admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20200402-101346

Browse Source 
Added CVE-2020-4304, CVE-2020-4325, CVE-2020-4303
This commit is contained in:
Scott Moore - IBM 2020-04-02 10:13:46 -04:00
parent 60615be3d6
commit e25e3a23c3
No known key found for this signature in database
GPG Key ID: 8E6C411D57F2D75C
3 changed files with 289 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
2020/4xxx/CVE-2020-4303.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4303",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-03-31T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4303"
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6147195",
"title" : "IBM Security Bulletin 6147195 (WebSphere Application Server Liberty)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6147195"
},
{
"refsource" : "XF",
"name" : "ibm-websphere-cve20204303-xss (176668)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176668"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "17.0.0.3"
},
{
"version_value" : "20.0.0.3"
}
]
},
"product_name" : "WebSphere Application Server Liberty"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176668.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "H"
},
"BM" : {
"AC" : "L",
"AV" : "N",
"UI" : "R",
"PR" : "N",
"I" : "L",
"SCORE" : "6.100",
"S" : "C",
"A" : "N",
"C" : "L"
}
}
}
}

105
2020/4xxx/CVE-2020-4304.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4304",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6147195",
"title" : "IBM Security Bulletin 6147195 (WebSphere Application Server Liberty)",
"url" : "https://www.ibm.com/support/pages/node/6147195"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-websphere-cve20204304-xss (176670)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176670"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-03-31T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4304"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "17.0.0.3"
},
{
"version_value" : "20.0.0.3"
}
]
},
"product_name" : "WebSphere Application Server Liberty"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
},
"BM" : {
"I" : "L",
"SCORE" : "6.100",
"PR" : "N",
"UI" : "R",
"AC" : "L",
"AV" : "N",
"C" : "L",
"A" : "N",
"S" : "C"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176670.",
"lang" : "eng"
}
]
}
}

124
2020/4xxx/CVE-2020-4325.json
View File

@ -1,18 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4325",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6125403 (Automation Workstream Services in Cloud Pak for Automation)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6125403",
"url" : "https://www.ibm.com/support/pages/node/6125403"
},
{
"name" : "ibm-icp4a-cve20204325-dos (177596)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/177596"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4325",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-04-01T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "18.0.0.1"
},
{
"version_value" : "18.0.0.2"
},
{
"version_value" : "19.0.0.1"
},
{
"version_value" : "19.0.0.2"
},
{
"version_value" : "19.0.0.3"
}
]
},
"product_name" : "Process Federation Server"
},
{
"product_name" : "Automation Workstream Services in Cloud Pak for Automation",
"version" : {
"version_data" : [
{
"version_value" : "19.0.0.3"
}
]
}
}
]
}
}
]
}
}
]
}
},
"data_version" : "4.0",
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "N",
"S" : "U",
"A" : "H",
"PR" : "L",
"SCORE" : "6.500",
"I" : "N",
"AV" : "N",
"AC" : "L",
"UI" : "N"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.",
"lang" : "eng"
}
]
}
}