From e831defd2fe8399f30abe570df1572a116d79b56 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 12 Feb 2021 17:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/20xxx/CVE-2021-20406.json | 178 ++++++++++++++++---------------- 2021/20xxx/CVE-2021-20407.json | 182 ++++++++++++++++----------------- 2021/20xxx/CVE-2021-20408.json | 182 ++++++++++++++++----------------- 2021/20xxx/CVE-2021-20409.json | 178 ++++++++++++++++---------------- 2021/20xxx/CVE-2021-20410.json | 178 ++++++++++++++++---------------- 2021/20xxx/CVE-2021-20411.json | 182 ++++++++++++++++----------------- 2021/20xxx/CVE-2021-20412.json | 178 ++++++++++++++++---------------- 2021/22xxx/CVE-2021-22973.json | 50 ++++++++- 2021/22xxx/CVE-2021-22974.json | 50 ++++++++- 2021/22xxx/CVE-2021-22975.json | 50 ++++++++- 10 files changed, 770 insertions(+), 638 deletions(-) diff --git a/2021/20xxx/CVE-2021-20406.json b/2021/20xxx/CVE-2021-20406.json index 5d6048e9316..35af675b42a 100644 --- a/2021/20xxx/CVE-2021-20406.json +++ b/2021/20xxx/CVE-2021-20406.json @@ -1,93 +1,93 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 198184.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "1.0.6" - }, - { - "version_value" : "1.0.7" - } - ] - }, - "product_name" : "Security Verify Information Queue" - } - ] - } + "value": "IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 198184.", + "lang": "eng" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "1.0.6" + }, + { + "version_value": "1.0.7" + } + ] + }, + "product_name": "Security Verify Information Queue" + } + ] + } + } ] - } - ] - }, - "data_version" : "4.0", - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6414763 (Security Verify Information Queue)", - "name" : "https://www.ibm.com/support/pages/node/6414763", - "url" : "https://www.ibm.com/support/pages/node/6414763" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196184", - "name" : "ibm-sviq-cve202120406-info-disc (196184)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-02-11T00:00:00", - "ID" : "CVE-2021-20406", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "impact" : { - "cvssv3" : { - "BM" : { - "UI" : "N", - "I" : "N", - "PR" : "H", - "C" : "L", - "SCORE" : "2.200", - "AC" : "H", - "A" : "N", - "S" : "U", - "AV" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_format" : "MITRE" -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_version": "4.0", + "data_type": "CVE", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6414763 (Security Verify Information Queue)", + "name": "https://www.ibm.com/support/pages/node/6414763", + "url": "https://www.ibm.com/support/pages/node/6414763" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196184", + "name": "ibm-sviq-cve202120406-info-disc (196184)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2021-02-11T00:00:00", + "ID": "CVE-2021-20406", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "impact": { + "cvssv3": { + "BM": { + "UI": "N", + "I": "N", + "PR": "H", + "C": "L", + "SCORE": "2.200", + "AC": "H", + "A": "N", + "S": "U", + "AV": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20407.json b/2021/20xxx/CVE-2021-20407.json index 869a62f3132..11ef702c9c0 100644 --- a/2021/20xxx/CVE-2021-20407.json +++ b/2021/20xxx/CVE-2021-20407.json @@ -1,93 +1,93 @@ { - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "AV" : "N", - "PR" : "N", - "C" : "L", - "UI" : "N", - "I" : "N", - "SCORE" : "5.300", - "AC" : "L", - "A" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-02-11T00:00:00", - "ID" : "CVE-2021-20407" - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6414765", - "url" : "https://www.ibm.com/support/pages/node/6414765", - "title" : "IBM Security Bulletin 6414765 (Security Verify Information Queue)", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sviq-cve202120407-info-disc (196185)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196185" - } - ] - }, - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 198185.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Verify Information Queue", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.6" - }, - { - "version_value" : "1.0.7" - } - ] - } - } - ] - } + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "AV": "N", + "PR": "N", + "C": "L", + "UI": "N", + "I": "N", + "SCORE": "5.300", + "AC": "L", + "A": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" } - ] - } - } -} + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-02-11T00:00:00", + "ID": "CVE-2021-20407" + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6414765", + "url": "https://www.ibm.com/support/pages/node/6414765", + "title": "IBM Security Bulletin 6414765 (Security Verify Information Queue)", + "refsource": "CONFIRM" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-sviq-cve202120407-info-disc (196185)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196185" + } + ] + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 198185.", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Information Queue", + "version": { + "version_data": [ + { + "version_value": "1.0.6" + }, + { + "version_value": "1.0.7" + } + ] + } + } + ] + } + } + ] + } + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20408.json b/2021/20xxx/CVE-2021-20408.json index c4f599f26ba..fd3b2e935b8 100644 --- a/2021/20xxx/CVE-2021-20408.json +++ b/2021/20xxx/CVE-2021-20408.json @@ -1,93 +1,93 @@ { - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "S" : "U", - "AV" : "L", - "SCORE" : "7.100", - "UI" : "N", - "I" : "H", - "C" : "H", - "PR" : "L", - "A" : "N", - "AC" : "L" - } - } - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2021-02-11T00:00:00", - "ID" : "CVE-2021-20408" - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6414767", - "url" : "https://www.ibm.com/support/pages/node/6414767", - "title" : "IBM Security Bulletin 6414767 (Security Verify Information Queue)", - "refsource" : "CONFIRM" - }, - { - "name" : "ibm-sviq-cve202120408-info-disc (196187)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196187", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Verify Information Queue", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.6" - }, - { - "version_value" : "1.0.7" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "data_format": "MITRE", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "S": "U", + "AV": "L", + "SCORE": "7.100", + "UI": "N", + "I": "H", + "C": "H", + "PR": "L", + "A": "N", + "AC": "L" } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187.", - "lang" : "eng" - } - ] - } -} + } + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-02-11T00:00:00", + "ID": "CVE-2021-20408" + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6414767", + "url": "https://www.ibm.com/support/pages/node/6414767", + "title": "IBM Security Bulletin 6414767 (Security Verify Information Queue)", + "refsource": "CONFIRM" + }, + { + "name": "ibm-sviq-cve202120408-info-disc (196187)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196187", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Verify Information Queue", + "version": { + "version_data": [ + { + "version_value": "1.0.6" + }, + { + "version_value": "1.0.7" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "description": { + "description_data": [ + { + "value": "IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20409.json b/2021/20xxx/CVE-2021-20409.json index c6b25c732ec..f50b1a6a3ba 100644 --- a/2021/20xxx/CVE-2021-20409.json +++ b/2021/20xxx/CVE-2021-20409.json @@ -1,93 +1,93 @@ { - "data_version" : "4.0", - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6414771 (Security Verify Information Queue)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6414771", - "url" : "https://www.ibm.com/support/pages/node/6414771" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196188", - "name" : "ibm-sviq-cve202120409-info-disc (196188)" - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2021-20409", - "DATE_PUBLIC" : "2021-02-11T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "I" : "N", - "UI" : "N", - "PR" : "N", - "C" : "H", - "SCORE" : "5.900", - "AC" : "H", - "A" : "N", - "S" : "U", - "AV" : "N" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 198188." - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "data_type": "CVE", + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "1.0.6" - }, - { - "version_value" : "1.0.7" - } - ] - }, - "product_name" : "Security Verify Information Queue" - } - ] - }, - "vendor_name" : "IBM" + "title": "IBM Security Bulletin 6414771 (Security Verify Information Queue)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6414771", + "url": "https://www.ibm.com/support/pages/node/6414771" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196188", + "name": "ibm-sviq-cve202120409-info-disc (196188)" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2021-20409", + "DATE_PUBLIC": "2021-02-11T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "I": "N", + "UI": "N", + "PR": "N", + "C": "H", + "SCORE": "5.900", + "AC": "H", + "A": "N", + "S": "U", + "AV": "N" + } + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 198188." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "1.0.6" + }, + { + "version_value": "1.0.7" + } + ] + }, + "product_name": "Security Verify Information Queue" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20410.json b/2021/20xxx/CVE-2021-20410.json index 720777142ed..5f1b3e69a62 100644 --- a/2021/20xxx/CVE-2021-20410.json +++ b/2021/20xxx/CVE-2021-20410.json @@ -1,93 +1,93 @@ { - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6414773 (Security Verify Information Queue)", - "url" : "https://www.ibm.com/support/pages/node/6414773", - "name" : "https://www.ibm.com/support/pages/node/6414773" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196190", - "name" : "ibm-sviq-cve202120410-info-disc (196190)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "C" : "H", - "PR" : "L", - "UI" : "N", - "I" : "N", - "SCORE" : "5.300", - "AC" : "H", - "A" : "N", - "S" : "U", - "AV" : "N" - } - } - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2021-02-11T00:00:00", - "ID" : "CVE-2021-20410" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Verify Information Queue", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.6" - }, - { - "version_value" : "1.0.7" - } - ] - } - } - ] - } + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6414773 (Security Verify Information Queue)", + "url": "https://www.ibm.com/support/pages/node/6414773", + "name": "https://www.ibm.com/support/pages/node/6414773" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196190", + "name": "ibm-sviq-cve202120410-info-disc (196190)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + ] + }, + "data_version": "4.0", + "data_format": "MITRE", + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "C": "H", + "PR": "L", + "UI": "N", + "I": "N", + "SCORE": "5.300", + "AC": "H", + "A": "N", + "S": "U", + "AV": "N" + } + } + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-02-11T00:00:00", + "ID": "CVE-2021-20410" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Information Queue", + "version": { + "version_data": [ + { + "version_value": "1.0.6" + }, + { + "version_value": "1.0.7" + } + ] + } + } + ] + } + } ] - } - ] - } -} + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20411.json b/2021/20xxx/CVE-2021-20411.json index aeab02439a5..bbd65b62751 100644 --- a/2021/20xxx/CVE-2021-20411.json +++ b/2021/20xxx/CVE-2021-20411.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-02-11T00:00:00", - "ID" : "CVE-2021-20411", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "C", - "AV" : "A", - "SCORE" : "7.500", - "PR" : "N", - "C" : "H", - "UI" : "R", - "I" : "H", - "A" : "N", - "AC" : "H" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6414777", - "name" : "https://www.ibm.com/support/pages/node/6414777", - "title" : "IBM Security Bulletin 6414777 (Security Verify Information Queue)", - "refsource" : "CONFIRM" - }, - { - "name" : "ibm-sviq-cve202120411-session-fixation (196191)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196191", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "1.0.6" - }, - { - "version_value" : "1.0.7" - } - ] - }, - "product_name" : "Security Verify Information Queue" - } - ] - }, - "vendor_name" : "IBM" + "CVE_data_meta": { + "DATE_PUBLIC": "2021-02-11T00:00:00", + "ID": "CVE-2021-20411", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "impact": { + "cvssv3": { + "BM": { + "S": "C", + "AV": "A", + "SCORE": "7.500", + "PR": "N", + "C": "H", + "UI": "R", + "I": "H", + "A": "N", + "AC": "H" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191.", - "lang" : "eng" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6414777", + "name": "https://www.ibm.com/support/pages/node/6414777", + "title": "IBM Security Bulletin 6414777 (Security Verify Information Queue)", + "refsource": "CONFIRM" + }, + { + "name": "ibm-sviq-cve202120411-session-fixation (196191)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196191", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "1.0.6" + }, + { + "version_value": "1.0.7" + } + ] + }, + "product_name": "Security Verify Information Queue" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "description": { + "description_data": [ + { + "value": "IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20412.json b/2021/20xxx/CVE-2021-20412.json index dff3685c0a8..e2b47baaf80 100644 --- a/2021/20xxx/CVE-2021-20412.json +++ b/2021/20xxx/CVE-2021-20412.json @@ -1,93 +1,93 @@ { - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6414779", - "name" : "https://www.ibm.com/support/pages/node/6414779", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6414779 (Security Verify Information Queue)" - }, - { - "name" : "ibm-sviq-cve202120412-info-disc (196192)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196192", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "AV" : "N", - "C" : "H", - "PR" : "N", - "UI" : "N", - "I" : "N", - "SCORE" : "5.900", - "AC" : "H", - "A" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-02-11T00:00:00", - "ID" : "CVE-2021-20412", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 198192." - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Verify Information Queue", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.6" - }, - { - "version_value" : "1.0.7" - } - ] - } - } - ] - } + "url": "https://www.ibm.com/support/pages/node/6414779", + "name": "https://www.ibm.com/support/pages/node/6414779", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6414779 (Security Verify Information Queue)" + }, + { + "name": "ibm-sviq-cve202120412-info-disc (196192)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196192", + "title": "X-Force Vulnerability Report", + "refsource": "XF" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "AV": "N", + "C": "H", + "PR": "N", + "UI": "N", + "I": "N", + "SCORE": "5.900", + "AC": "H", + "A": "N" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2021-02-11T00:00:00", + "ID": "CVE-2021-20412", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 198192." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Information Queue", + "version": { + "version_data": [ + { + "version_value": "1.0.6" + }, + { + "version_value": "1.0.7" + } + ] + } + } + ] + } + } ] - } - ] - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22973.json b/2021/22xxx/CVE-2021-22973.json index 0d793968f0b..b9452235236 100644 --- a/2021/22xxx/CVE-2021-22973.json +++ b/2021/22xxx/CVE-2021-22973.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22973", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K13323323", + "url": "https://support.f5.com/csp/article/K13323323" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated." } ] } diff --git a/2021/22xxx/CVE-2021-22974.json b/2021/22xxx/CVE-2021-22974.json index f23519cfb4d..9418b307c33 100644 --- a/2021/22xxx/CVE-2021-22974.json +++ b/2021/22xxx/CVE-2021-22974.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22974", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP, BIG-IQ", + "version": { + "version_data": [ + { + "version_value": "BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K68652018", + "url": "https://support.f5.com/csp/article/K68652018" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated." } ] } diff --git a/2021/22xxx/CVE-2021-22975.json b/2021/22xxx/CVE-2021-22975.json index d0c2c18887f..8dbd71aebc0 100644 --- a/2021/22xxx/CVE-2021-22975.json +++ b/2021/22xxx/CVE-2021-22975.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22975", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K21971977", + "url": "https://support.f5.com/csp/article/K21971977" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while passing large bursts of traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated." } ] }