From e52f4f792c0fc85136f551146d33c18ae4896606 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 2 Nov 2018 11:07:21 -0400 Subject: [PATCH] - Synchronized data. --- 2017/1xxx/CVE-2017-1609.json | 128 +++++++++++++++---------------- 2018/17xxx/CVE-2018-17918.json | 2 + 2018/17xxx/CVE-2018-17922.json | 2 + 2018/18xxx/CVE-2018-18902.json | 18 +++++ 2018/1xxx/CVE-2018-1552.json | 136 ++++++++++++++++----------------- 2018/1xxx/CVE-2018-1788.json | 60 +++++++-------- 2018/1xxx/CVE-2018-1835.json | 122 +++++++++++++++-------------- 2018/1xxx/CVE-2018-1846.json | 76 +++++++++--------- 2018/1xxx/CVE-2018-1876.json | 122 +++++++++++++++-------------- 2018/1xxx/CVE-2018-1877.json | 124 +++++++++++++++--------------- 2018/1xxx/CVE-2018-1878.json | 122 +++++++++++++++-------------- 11 files changed, 459 insertions(+), 453 deletions(-) create mode 100644 2018/18xxx/CVE-2018-18902.json diff --git a/2017/1xxx/CVE-2017-1609.json b/2017/1xxx/CVE-2017-1609.json index 3824e6906aa..31ecfaa565e 100644 --- a/2017/1xxx/CVE-2017-1609.json +++ b/2017/1xxx/CVE-2017-1609.json @@ -1,68 +1,14 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Quality Manager (RQM) 5.0 thorugh 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132929." - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-10-31T00:00:00", + "ID" : "CVE-2017-1609", + "STATE" : "PUBLIC" }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 738137 (Rational Quality Manager)", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738137", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10738137", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "name" : "ibm-rqm-cve20171609-xss (132929)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132929", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_version" : "4.0", - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "H" - }, - "BM" : { - "AV" : "N", - "UI" : "R", - "S" : "C", - "A" : "N", - "PR" : "L", - "AC" : "L", - "I" : "L", - "C" : "L", - "SCORE" : "5.400" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } - ] - } - ] - }, - "data_format" : "MITRE", "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -103,15 +49,67 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, - "CVE_data_meta" : { - "ID" : "CVE-2017-1609", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-31T00:00:00", - "STATE" : "PUBLIC" + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Quality Manager (RQM) 5.0 thorugh 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132929." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" + }, + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10738137", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738137" + }, + { + "name" : "ibm-rqm-cve20171609-xss(132929)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132929" + } + ] } } diff --git a/2018/17xxx/CVE-2018-17918.json b/2018/17xxx/CVE-2018-17918.json index 65c14ebad52..396648fc4df 100644 --- a/2018/17xxx/CVE-2018-17918.json +++ b/2018/17xxx/CVE-2018-17918.json @@ -53,6 +53,8 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-03", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-03" } ] diff --git a/2018/17xxx/CVE-2018-17922.json b/2018/17xxx/CVE-2018-17922.json index ceb69858089..0908485d0a5 100644 --- a/2018/17xxx/CVE-2018-17922.json +++ b/2018/17xxx/CVE-2018-17922.json @@ -53,6 +53,8 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-03", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-03" } ] diff --git a/2018/18xxx/CVE-2018-18902.json b/2018/18xxx/CVE-2018-18902.json new file mode 100644 index 00000000000..57612fc0dca --- /dev/null +++ b/2018/18xxx/CVE-2018-18902.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-18902", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/1xxx/CVE-2018-1552.json b/2018/1xxx/CVE-2018-1552.json index cc528c7cb8f..2939fa2b804 100644 --- a/2018/1xxx/CVE-2018-1552.json +++ b/2018/1xxx/CVE-2018-1552.json @@ -1,28 +1,67 @@ { - "references" : { - "reference_data" : [ - { - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016247", - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016247", - "title" : "IBM Security Bulletin 2016247 (Robotic Process Automation with Automation Anywhere)", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-rpa-cve20181552-file-upload (142889)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142889" - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-10-30T00:00:00", + "ID" : "CVE-2018-1552", + "STATE" : "PUBLIC" }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Robotic Process Automation with Automation Anywhere", + "version" : { + "version_data" : [ + { + "version_value" : "10.0" + }, + { + "version_value" : "11.0" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to run it, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 142889." + "value" : "IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to run it, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 142889." } ] }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "L", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "U", + "SCORE" : "5.500", + "UI" : "R" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { @@ -35,59 +74,18 @@ } ] }, - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "UI" : "R", - "S" : "U", - "A" : "L", - "AC" : "L", - "PR" : "L", - "I" : "L", - "C" : "L", - "SCORE" : "5.500" + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016247", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016247" }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" + { + "name" : "ibm-rpa-cve20181552-file-upload(142889)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142889" } - } - }, - "data_type" : "CVE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2018-1552", - "DATE_PUBLIC" : "2018-10-30T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.0" - }, - { - "version_value" : "11.0" - } - ] - }, - "product_name" : "Robotic Process Automation with Automation Anywhere" - } - ] - } - } - ] - } - }, - "data_format" : "MITRE" + ] + } } diff --git a/2018/1xxx/CVE-2018-1788.json b/2018/1xxx/CVE-2018-1788.json index 81fce7f7360..f553a3c506b 100644 --- a/2018/1xxx/CVE-2018-1788.json +++ b/2018/1xxx/CVE-2018-1788.json @@ -1,5 +1,10 @@ { - "data_format" : "MITRE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-10-31T00:00:00", + "ID" : "CVE-2018-1788", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ @@ -26,41 +31,44 @@ ] } }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2018-10-31T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2018-1788" + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873." + } + ] }, "impact" : { "cvssv3" : { "BM" : { + "A" : "N", + "AC" : "H", "AV" : "L", - "S" : "U", - "UI" : "N", + "C" : "H", "I" : "N", "PR" : "H", - "AC" : "H", - "A" : "N", + "S" : "U", "SCORE" : "4.100", - "C" : "H" + "UI" : "N" }, "TM" : { + "E" : "U", "RC" : "C", - "RL" : "O", - "E" : "U" + "RL" : "O" } } }, - "data_version" : "4.0", - "data_type" : "CVE", "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Obtain Information", - "lang" : "eng" + "lang" : "eng", + "value" : "Obtain Information" } ] } @@ -69,24 +77,14 @@ "references" : { "reference_data" : [ { - "refsource" : "CONFIRM", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10730357", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10730357", - "title" : "IBM Security Bulletin 730357 (Spectrum Protect)" + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10730357" }, { + "name" : "ibm-tivoli-cve20181788-info-disc(148873)", "refsource" : "XF", - "name" : "ibm-tivoli-cve20181788-info-disc (148873)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148873", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873." + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148873" } ] } diff --git a/2018/1xxx/CVE-2018-1835.json b/2018/1xxx/CVE-2018-1835.json index 83fb1fcfbe4..ead5c6464bb 100644 --- a/2018/1xxx/CVE-2018-1835.json +++ b/2018/1xxx/CVE-2018-1835.json @@ -1,67 +1,9 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "PR" : "L", - "I" : "N", - "AC" : "L", - "A" : "L", - "SCORE" : "7.100", - "C" : "H", - "AV" : "N", - "S" : "U", - "UI" : "N" - } - } - }, - "data_version" : "4.0", - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150514." - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733815", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733815", - "title" : "IBM Security Bulletin 733815 (Daeja ViewONE)", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150514", - "name" : "ibm-dejaviewone-cve20181835-xxe (150514)", - "title" : "X-Force Vulnerability Report" - } - ] - }, "CVE_data_meta" : { - "DATE_PUBLIC" : "2018-10-26T00:00:00", "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2018-1835" + "DATE_PUBLIC" : "2018-10-26T00:00:00", + "ID" : "CVE-2018-1835", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { @@ -86,5 +28,61 @@ ] } }, - "data_format" : "MITRE" + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150514." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "L", + "AC" : "L", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "7.100", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733815", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733815" + }, + { + "name" : "ibm-dejaviewone-cve20181835-xxe(150514)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150514" + } + ] + } } diff --git a/2018/1xxx/CVE-2018-1846.json b/2018/1xxx/CVE-2018-1846.json index 4ae77d3ec30..e9b13ab1f03 100644 --- a/2018/1xxx/CVE-2018-1846.json +++ b/2018/1xxx/CVE-2018-1846.json @@ -1,18 +1,18 @@ { "CVE_data_meta" : { - "STATE" : "PUBLIC", "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2018-10-31T00:00:00", - "ID" : "CVE-2018-1846" + "ID" : "CVE-2018-1846", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "Rational Engineering Lifecycle Manager", "version" : { "version_data" : [ { @@ -46,39 +46,45 @@ "version_value" : "5.02" } ] - }, - "product_name" : "Rational Engineering Lifecycle Manager" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150945." + "value" : "IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150945." } ] }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10738075", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738075", - "title" : "IBM Security Bulletin 738075 (Rational Engineering Lifecycle Manager)" + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "L", + "AC" : "L", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "7.100", + "UI" : "N" }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150945", - "name" : "ibm-relm-cve20181846-info-disc (150945)", - "title" : "X-Force Vulnerability Report" + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" } - ] + } }, "problemtype" : { "problemtype_data" : [ @@ -92,26 +98,18 @@ } ] }, - "data_version" : "4.0", - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10738075", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738075" }, - "BM" : { - "AV" : "N", - "S" : "U", - "UI" : "N", - "PR" : "L", - "AC" : "L", - "I" : "N", - "A" : "L", - "SCORE" : "7.100", - "C" : "H" + { + "name" : "ibm-relm-cve20181846-info-disc(150945)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150945" } - } + ] } } diff --git a/2018/1xxx/CVE-2018-1876.json b/2018/1xxx/CVE-2018-1876.json index df51270cd85..54a82962ab0 100644 --- a/2018/1xxx/CVE-2018-1876.json +++ b/2018/1xxx/CVE-2018-1876.json @@ -1,69 +1,10 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_version" : "4.0", - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "C" : "H", - "SCORE" : "6.200", - "A" : "N", - "PR" : "N", - "I" : "N", - "AC" : "L", - "UI" : "N", - "S" : "U", - "AV" : "L" - } - } - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 735967 (Robotic Process Automation with Automation Anywhere)", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10735967", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10735967" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151707", - "name" : "ibm-rpa-cve20181876-info-disc (151707)" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707.", - "lang" : "eng" - } - ] - }, "CVE_data_meta" : { - "DATE_PUBLIC" : "2018-10-30T00:00:00", "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2018-1876" + "DATE_PUBLIC" : "2018-10-30T00:00:00", + "ID" : "CVE-2018-1876", + "STATE" : "PUBLIC" }, - "data_format" : "MITRE", "affects" : { "vendor" : { "vendor_data" : [ @@ -86,5 +27,62 @@ } ] } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "L", + "C" : "H", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "6.200", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10735967", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10735967" + }, + { + "name" : "ibm-rpa-cve20181876-info-disc(151707)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151707" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1877.json b/2018/1xxx/CVE-2018-1877.json index d8fe9f8b1d8..3e26a8e3367 100644 --- a/2018/1xxx/CVE-2018-1877.json +++ b/2018/1xxx/CVE-2018-1877.json @@ -1,69 +1,10 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_version" : "4.0", - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "H", - "SCORE" : "6.200", - "A" : "N", - "AC" : "L", - "PR" : "N", - "I" : "N", - "UI" : "N", - "S" : "U", - "AV" : "L" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 735973 (Robotic Process Automation with Automation Anywhere)", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10735973", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10735973" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151713", - "name" : "ibm-rpa-cve20181877-info-disc (151713)" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713.", - "lang" : "eng" - } - ] - }, "CVE_data_meta" : { "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2018-10-30T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2018-1877" + "ID" : "CVE-2018-1877", + "STATE" : "PUBLIC" }, - "data_format" : "MITRE", "affects" : { "vendor" : { "vendor_data" : [ @@ -71,14 +12,14 @@ "product" : { "product_data" : [ { + "product_name" : "Robotic Process Automation with Automation Anywhere", "version" : { "version_data" : [ { "version_value" : "11" } ] - }, - "product_name" : "Robotic Process Automation with Automation Anywhere" + } } ] }, @@ -86,5 +27,62 @@ } ] } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "L", + "C" : "H", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "6.200", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10735973", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10735973" + }, + { + "name" : "ibm-rpa-cve20181877-info-disc(151713)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151713" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1878.json b/2018/1xxx/CVE-2018-1878.json index 72e9db2b320..4501ce6cc78 100644 --- a/2018/1xxx/CVE-2018-1878.json +++ b/2018/1xxx/CVE-2018-1878.json @@ -1,61 +1,9 @@ { - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10735977", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10735977", - "title" : "IBM Security Bulletin 735977 (Robotic Process Automation with Automation Anywhere)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151714", - "name" : "ibm-rpa-cve20181878-info-disc (151714)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "AV" : "N", - "UI" : "N", - "S" : "U", - "A" : "N", - "AC" : "L", - "I" : "N", - "PR" : "N", - "C" : "L", - "SCORE" : "5.300" - } - } - }, - "data_type" : "CVE", - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-10-30T00:00:00", + "ID" : "CVE-2018-1878", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { @@ -81,10 +29,60 @@ } }, "data_format" : "MITRE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-10-30T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1878" + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "5.300", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10735977", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10735977" + }, + { + "name" : "ibm-rpa-cve20181878-info-disc(151714)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151714" + } + ] } }