "H",
"AV" : "N",
"S" : "U",
"C" : "L",
"A" : "N",
"UI" : "N",
"PR" : "N",
"SCORE" : "3.700",
"I" : "N"
}
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/1086123",
"title" : "IBM Security Bulletin 1086123 (Cognos Controller)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/1086123"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-cognos-cve20194412-info-disc (162659)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162659",
"refsource" : "XF"
}
]
}
}

108
2019/4xxx/CVE-2019-4450.json
View File

@ -1,18 +1,96 @@
{ {
"CVE_data_meta": { "description" : {
"ASSIGNER": "cve@mitre.org", "description_data" : [
"ID": "CVE-2019-4450", {
"STATE": "RESERVED" "value" : "IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492.",
}, "lang" : "eng"
"data_format": "MITRE", }
"data_type": "CVE", ]
"data_version": "4.0", },
"description": { "impact" : {
"description_data": [ "cvssv3" : {
"BM" : {
"A" : "N",
"C" : "L",
"AC" : "L",
"AV" : "N",
"S" : "C",
"PR" : "N",
"SCORE" : "6.100",
"UI" : "R",
"I" : "L"
},
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
}
}
},
"data_type" : "CVE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{ {
"lang": "eng", "product" : {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_data" : [
{
"product_name" : "i",
"version" : {
"version_data" : [
{
"version_value" : "7.2"
},
{
"version_value" : "7.3"
},
{
"version_value" : "7.4"
}
]
}
}
]
},
"vendor_name" : "IBM"
} }
] ]
} }
} },
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-10-31T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4450"
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1100085",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1100085",
"title" : "IBM Security Bulletin 1100085 (i)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163492",
"name" : "ibm-i-cve20194450-xss (163492)",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"data_format" : "MITRE"
}

105
2019/4xxx/CVE-2019-4454.json
View File

@ -1,18 +1,93 @@
{ {
"CVE_data_meta": { "problemtype" : {
"ASSIGNER": "cve@mitre.org", "problemtype_data" : [
"ID": "CVE-2019-4454", {
"STATE": "RESERVED" "description" : [
}, {
"data_format": "MITRE", "lang" : "eng",
"data_type": "CVE", "value" : "Cross-Site Scripting"
"data_version": "4.0", }
"description": { ]
"description_data": [ }
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 1103499 (QRadar)",
"name" : "https://www.ibm.com/support/pages/node/1103499",
"url" : "https://www.ibm.com/support/pages/node/1103499",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163618",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-qradar-cve20194454-xss (163618)"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4454",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-11-06T00:00:00",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{ {
"lang": "eng", "product" : {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.3.0"
},
{
"version_value" : "7.3.2Patch4"
}
]
},
"product_name" : "QRadar"
}
]
},
"vendor_name" : "IBM"
} }
] ]
} }
} },
"description" : {
"description_data" : [
{
"value" : "IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163618.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "L",
"SCORE" : "5.400",
"PR" : "L",
"UI" : "R",
"A" : "N",
"C" : "L",
"S" : "C",
"AC" : "L",
"AV" : "N"
},
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
}
}
}
}

105
2019/4xxx/CVE-2019-4470.json
View File

@ -1,18 +1,93 @@
{ {
"CVE_data_meta": { "problemtype" : {
"ASSIGNER": "cve@mitre.org", "problemtype_data" : [
"ID": "CVE-2019-4470", {
"STATE": "RESERVED" "description" : [
}, {
"data_format": "MITRE", "value" : "Cross-Site Scripting",
"data_type": "CVE", "lang" : "eng"
"data_version": "4.0", }
"description": { ]
"description_data": [ }
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1103517",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1103517",
"title" : "IBM Security Bulletin 1103517 (QRadar)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-qradar-cve20194470-xss (163779)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163779",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "H"
},
"BM" : {
"C" : "L",
"A" : "N",
"AC" : "L",
"AV" : "N",
"S" : "C",
"I" : "L",
"PR" : "L",
"SCORE" : "5.400",
"UI" : "R"
}
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4470",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-11-06T00:00:00"
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{ {
"lang": "eng", "product" : {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_data" : [
{
"product_name" : "QRadar",
"version" : {
"version_data" : [
{
"version_value" : "7.3.0"
},
{
"version_value" : "7.3.2Patch4"
}
]
}
}
]
},
"vendor_name" : "IBM"
} }
] ]
} }
} }
}

105
2019/4xxx/CVE-2019-4509.json
View File

@ -1,18 +1,93 @@
{ {
"CVE_data_meta": { "problemtype" : {
"ASSIGNER": "cve@mitre.org", "problemtype_data" : [
"ID": "CVE-2019-4509", {
"STATE": "RESERVED" "description" : [
}, {
"data_format": "MITRE", "lang" : "eng",
"data_type": "CVE", "value" : "Obtain Information"
"data_version": "4.0", }
"description": { ]
"description_data": [ }
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/1103931",
"title" : "IBM Security Bulletin 1103931 (QRadar)",
"name" : "https://www.ibm.com/support/pages/node/1103931"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/164430",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-qradar-cve20194509-info-disc (164430)"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"PR" : "L",
"SCORE" : "4.300",
"I" : "N",
"S" : "U",
"AV" : "N",
"AC" : "L",
"C" : "L",
"A" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-11-06T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4509"
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{ {
"lang": "eng", "vendor_name" : "IBM",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.3.0"
},
{
"version_value" : "7.3.2Patch4"
}
]
},
"product_name" : "QRadar"
}
]
}
} }
] ]
} }
} }
}

105
2019/4xxx/CVE-2019-4556.json
View File

@ -1,18 +1,93 @@
{ {
"CVE_data_meta": { "problemtype" : {
"ASSIGNER": "cve@mitre.org", "problemtype_data" : [
"ID": "CVE-2019-4556", {
"STATE": "RESERVED" "description" : [
}, {
"data_format": "MITRE", "value" : "Gain Access",
"data_type": "CVE", "lang" : "eng"
"data_version": "4.0", }
"description": { ]
"description_data": [ }
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1102443",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1102443",
"title" : "IBM Security Bulletin 1102443 (Qradar Advisor)"
},
{
"name" : "ibm-qradar-cve20194556-input-validation (166205)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/166205",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AV" : "N",
"AC" : "L",
"S" : "U",
"A" : "N",
"C" : "N",
"I" : "L",
"UI" : "N",
"PR" : "L",
"SCORE" : "4.300"
}
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-11-01T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4556",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{ {
"lang": "eng", "vendor_name" : "IBM",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product" : {
"product_data" : [
{
"product_name" : "Qradar Advisor",
"version" : {
"version_data" : [
{
"version_value" : "1.0.0"
},
{
"version_value" : "2.4.0"
}
]
}
}
]
}
} }
] ]
} }
} }
}

105
2019/4xxx/CVE-2019-4581.json
View File

@ -1,18 +1,93 @@
{ {
"CVE_data_meta": { "problemtype" : {
"ASSIGNER": "cve@mitre.org", "problemtype_data" : [
"ID": "CVE-2019-4581", {
"STATE": "RESERVED" "description" : [
}, {
"data_format": "MITRE", "value" : "Cross-Site Scripting",
"data_type": "CVE", "lang" : "eng"
"data_version": "4.0", }
"description": { ]
"description_data": [ }
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1103373",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 1103373 (QRadar)",
"name" : "https://www.ibm.com/support/pages/node/1103373"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/167239",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-qradar-cve20194581-xss (167239)"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4581",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-11-05T00:00:00",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{ {
"lang": "eng", "product" : {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_data" : [
{
"product_name" : "QRadar",
"version" : {
"version_data" : [
{
"version_value" : "7.3.0"
},
{
"version_value" : "7.3.2Patch4"
}
]
}
}
]
},
"vendor_name" : "IBM"
} }
] ]
} }
} },
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167239."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
},
"BM" : {
"S" : "C",
"AC" : "L",
"AV" : "N",
"A" : "N",
"C" : "L",
"I" : "L",
"UI" : "R",
"PR" : "N",
"SCORE" : "6.100"
}
}
},
"data_type" : "CVE"
}

105
2019/4xxx/CVE-2019-4645.json
View File

@ -1,18 +1,93 @@
{ {
"CVE_data_meta": { "data_format" : "MITRE",
"ASSIGNER": "cve@mitre.org", "problemtype" : {
"ID": "CVE-2019-4645", "problemtype_data" : [
"STATE": "RESERVED" {
}, "description" : [
"data_format": "MITRE", {
"data_type": "CVE", "lang" : "eng",
"data_version": "4.0", "value" : "Cross-Site Scripting"
"description": { }
"description_data": [ ]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1074144",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 1074144 (Cognos Analytics)",
"name" : "https://www.ibm.com/support/pages/node/1074144"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/170881",
"refsource" : "XF",
"name" : "ibm-cognos-cve20194645-xss (170881)",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "H"
},
"BM" : {
"C" : "L",
"A" : "N",
"S" : "C",
"AC" : "L",
"AV" : "N",
"I" : "L",
"PR" : "N",
"SCORE" : "6.100",
"UI" : "R"
}
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881."
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4645",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-11-05T00:00:00",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{ {
"lang": "eng", "vendor_name" : "IBM",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product" : {
"product_data" : [
{
"product_name" : "Cognos Analytics",
"version" : {
"version_data" : [
{
"version_value" : "11.0"
},
{
"version_value" : "11.1"
}
]
}
}
]
}
} }
] ]
} }
} },
"data_version" : "4.0"
}