diff --git a/2020/22xxx/CVE-2020-22550.json b/2020/22xxx/CVE-2020-22550.json index edbdc2b1137..0b2382d895b 100644 --- a/2020/22xxx/CVE-2020-22550.json +++ b/2020/22xxx/CVE-2020-22550.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22550", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22550", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Veno File Manager 3.5.6 is affected by a directory traversal vulnerability. Using the traversal allows an attacker to download sensitive files from the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/Sp3eD-X/22640377f96340544baf12891f708b8f", + "url": "https://gist.github.com/Sp3eD-X/22640377f96340544baf12891f708b8f" + }, + { + "refsource": "MISC", + "name": "https://codecanyon.net/item/veno-file-manager-host-and-share-files/6114247", + "url": "https://codecanyon.net/item/veno-file-manager-host-and-share-files/6114247" } ] } diff --git a/2020/35xxx/CVE-2020-35493.json b/2020/35xxx/CVE-2020-35493.json index c51b9b829cc..140e000c4bf 100644 --- a/2020/35xxx/CVE-2020-35493.json +++ b/2020/35xxx/CVE-2020-35493.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-35493", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "binutils", + "version": { + "version_data": [ + { + "version_value": "binutils 2.34" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20->CWE-122->CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1911437", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911437" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34." } ] } diff --git a/2020/35xxx/CVE-2020-35494.json b/2020/35xxx/CVE-2020-35494.json index 00e25514327..b20e292f6dd 100644 --- a/2020/35xxx/CVE-2020-35494.json +++ b/2020/35xxx/CVE-2020-35494.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-35494", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "binutils", + "version": { + "version_data": [ + { + "version_value": "binutils 2.34" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-908" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1911439", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911439" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34." } ] } diff --git a/2020/35xxx/CVE-2020-35495.json b/2020/35xxx/CVE-2020-35495.json index 020d32c8d17..ce97f5e10db 100644 --- a/2020/35xxx/CVE-2020-35495.json +++ b/2020/35xxx/CVE-2020-35495.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-35495", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "binutils", + "version": { + "version_data": [ + { + "version_value": "binutils 2.34" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1911441", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911441" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34." } ] } diff --git a/2020/35xxx/CVE-2020-35496.json b/2020/35xxx/CVE-2020-35496.json index 354c8b3d8ae..82efba64a99 100644 --- a/2020/35xxx/CVE-2020-35496.json +++ b/2020/35xxx/CVE-2020-35496.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-35496", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "binutils", + "version": { + "version_data": [ + { + "version_value": "binutils 2.34" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1911444", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911444" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34." } ] } diff --git a/2020/35xxx/CVE-2020-35507.json b/2020/35xxx/CVE-2020-35507.json index 90039bb5684..6c97a7e4ecf 100644 --- a/2020/35xxx/CVE-2020-35507.json +++ b/2020/35xxx/CVE-2020-35507.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-35507", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "binutils", + "version": { + "version_data": [ + { + "version_value": "binutils 2.34" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1911691", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911691" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34." } ] } diff --git a/2020/36xxx/CVE-2020-36112.json b/2020/36xxx/CVE-2020-36112.json index 7130a8a6965..c4aa0b6ffad 100644 --- a/2020/36xxx/CVE-2020-36112.json +++ b/2020/36xxx/CVE-2020-36112.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36112", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36112", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/49314", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/49314" } ] } diff --git a/2020/4xxx/CVE-2020-4909.json b/2020/4xxx/CVE-2020-4909.json index d866ada7e99..c4db3ec1f4f 100644 --- a/2020/4xxx/CVE-2020-4909.json +++ b/2020/4xxx/CVE-2020-4909.json @@ -1,90 +1,90 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Pak System", - "version" : { - "version_data" : [ - { - "version_value" : "2.3" - } - ] - } - } - ] - } - } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "A" : "N", - "S" : "C", - "C" : "L", - "UI" : "R", - "SCORE" : "4.800", - "AC" : "L", - "PR" : "H", - "I" : "L" - }, - "TM" : { - "E" : "H", - "RL" : "O", - "RC" : "C" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cloud Pak System", + "version": { + "version_data": [ + { + "version_value": "2.3" + } + ] + } + } + ] + } + } ] - } - ] - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6393554", - "name" : "https://www.ibm.com/support/pages/node/6393554", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6393554 (Cloud Pak System)" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191273", - "name" : "ibm-cps-cve20204909-xss (191273)", - "refsource" : "XF" - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-01-02T00:00:00", - "ID" : "CVE-2020-4909", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_format" : "MITRE", - "data_version" : "4.0" -} + } + }, + "description": { + "description_data": [ + { + "value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273.", + "lang": "eng" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "A": "N", + "S": "C", + "C": "L", + "UI": "R", + "SCORE": "4.800", + "AC": "L", + "PR": "H", + "I": "L" + }, + "TM": { + "E": "H", + "RL": "O", + "RC": "C" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6393554", + "name": "https://www.ibm.com/support/pages/node/6393554", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6393554 (Cloud Pak System)" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191273", + "name": "ibm-cps-cve20204909-xss (191273)", + "refsource": "XF" + } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2021-01-02T00:00:00", + "ID": "CVE-2020-4909", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_format": "MITRE", + "data_version": "4.0" +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4910.json b/2020/4xxx/CVE-2020-4910.json index afa2b30c161..c695ce1bd9b 100644 --- a/2020/4xxx/CVE-2020-4910.json +++ b/2020/4xxx/CVE-2020-4910.json @@ -1,90 +1,90 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.3" - } - ] - }, - "product_name" : "Cloud Pak System" - } - ] - } - } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "C", - "C" : "L", - "SCORE" : "4.800", - "AC" : "L", - "UI" : "R", - "PR" : "H", - "I" : "L", - "AV" : "N", - "A" : "N" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.3" + } + ] + }, + "product_name": "Cloud Pak System" + } + ] + } + } ] - } - ] - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6393554 (Cloud Pak System)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6393554", - "url" : "https://www.ibm.com/support/pages/node/6393554" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-cps-cve20204910-xss (191274)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191274" - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-01-02T00:00:00", - "ID" : "CVE-2020-4910" - }, - "data_format" : "MITRE", - "data_version" : "4.0" -} + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "S": "C", + "C": "L", + "SCORE": "4.800", + "AC": "L", + "UI": "R", + "PR": "H", + "I": "L", + "AV": "N", + "A": "N" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6393554 (Cloud Pak System)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6393554", + "url": "https://www.ibm.com/support/pages/node/6393554" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-cps-cve20204910-xss (191274)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191274" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-01-02T00:00:00", + "ID": "CVE-2020-4910" + }, + "data_format": "MITRE", + "data_version": "4.0" +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4912.json b/2020/4xxx/CVE-2020-4912.json index 44eae53acd9..75b49df91cf 100644 --- a/2020/4xxx/CVE-2020-4912.json +++ b/2020/4xxx/CVE-2020-4912.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6393554 (Cloud Pak System)", - "url" : "https://www.ibm.com/support/pages/node/6393554", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6393554" - }, - { - "name" : "ibm-cps-cve20204912-priv-escalation (191287)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191287", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4912", - "DATE_PUBLIC" : "2021-01-02T00:00:00" - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Pak System", - "version" : { - "version_data" : [ - { - "version_value" : "2.3" - } - ] - } - } - ] - } + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] } - ] - } - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "A" : "L", - "AV" : "N", - "I" : "L", - "PR" : "H", - "SCORE" : "4.700", - "UI" : "N", - "AC" : "L", - "S" : "U", - "C" : "L" - } - } - } -} + ] + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6393554 (Cloud Pak System)", + "url": "https://www.ibm.com/support/pages/node/6393554", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6393554" + }, + { + "name": "ibm-cps-cve20204912-priv-escalation (191287)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191287", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4912", + "DATE_PUBLIC": "2021-01-02T00:00:00" + }, + "data_version": "4.0", + "data_format": "MITRE", + "description": { + "description_data": [ + { + "value": "IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cloud Pak System", + "version": { + "version_data": [ + { + "version_value": "2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "A": "L", + "AV": "N", + "I": "L", + "PR": "H", + "SCORE": "4.700", + "UI": "N", + "AC": "L", + "S": "U", + "C": "L" + } + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4913.json b/2020/4xxx/CVE-2020-4913.json index e9474b1b894..4e3efc7aa3f 100644 --- a/2020/4xxx/CVE-2020-4913.json +++ b/2020/4xxx/CVE-2020-4913.json @@ -1,90 +1,90 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Pak System", - "version" : { - "version_data" : [ - { - "version_value" : "2.3" - } - ] - } - } - ] - } + "value": "IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.", + "lang": "eng" } - ] - } - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "C" : "H", - "S" : "U", - "AC" : "L", - "SCORE" : "4.400", - "UI" : "N", - "I" : "N", - "PR" : "H", - "AV" : "L", - "A" : "N" - } - } - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cloud Pak System", + "version": { + "version_data": [ + { + "version_value": "2.3" + } + ] + } + } + ] + } + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6393554 (Cloud Pak System)", - "name" : "https://www.ibm.com/support/pages/node/6393554", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6393554" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191288", - "refsource" : "XF", - "name" : "ibm-cps-cve20204913-info-disc (191288)" - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-01-02T00:00:00", - "ID" : "CVE-2020-4913" - }, - "data_version" : "4.0", - "data_format" : "MITRE" -} + } + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "C": "H", + "S": "U", + "AC": "L", + "SCORE": "4.400", + "UI": "N", + "I": "N", + "PR": "H", + "AV": "L", + "A": "N" + } + } + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6393554 (Cloud Pak System)", + "name": "https://www.ibm.com/support/pages/node/6393554", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6393554" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191288", + "refsource": "XF", + "name": "ibm-cps-cve20204913-info-disc (191288)" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-01-02T00:00:00", + "ID": "CVE-2020-4913" + }, + "data_version": "4.0", + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4916.json b/2020/4xxx/CVE-2020-4916.json index 1cf5794bf97..dadfd1516a6 100644 --- a/2020/4xxx/CVE-2020-4916.json +++ b/2020/4xxx/CVE-2020-4916.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-01-02T00:00:00", - "ID" : "CVE-2020-4916" - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6393554 (Cloud Pak System)", - "url" : "https://www.ibm.com/support/pages/node/6393554", - "name" : "https://www.ibm.com/support/pages/node/6393554", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-cps-cve20204916-xss (191390)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191390" - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "H", - "RL" : "O" - }, - "BM" : { - "AV" : "N", - "A" : "N", - "S" : "C", - "C" : "L", - "PR" : "H", - "I" : "L", - "SCORE" : "5.500", - "UI" : "N", - "AC" : "L" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-01-02T00:00:00", + "ID": "CVE-2020-4916" + }, + "data_format": "MITRE", + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.3" - } - ] - }, - "product_name" : "Cloud Pak System" - } - ] - } + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.", - "lang" : "eng" - } - ] - } -} + ] + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6393554 (Cloud Pak System)", + "url": "https://www.ibm.com/support/pages/node/6393554", + "name": "https://www.ibm.com/support/pages/node/6393554", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-cps-cve20204916-xss (191390)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191390" + } + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "H", + "RL": "O" + }, + "BM": { + "AV": "N", + "A": "N", + "S": "C", + "C": "L", + "PR": "H", + "I": "L", + "SCORE": "5.500", + "UI": "N", + "AC": "L" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.3" + } + ] + }, + "product_name": "Cloud Pak System" + } + ] + } + } + ] + } + }, + "description": { + "description_data": [ + { + "value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4917.json b/2020/4xxx/CVE-2020-4917.json index da2cad0c6e7..6c1556b5664 100644 --- a/2020/4xxx/CVE-2020-4917.json +++ b/2020/4xxx/CVE-2020-4917.json @@ -1,90 +1,90 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Pak System", - "version" : { - "version_data" : [ - { - "version_value" : "2.3" - } - ] - } - } - ] - } + "value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391.", + "lang": "eng" } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "A" : "N", - "C" : "N", - "S" : "U", - "AC" : "L", - "SCORE" : "4.300", - "UI" : "R", - "I" : "L", - "PR" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cloud Pak System", + "version": { + "version_data": [ + { + "version_value": "2.3" + } + ] + } + } + ] + } + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6393554", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6393554", - "title" : "IBM Security Bulletin 6393554 (Cloud Pak System)" - }, - { - "refsource" : "XF", - "name" : "ibm-cps-cve20204917-csrf (191391)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191391", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4917", - "DATE_PUBLIC" : "2021-01-02T00:00:00" - }, - "data_version" : "4.0", - "data_format" : "MITRE" -} + } + }, + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "A": "N", + "C": "N", + "S": "U", + "AC": "L", + "SCORE": "4.300", + "UI": "R", + "I": "L", + "PR": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6393554", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6393554", + "title": "IBM Security Bulletin 6393554 (Cloud Pak System)" + }, + { + "refsource": "XF", + "name": "ibm-cps-cve20204917-csrf (191391)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191391", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4917", + "DATE_PUBLIC": "2021-01-02T00:00:00" + }, + "data_version": "4.0", + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4918.json b/2020/4xxx/CVE-2020-4918.json index 656869c8ee2..19a74c7bce7 100644 --- a/2020/4xxx/CVE-2020-4918.json +++ b/2020/4xxx/CVE-2020-4918.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6393554", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6393554", - "title" : "IBM Security Bulletin 6393554 (Cloud Pak System)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191392", - "name" : "ibm-cps-cve20204918-info-disc (191392)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-01-02T00:00:00", - "ID" : "CVE-2020-4918" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392." - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.3" - } - ] - }, - "product_name" : "Cloud Pak System" - } - ] - } + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] } - ] - } - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "A" : "N", - "AV" : "L", - "AC" : "L", - "SCORE" : "2.300", - "UI" : "N", - "PR" : "H", - "I" : "N", - "C" : "L", - "S" : "U" - } - } - } -} + ] + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6393554", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6393554", + "title": "IBM Security Bulletin 6393554 (Cloud Pak System)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191392", + "name": "ibm-cps-cve20204918-info-disc (191392)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_version": "4.0", + "data_format": "MITRE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-01-02T00:00:00", + "ID": "CVE-2020-4918" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.3" + } + ] + }, + "product_name": "Cloud Pak System" + } + ] + } + } + ] + } + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "A": "N", + "AV": "L", + "AC": "L", + "SCORE": "2.300", + "UI": "N", + "PR": "H", + "I": "N", + "C": "L", + "S": "U" + } + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4919.json b/2020/4xxx/CVE-2020-4919.json index dd0d7af09b5..42e844e869a 100644 --- a/2020/4xxx/CVE-2020-4919.json +++ b/2020/4xxx/CVE-2020-4919.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6393554 (Cloud Pak System)", - "url" : "https://www.ibm.com/support/pages/node/6393554", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6393554" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-cps-cve20204919-session-fixation (191395)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191395" - } - ] - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4919", - "DATE_PUBLIC" : "2021-01-02T00:00:00" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.3" - } - ] - }, - "product_name" : "Cloud Pak System" - } - ] - } + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "L", - "S" : "U", - "SCORE" : "4.700", - "UI" : "N", - "AC" : "L", - "PR" : "H", - "I" : "L", - "AV" : "N", - "A" : "L" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - } -} + ] + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6393554 (Cloud Pak System)", + "url": "https://www.ibm.com/support/pages/node/6393554", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6393554" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-cps-cve20204919-session-fixation (191395)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191395" + } + ] + }, + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4919", + "DATE_PUBLIC": "2021-01-02T00:00:00" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.3" + } + ] + }, + "product_name": "Cloud Pak System" + } + ] + } + } + ] + } + }, + "description": { + "description_data": [ + { + "value": "IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395.", + "lang": "eng" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "C": "L", + "S": "U", + "SCORE": "4.700", + "UI": "N", + "AC": "L", + "PR": "H", + "I": "L", + "AV": "N", + "A": "L" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4928.json b/2020/4xxx/CVE-2020-4928.json index 19a7092e0db..f68468fb534 100644 --- a/2020/4xxx/CVE-2020-4928.json +++ b/2020/4xxx/CVE-2020-4928.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-01-02T00:00:00", - "ID" : "CVE-2020-4928" - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6393554 (Cloud Pak System)", - "name" : "https://www.ibm.com/support/pages/node/6393554", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6393554" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-cps-cve20204928-file-upload (191705)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191705" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } - ] - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "H", - "AV" : "L", - "SCORE" : "6.700", - "UI" : "N", - "AC" : "L", - "PR" : "H", - "I" : "H", - "S" : "U", - "C" : "H" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-01-02T00:00:00", + "ID": "CVE-2020-4928" + }, + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Pak System", - "version" : { - "version_data" : [ - { - "version_value" : "2.3" - } - ] - } - } - ] - } + "title": "IBM Security Bulletin 6393554 (Cloud Pak System)", + "name": "https://www.ibm.com/support/pages/node/6393554", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6393554" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-cps-cve20204928-file-upload (191705)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191705" } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705." - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "AV": "L", + "SCORE": "6.700", + "UI": "N", + "AC": "L", + "PR": "H", + "I": "H", + "S": "U", + "C": "H" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cloud Pak System", + "version": { + "version_data": [ + { + "version_value": "2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705." + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4942.json b/2020/4xxx/CVE-2020-4942.json index bcaa6d63a4e..a93972c3c29 100644 --- a/2020/4xxx/CVE-2020-4942.json +++ b/2020/4xxx/CVE-2020-4942.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4942", - "DATE_PUBLIC" : "2020-12-31T00:00:00" - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6395108", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6395108", - "title" : "IBM Security Bulletin 6395108 (Curam SPM)" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191942", - "name" : "ibm-curam-cve20204942-csrf (191942)", - "refsource" : "XF" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "A" : "N", - "AV" : "N", - "SCORE" : "6.500", - "AC" : "L", - "UI" : "R", - "PR" : "N", - "I" : "H", - "C" : "N", - "S" : "U" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942." - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4942", + "DATE_PUBLIC": "2020-12-31T00:00:00" + }, + "data_version": "4.0", + "data_format": "MITRE", + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.0.9" - }, - { - "version_value" : "7.0.11" - } - ] - }, - "product_name" : "Curam SPM" - } - ] - }, - "vendor_name" : "IBM" + "name": "https://www.ibm.com/support/pages/node/6395108", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6395108", + "title": "IBM Security Bulletin 6395108 (Curam SPM)" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191942", + "name": "ibm-curam-cve20204942-csrf (191942)", + "refsource": "XF" } - ] - } - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "A": "N", + "AV": "N", + "SCORE": "6.500", + "AC": "L", + "UI": "R", + "PR": "N", + "I": "H", + "C": "N", + "S": "U" + } + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.0.9" + }, + { + "version_value": "7.0.11" + } + ] + }, + "product_name": "Curam SPM" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3010.json b/2021/3xxx/CVE-2021-3010.json new file mode 100644 index 00000000000..a4d48951177 --- /dev/null +++ b/2021/3xxx/CVE-2021-3010.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3010", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3011.json b/2021/3xxx/CVE-2021-3011.json new file mode 100644 index 00000000000..a5ec460ae21 --- /dev/null +++ b/2021/3xxx/CVE-2021-3011.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3011", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3012.json b/2021/3xxx/CVE-2021-3012.json new file mode 100644 index 00000000000..f97725f0f38 --- /dev/null +++ b/2021/3xxx/CVE-2021-3012.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3012", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file