admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-07-26 13:00:56 +00:00
parent 4e1ba376ac
commit ebc8fb9646
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
12 changed files with 996 additions and 929 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

172
2020/4xxx/CVE-2020-4623.json
View File

@ -1,90 +1,90 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM i2 iBase 8.9.13 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a DLL search order hijacking flaw. By using a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 184984.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6474857 (i2 iBase)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6474857",
"name" : "https://www.ibm.com/support/pages/node/6474857"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184984",
"name" : "ibm-i2-cve20204623-code-exec (184984)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "i2 iBase",
"version" : {
"version_data" : [
{
"version_value" : "8.9.13"
}
]
}
}
]
}
"value": "IBM i2 iBase 8.9.13 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a DLL search order hijacking flaw. By using a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 184984.",
"lang": "eng"
}
]
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6474857 (i2 iBase)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6474857",
"name": "https://www.ibm.com/support/pages/node/6474857"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184984",
"name": "ibm-i2-cve20204623-code-exec (184984)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "i2 iBase",
"version": {
"version_data": [
{
"version_value": "8.9.13"
}
]
}
}
]
}
}
]
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"A" : "H",
"I" : "H",
"SCORE" : "7.700",
"AC" : "L",
"C" : "H",
"UI" : "R",
"AV" : "L",
"PR" : "H",
"S" : "C"
}
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4623",
"DATE_PUBLIC" : "2021-07-23T00:00:00"
}
}
}
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"A": "H",
"I": "H",
"SCORE": "7.700",
"AC": "L",
"C": "H",
"UI": "R",
"AV": "L",
"PR": "H",
"S": "C"
}
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4623",
"DATE_PUBLIC": "2021-07-23T00:00:00"
}
}

192
2021/20xxx/CVE-2021-20337.json
View File

@ -1,99 +1,99 @@
{
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-07-23T00:00:00",
"ID" : "CVE-2021-20337",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"PR" : "N",
"AV" : "N",
"UI" : "N",
"C" : "H",
"AC" : "H",
"SCORE" : "5.900",
"I" : "N",
"A" : "N"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 194448."
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "QRadar SIEM",
"version" : {
"version_data" : [
{
"version_value" : "7.3.0"
},
{
"version_value" : "7.4.0"
},
{
"version_value" : "7.4.3"
},
{
"version_value" : "7.3.Patch.8"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6474847",
"url" : "https://www.ibm.com/support/pages/node/6474847",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6474847 (QRadar SIEM)"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-qradar-cve202120337-info-disc (194448)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/194448"
}
]
}
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-07-23T00:00:00",
"ID": "CVE-2021-20337",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"PR": "N",
"AV": "N",
"UI": "N",
"C": "H",
"AC": "H",
"SCORE": "5.900",
"I": "N",
"A": "N"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 194448."
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QRadar SIEM",
"version": {
"version_data": [
{
"version_value": "7.3.0"
},
{
"version_value": "7.4.0"
},
{
"version_value": "7.4.3"
},
{
"version_value": "7.3.Patch.8"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6474847",
"url": "https://www.ibm.com/support/pages/node/6474847",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6474847 (QRadar SIEM)"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-qradar-cve202120337-info-disc (194448)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194448"
}
]
}
}

184
2021/20xxx/CVE-2021-20430.json
View File

@ -1,96 +1,96 @@
{
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6474861 (i2 Analyze)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6474861",
"name" : "https://www.ibm.com/support/pages/node/6474861"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196341",
"name" : "ibm-i2-cve202120430-info-disc (196341)"
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "4.3.0"
},
{
"version_value" : "4.3.1"
},
{
"version_value" : "4.3.2"
}
]
},
"product_name" : "i2 Analyze"
}
]
}
"title": "IBM Security Bulletin 6474861 (i2 Analyze)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6474861",
"name": "https://www.ibm.com/support/pages/node/6474861"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196341",
"name": "ibm-i2-cve202120430-info-disc (196341)"
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341."
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-07-23T00:00:00",
"ID" : "CVE-2021-20430",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"SCORE" : "5.300",
"I" : "N",
"C" : "L",
"AC" : "L",
"UI" : "N",
"AV" : "N",
"PR" : "N",
"S" : "U"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "4.3.0"
},
{
"version_value": "4.3.1"
},
{
"version_value": "4.3.2"
}
]
},
"product_name": "i2 Analyze"
}
]
}
}
]
}
]
},
"data_type" : "CVE"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341."
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-07-23T00:00:00",
"ID": "CVE-2021-20430",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"SCORE": "5.300",
"I": "N",
"C": "L",
"AC": "L",
"UI": "N",
"AV": "N",
"PR": "N",
"S": "U"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_type": "CVE"
}

186
2021/20xxx/CVE-2021-20431.json
View File

@ -1,96 +1,96 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"I" : "N",
"SCORE" : "4.300",
"A" : "N",
"AV" : "N",
"UI" : "R",
"C" : "L",
"AC" : "L",
"PR" : "N",
"S" : "U"
}
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-07-23T00:00:00",
"ID" : "CVE-2021-20431",
"ASSIGNER" : "psirt@us.ibm.com"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. IBM X-Force ID: 196342."
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6474865",
"url" : "https://www.ibm.com/support/pages/node/6474865",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6474865 (i2 Analyst's Notebook Premium)"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196342",
"name" : "ibm-i2-cve202120431-info-disc (196342)"
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "i2 Analyst's Notebook Premium",
"version" : {
"version_data" : [
{
"version_value" : "9.2.0"
},
{
"version_value" : "9.2.1"
},
{
"version_value" : "9.2.2"
}
]
}
}
]
}
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
}
}
]
},
"data_type": "CVE",
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"I": "N",
"SCORE": "4.300",
"A": "N",
"AV": "N",
"UI": "R",
"C": "L",
"AC": "L",
"PR": "N",
"S": "U"
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-07-23T00:00:00",
"ID": "CVE-2021-20431",
"ASSIGNER": "psirt@us.ibm.com"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. IBM X-Force ID: 196342."
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6474865",
"url": "https://www.ibm.com/support/pages/node/6474865",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6474865 (i2 Analyst's Notebook Premium)"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196342",
"name": "ibm-i2-cve202120431-info-disc (196342)"
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "i2 Analyst's Notebook Premium",
"version": {
"version_data": [
{
"version_value": "9.2.0"
},
{
"version_value": "9.2.1"
},
{
"version_value": "9.2.2"
}
]
}
}
]
}
}
]
}
}
}

178
2021/20xxx/CVE-2021-20560.json
View File

@ -1,93 +1,93 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 199229."
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.5.0.2"
},
{
"version_value" : "1.4.1.1"
}
]
},
"product_name" : "Sterling Connect:Direct Browser User Interface"
}
]
}
"lang": "eng",
"value": "IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 199229."
}
]
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6474829 (Sterling Connect:Direct Browser User Interface)",
"name" : "https://www.ibm.com/support/pages/node/6474829",
"url" : "https://www.ibm.com/support/pages/node/6474829"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199229",
"name" : "ibm-sterling-cve202120560-clickjacking (199229)"
}
]
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.5.0.2"
},
{
"version_value": "1.4.1.1"
}
]
},
"product_name": "Sterling Connect:Direct Browser User Interface"
}
]
}
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-07-23T00:00:00",
"ID" : "CVE-2021-20560",
"ASSIGNER" : "psirt@us.ibm.com"
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "C",
"PR" : "L",
"AC" : "L",
"C" : "L",
"AV" : "N",
"UI" : "R",
"A" : "N",
"I" : "L",
"SCORE" : "5.400"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_format" : "MITRE"
}
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6474829 (Sterling Connect:Direct Browser User Interface)",
"name": "https://www.ibm.com/support/pages/node/6474829",
"url": "https://www.ibm.com/support/pages/node/6474829"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199229",
"name": "ibm-sterling-cve202120560-clickjacking (199229)"
}
]
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-07-23T00:00:00",
"ID": "CVE-2021-20560",
"ASSIGNER": "psirt@us.ibm.com"
},
"impact": {
"cvssv3": {
"BM": {
"S": "C",
"PR": "L",
"AC": "L",
"C": "L",
"AV": "N",
"UI": "R",
"A": "N",
"I": "L",
"SCORE": "5.400"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"data_format": "MITRE"
}

61
2021/26xxx/CVE-2021-26824.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26824",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-26824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DM FingerTool v1.19 in the DM PD065 Secure USB is susceptible to improper authentication by a replay attack, allowing local attackers to bypass user authentication and access all features and data on the USB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://sites.google.com/view/boss-lab",
"url": "https://sites.google.com/view/boss-lab"
},
{
"refsource": "MISC",
"name": "https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-xvrv-w76r-gh28",
"url": "https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-xvrv-w76r-gh28"
}
]
}

188
2021/29xxx/CVE-2021-29766.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-07-23T00:00:00",
"ID" : "CVE-2021-29766",
"ASSIGNER" : "psirt@us.ibm.com"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"AV" : "N",
"UI" : "N",
"AC" : "L",
"C" : "L",
"I" : "N",
"SCORE" : "5.300",
"A" : "N",
"S" : "U",
"PR" : "N"
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6474881",
"url" : "https://www.ibm.com/support/pages/node/6474881",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6474881 (i2 Analyze)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/202680",
"name" : "ibm-i2-cve202129766-info-disc (202680)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "4.3.0"
},
{
"version_value" : "4.3.1"
},
{
"version_value" : "4.3.2"
}
]
},
"product_name" : "i2 Analyze"
}
]
}
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-07-23T00:00:00",
"ID": "CVE-2021-29766",
"ASSIGNER": "psirt@us.ibm.com"
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"AV": "N",
"UI": "N",
"AC": "L",
"C": "L",
"I": "N",
"SCORE": "5.300",
"A": "N",
"S": "U",
"PR": "N"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680.",
"lang" : "eng"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6474881",
"url": "https://www.ibm.com/support/pages/node/6474881",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6474881 (i2 Analyze)"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202680",
"name": "ibm-i2-cve202129766-info-disc (202680)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "4.3.0"
},
{
"version_value": "4.3.1"
},
{
"version_value": "4.3.2"
}
]
},
"product_name": "i2 Analyze"
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"value": "IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680.",
"lang": "eng"
}
]
}
}

186
2021/29xxx/CVE-2021-29767.json
View File

@ -1,96 +1,96 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-07-23T00:00:00",
"ID" : "CVE-2021-29767",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"PR" : "N",
"S" : "U",
"SCORE" : "5.300",
"I" : "N",
"A" : "N",
"AV" : "N",
"UI" : "N",
"C" : "L",
"AC" : "L"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681."
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.2.0"
},
{
"version_value" : "9.2.1"
},
{
"version_value" : "9.2.2"
}
]
},
"product_name" : "i2 Analyst's Notebook Premium"
}
]
}
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6474885 (i2 Analyst's Notebook Premium)",
"name" : "https://www.ibm.com/support/pages/node/6474885",
"url" : "https://www.ibm.com/support/pages/node/6474885"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/202681",
"name" : "ibm-i2-cve202129767-info-disc (202681)"
}
]
}
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"DATE_PUBLIC": "2021-07-23T00:00:00",
"ID": "CVE-2021-29767",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"PR": "N",
"S": "U",
"SCORE": "5.300",
"I": "N",
"A": "N",
"AV": "N",
"UI": "N",
"C": "L",
"AC": "L"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681."
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "9.2.0"
},
{
"version_value": "9.2.1"
},
{
"version_value": "9.2.2"
}
]
},
"product_name": "i2 Analyst's Notebook Premium"
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6474885 (i2 Analyst's Notebook Premium)",
"name": "https://www.ibm.com/support/pages/node/6474885",
"url": "https://www.ibm.com/support/pages/node/6474885"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202681",
"name": "ibm-i2-cve202129767-info-disc (202681)"
}
]
}
}

188
2021/29xxx/CVE-2021-29769.json
View File

@ -1,96 +1,96 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"PR" : "N",
"AC" : "H",
"C" : "L",
"UI" : "R",
"AV" : "N",
"A" : "N",
"SCORE" : "3.100",
"I" : "N"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2021-29769",
"DATE_PUBLIC" : "2021-07-23T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "4.3.0"
},
{
"version_value" : "4.3.1"
},
{
"version_value" : "4.3.2"
}
]
},
"product_name" : "i2 Analyze"
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"PR": "N",
"AC": "H",
"C": "L",
"UI": "R",
"AV": "N",
"A": "N",
"SCORE": "3.100",
"I": "N"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
]
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6474883",
"url" : "https://www.ibm.com/support/pages/node/6474883",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6474883 (i2 Analyze)"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/202769",
"name" : "ibm-i2-cve202129769-info-disc (202769)"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 202769.",
"lang" : "eng"
}
]
}
}
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2021-29769",
"DATE_PUBLIC": "2021-07-23T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "4.3.0"
},
{
"version_value": "4.3.1"
},
{
"version_value": "4.3.2"
}
]
},
"product_name": "i2 Analyze"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6474883",
"url": "https://www.ibm.com/support/pages/node/6474883",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6474883 (i2 Analyze)"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202769",
"name": "ibm-i2-cve202129769-info-disc (202769)"
}
]
},
"description": {
"description_data": [
{
"value": "IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 202769.",
"lang": "eng"
}
]
}
}

188
2021/29xxx/CVE-2021-29770.json
View File

@ -1,96 +1,96 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "C",
"PR" : "L",
"AV" : "N",
"UI" : "R",
"C" : "N",
"AC" : "L",
"I" : "L",
"SCORE" : "4.100",
"A" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-07-23T00:00:00",
"ID" : "CVE-2021-29770",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6474877",
"name" : "https://www.ibm.com/support/pages/node/6474877",
"title" : "IBM Security Bulletin 6474877 (i2 Analyze)",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-i2-cve202129770-input-validation (202771)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/202771"
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "4.3.0"
},
{
"version_value" : "4.3.1"
},
{
"version_value" : "4.3.2"
}
]
},
"product_name" : "i2 Analyze"
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"BM": {
"S": "C",
"PR": "L",
"AV": "N",
"UI": "R",
"C": "N",
"AC": "L",
"I": "L",
"SCORE": "4.100",
"A": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 202771.",
"lang" : "eng"
}
]
}
}
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"DATE_PUBLIC": "2021-07-23T00:00:00",
"ID": "CVE-2021-29770",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6474877",
"name": "https://www.ibm.com/support/pages/node/6474877",
"title": "IBM Security Bulletin 6474877 (i2 Analyze)",
"refsource": "CONFIRM"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-i2-cve202129770-input-validation (202771)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202771"
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "4.3.0"
},
{
"version_value": "4.3.1"
},
{
"version_value": "4.3.2"
}
]
},
"product_name": "i2 Analyze"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"value": "IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 202771.",
"lang": "eng"
}
]
}
}

184
2021/29xxx/CVE-2021-29784.json
View File

@ -1,96 +1,96 @@
{
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6474875",
"url" : "https://www.ibm.com/support/pages/node/6474875",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6474875 (i2 Analyze)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/203168",
"name" : "ibm-i2-cve202129784-info-disc (203168)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "i2 Analyze",
"version" : {
"version_data" : [
{
"version_value" : "4.3.0"
},
{
"version_value" : "4.3.1"
},
{
"version_value" : "4.3.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
"name": "https://www.ibm.com/support/pages/node/6474875",
"url": "https://www.ibm.com/support/pages/node/6474875",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6474875 (i2 Analyze)"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203168",
"name": "ibm-i2-cve202129784-info-disc (203168)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 203168.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-29784",
"DATE_PUBLIC" : "2021-07-23T00:00:00"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"S" : "U",
"PR" : "L",
"AV" : "N",
"UI" : "N",
"AC" : "L",
"C" : "L",
"I" : "N",
"SCORE" : "4.300",
"A" : "N"
}
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "i2 Analyze",
"version": {
"version_data": [
{
"version_value": "4.3.0"
},
{
"version_value": "4.3.1"
},
{
"version_value": "4.3.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_type" : "CVE"
}
}
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 203168.",
"lang": "eng"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-29784",
"DATE_PUBLIC": "2021-07-23T00:00:00"
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"S": "U",
"PR": "L",
"AV": "N",
"UI": "N",
"AC": "L",
"C": "L",
"I": "N",
"SCORE": "4.300",
"A": "N"
}
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_type": "CVE"
}

18
2021/37xxx/CVE-2021-37533.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37533",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}