admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

IBM20220913-16444

Browse Source 
Added CVE-2022-35637, CVE-2022-22330, CVE-2022-36768, CVE-2022-34356, CVE-2022-22329, CVE-2022-22483, CVE-2022-34336
This commit is contained in:
Scott Moore - IBM 2022-09-13 16:44:04 -04:00
parent 18a5e7fac5
commit eba61d1cb4
No known key found for this signature in database
GPG Key ID: 8E6C411D57F2D75C
7 changed files with 668 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
2022/22xxx/CVE-2022-22329.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22329",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2022-22329",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-09-12T00:00:00"
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6619739",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6619739",
"title" : "IBM Security Bulletin 6619739 (Control Desk)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-controldesk-cve202222329-info-disc (219124)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/219124"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 219124.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"SCORE" : "4.300",
"C" : "L",
"I" : "N",
"S" : "U",
"PR" : "N",
"AC" : "L",
"AV" : "N",
"UI" : "R"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.6.1"
}
]
},
"product_name" : "Control Desk"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"data_format" : "MITRE",
"data_version" : "4.0"
}

102
2022/22xxx/CVE-2022-22330.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22330",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"DATE_PUBLIC" : "2022-09-12T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2022-22330",
"STATE" : "PUBLIC"
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"UI" : "N",
"S" : "U",
"AC" : "H",
"PR" : "N",
"SCORE" : "3.700",
"C" : "L",
"A" : "N",
"I" : "N"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126."
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6619739",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6619739 (Control Desk)",
"name" : "https://www.ibm.com/support/pages/node/6619739"
},
{
"name" : "ibm-controldesk-cve202222330-info-disc (219126)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/219126",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.6.1"
}
]
},
"product_name" : "Control Desk"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"data_format" : "MITRE",
"data_version" : "4.0"
}

114
2022/22xxx/CVE-2022-22483.json
View File

@ -1,18 +1,102 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22483",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_format" : "MITRE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "10.1"
},
{
"version_value" : "9.7"
},
{
"version_value" : "11.1"
},
{
"version_value" : "11.5"
}
]
},
"product_name" : "DB2 for Linux, UNIX and Windows"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"AV" : "N",
"PR" : "L",
"S" : "U",
"AC" : "L",
"SCORE" : "6.500",
"C" : "H",
"A" : "N",
"I" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979."
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6618779",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6618779",
"title" : "IBM Security Bulletin 6618779 (DB2 for Linux, UNIX and Windows)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/225979",
"refsource" : "XF",
"name" : "ibm-db2-cve202222483-info-disc (225979)",
"title" : "X-Force Vulnerability Report"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2022-22483",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2022-09-12T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_type" : "CVE"
}

111
2022/34xxx/CVE-2022-34336.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34336",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.5"
},
{
"version_value" : "9.0"
}
]
},
"product_name" : "WebSphere Application Server"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"data_format" : "MITRE",
"data_version" : "4.0",
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2022-34336",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-09-12T00:00:00"
},
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "L",
"S" : "C",
"AC" : "L",
"UI" : "R",
"AV" : "N",
"A" : "N",
"C" : "L",
"SCORE" : "5.400",
"I" : "L"
},
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6619699 (WebSphere Application Server)",
"name" : "https://www.ibm.com/support/pages/node/6619699",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6619699"
},
{
"name" : "ibm-websphere-cve202234336-xss (229714)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/229714",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714.",
"lang" : "eng"
}
]
}
}

118
2022/34xxx/CVE-2022-34356.json
View File

@ -1,18 +1,106 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34356",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_format" : "MITRE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.1"
}
]
},
"product_name" : "VIOS "
},
{
"product_name" : "AIX",
"version" : {
"version_data" : [
{
"version_value" : "7.1"
},
{
"version_value" : "7.2"
},
{
"version_value" : "7.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"C" : "H",
"SCORE" : "8.400",
"A" : "H",
"I" : "H",
"AV" : "L",
"UI" : "N",
"AC" : "L",
"S" : "U",
"PR" : "N"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges. IBM X-Force ID: 230502.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6619721",
"title" : "IBM Security Bulletin 6619721 (AIX)",
"url" : "https://www.ibm.com/support/pages/node/6619721",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/230502",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-aix-cve202234356-priv-escalation (230502)"
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2022-09-12T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2022-34356",
"STATE" : "PUBLIC"
},
"data_type" : "CVE"
}

108
2022/35xxx/CVE-2022-35637.json
View File

@ -1,18 +1,96 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35637",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_version" : "4.0",
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "11.1"
},
{
"version_value" : "11.5"
}
]
},
"product_name" : "DB2 for Linux, UNIX and Windows"
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "N",
"SCORE" : "6.500",
"A" : "H",
"I" : "N",
"AV" : "N",
"UI" : "N",
"S" : "U",
"PR" : "L",
"AC" : "L"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6618775",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6618775",
"title" : "IBM Security Bulletin 6618775 (DB2 for Linux, UNIX and Windows)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/230823",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-db2-cve202235637-dos (230823)"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823."
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2022-09-12T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2022-35637",
"STATE" : "PUBLIC"
}
}

118
2022/36xxx/CVE-2022-36768.json
View File

@ -1,18 +1,106 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36768",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "AIX",
"version" : {
"version_data" : [
{
"version_value" : "7.1"
},
{
"version_value" : "7.2"
},
{
"version_value" : "7.3"
}
]
}
},
{
"product_name" : "VIOS ",
"version" : {
"version_data" : [
{
"version_value" : "3.1"
}
]
}
}
]
}
}
]
}
}
]
}
},
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2022-36768",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-09-12T00:00:00"
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges. IBM X-Force ID: 232014.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6619725 (AIX)",
"name" : "https://www.ibm.com/support/pages/node/6619725",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6619725"
},
{
"name" : "ibm-aix-cve202236768-priv-escalation (232014)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/232014"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "H",
"SCORE" : "8.400",
"C" : "H",
"I" : "H",
"AC" : "L",
"S" : "U",
"PR" : "N",
"UI" : "N",
"AV" : "L"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
}
}