From eeb55ec08918078faef9e35b32fa20ed7d667f2e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 25 Sep 2018 12:05:19 -0400 Subject: [PATCH] - Synchronized data. --- 2018/1xxx/CVE-2018-1539.json | 70 +++++++++++------------ 2018/1xxx/CVE-2018-1560.json | 72 ++++++++++++----------- 2018/1xxx/CVE-2018-1588.json | 108 +++++++++++++++++------------------ 2018/1xxx/CVE-2018-1607.json | 100 ++++++++++++++++---------------- 2018/1xxx/CVE-2018-1659.json | 98 ++++++++++++++++--------------- 2018/1xxx/CVE-2018-1664.json | 104 +++++++++++++++++---------------- 2018/1xxx/CVE-2018-1669.json | 84 +++++++++++++-------------- 7 files changed, 311 insertions(+), 325 deletions(-) diff --git a/2018/1xxx/CVE-2018-1539.json b/2018/1xxx/CVE-2018-1539.json index a27e69c2f3f..871dfd76c2a 100644 --- a/2018/1xxx/CVE-2018-1539.json +++ b/2018/1xxx/CVE-2018-1539.json @@ -1,26 +1,14 @@ { - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 731511 (Rational Engineering Lifecycle Manager)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142561", - "name" : "ibm-relm-cve20181539-forced-browsing (142561)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-09-20T00:00:00", + "ID" : "CVE-2018-1539", + "STATE" : "PUBLIC" }, - "data_type" : "CVE", "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -61,57 +49,67 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561." + "value" : "IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561." } ] }, "impact" : { "cvssv3" : { "BM" : { + "A" : "N", "AC" : "L", - "I" : "L", - "UI" : "R", - "PR" : "L", "AV" : "N", - "S" : "C", "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", "SCORE" : "5.400", - "A" : "N" + "UI" : "R" }, "TM" : { "E" : "U", - "RL" : "O", - "RC" : "C" + "RC" : "C", + "RL" : "O" } } }, - "data_version" : "4.0", "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Gain Access", - "lang" : "eng" + "lang" : "eng", + "value" : "Gain Access" } ] } ] }, - "CVE_data_meta" : { - "ID" : "CVE-2018-1539", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-09-20T00:00:00" - }, - "data_format" : "MITRE" + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511" + }, + { + "name" : "ibm-relm-cve20181539-forced-browsing(142561)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142561" + } + ] + } } diff --git a/2018/1xxx/CVE-2018-1560.json b/2018/1xxx/CVE-2018-1560.json index 25aa996b63b..e8e49711a8c 100644 --- a/2018/1xxx/CVE-2018-1560.json +++ b/2018/1xxx/CVE-2018-1560.json @@ -1,26 +1,14 @@ { - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 731511 (Rational Engineering Lifecycle Manager)", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142958", - "refsource" : "XF", - "name" : "ibm-relm-cve20181560-xss (142958)", - "title" : "X-Force Vulnerability Report" - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-09-20T00:00:00", + "ID" : "CVE-2018-1560", + "STATE" : "PUBLIC" }, - "data_type" : "CVE", "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -61,40 +49,43 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { - "value" : "IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142958.", - "lang" : "eng" + "lang" : "eng", + "value" : "IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142958." } ] }, "impact" : { "cvssv3" : { "BM" : { - "S" : "C", - "PR" : "L", - "AV" : "N", - "UI" : "R", - "I" : "L", - "AC" : "L", "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", "SCORE" : "5.400", - "C" : "L" + "UI" : "R" }, "TM" : { "E" : "H", - "RL" : "O", - "RC" : "C" + "RC" : "C", + "RL" : "O" } } }, - "data_version" : "4.0", "problemtype" : { "problemtype_data" : [ { @@ -107,11 +98,18 @@ } ] }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2018-1560", - "DATE_PUBLIC" : "2018-09-20T00:00:00" - }, - "data_format" : "MITRE" + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511" + }, + { + "name" : "ibm-relm-cve20181560-xss(142958)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142958" + } + ] + } } diff --git a/2018/1xxx/CVE-2018-1588.json b/2018/1xxx/CVE-2018-1588.json index 2a0e34cd8ee..9bb95374ff8 100644 --- a/2018/1xxx/CVE-2018-1588.json +++ b/2018/1xxx/CVE-2018-1588.json @@ -1,60 +1,18 @@ { - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, "CVE_data_meta" : { "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2018-09-20T00:00:00", "ID" : "CVE-2018-1588", - "DATE_PUBLIC" : "2018-09-20T00:00:00" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143501." - } - ] - }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "SCORE" : "7.100", - "C" : "H", - "A" : "L", - "S" : "U", - "PR" : "L", - "AV" : "N", - "UI" : "N", - "AC" : "L", - "I" : "N" - } - } + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "Rational Engineering Lifecycle Manager", "version" : { "version_data" : [ { @@ -88,29 +46,69 @@ "version_value" : "5.02" } ] - }, - "product_name" : "Rational Engineering Lifecycle Manager" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143501." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "L", + "AC" : "L", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "7.100", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, "references" : { "reference_data" : [ { - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511", - "title" : "IBM Security Bulletin 731511 (Rational Engineering Lifecycle Manager)", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511", "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511" + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511" }, { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143501", - "name" : "ibm-jazz-cve20181588-info-disc (143501)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" + "name" : "ibm-jazz-cve20181588-info-disc(143501)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143501" } ] } diff --git a/2018/1xxx/CVE-2018-1607.json b/2018/1xxx/CVE-2018-1607.json index ec870858c86..768f43ac625 100644 --- a/2018/1xxx/CVE-2018-1607.json +++ b/2018/1xxx/CVE-2018-1607.json @@ -1,60 +1,18 @@ { - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, "CVE_data_meta" : { - "DATE_PUBLIC" : "2018-09-20T00:00:00", "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-09-20T00:00:00", "ID" : "CVE-2018-1607", "STATE" : "PUBLIC" }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "PR" : "L", - "AV" : "N", - "S" : "U", - "UI" : "N", - "I" : "N", - "AC" : "L", - "C" : "H", - "SCORE" : "7.100", - "A" : "L" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143797." - } - ] - }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "Rational Engineering Lifecycle Manager", "version" : { "version_data" : [ { @@ -88,27 +46,67 @@ "version_value" : "5.02" } ] - }, - "product_name" : "Rational Engineering Lifecycle Manager" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143797." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "L", + "AC" : "L", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "7.100", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, "references" : { "reference_data" : [ { - "title" : "IBM Security Bulletin 731511 (Rational Engineering Lifecycle Manager)", - "refsource" : "CONFIRM", "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511", + "refsource" : "CONFIRM", "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511" }, { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-relm-cve20181607-xxe (143797)", + "name" : "ibm-relm-cve20181607-xxe(143797)", "refsource" : "XF", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143797" } diff --git a/2018/1xxx/CVE-2018-1659.json b/2018/1xxx/CVE-2018-1659.json index ade6021f3ba..bb3934888da 100644 --- a/2018/1xxx/CVE-2018-1659.json +++ b/2018/1xxx/CVE-2018-1659.json @@ -1,50 +1,10 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144885." - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-09-20T00:00:00", + "ID" : "CVE-2018-1659", + "STATE" : "PUBLIC" }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "H" - }, - "BM" : { - "SCORE" : "5.400", - "A" : "N", - "C" : "L", - "S" : "C", - "AV" : "N", - "PR" : "L", - "UI" : "R", - "AC" : "L", - "I" : "L" - } - } - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 731511 (Rational Engineering Lifecycle Manager)", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144885", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-relm-cve20181659-xss (144885)", - "refsource" : "XF" - } - ] - }, - "data_type" : "CVE", "affects" : { "vendor" : { "vendor_data" : [ @@ -96,6 +56,36 @@ } }, "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144885." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" + }, + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { @@ -108,10 +98,18 @@ } ] }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2018-1659", - "DATE_PUBLIC" : "2018-09-20T00:00:00" + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511" + }, + { + "name" : "ibm-relm-cve20181659-xss(144885)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144885" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1664.json b/2018/1xxx/CVE-2018-1664.json index 36f4121d1ba..3d641b1dec8 100644 --- a/2018/1xxx/CVE-2018-1664.json +++ b/2018/1xxx/CVE-2018-1664.json @@ -1,57 +1,14 @@ { - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2018-1664", "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-09-20T00:00:00" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. IBM X-Force ID: 144890.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "UI" : "N", - "AC" : "L", - "I" : "N", - "S" : "U", - "PR" : "N", - "AV" : "L", - "A" : "N", - "SCORE" : "6.200", - "C" : "H" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } + "DATE_PUBLIC" : "2018-09-20T00:00:00", + "ID" : "CVE-2018-1664", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -111,26 +68,67 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. IBM X-Force ID: 144890." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "L", + "C" : "H", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "6.200", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, "references" : { "reference_data" : [ { - "refsource" : "CONFIRM", "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10730509", - "title" : "IBM Security Bulletin 730509 (DataPower Gateways)", + "refsource" : "CONFIRM", "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10730509" }, { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-websphere-cve20181664-info-disc (144890)", + "name" : "ibm-websphere-cve20181664-info-disc(144890)", "refsource" : "XF", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144890" } ] - }, - "data_type" : "CVE" + } } diff --git a/2018/1xxx/CVE-2018-1669.json b/2018/1xxx/CVE-2018-1669.json index 6044f2ed18b..310486488e4 100644 --- a/2018/1xxx/CVE-2018-1669.json +++ b/2018/1xxx/CVE-2018-1669.json @@ -1,4 +1,10 @@ { + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-09-20T00:00:00", + "ID" : "CVE-2018-1669", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ @@ -6,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "DataPower Gateways", "version" : { "version_data" : [ { @@ -45,10 +52,10 @@ "version_value" : "7.5.2.15" } ] - }, - "product_name" : "DataPower Gateways" + } }, { + "product_name" : "DataPower Gateway CD", "version" : { "version_data" : [ { @@ -58,8 +65,7 @@ "version_value" : "7.7.1.2" } ] - }, - "product_name" : "DataPower Gateway CD" + } } ] }, @@ -68,49 +74,34 @@ ] } }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10730489", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10730489", - "title" : "IBM Security Bulletin 730489 (DataPower Gateways)" - }, - { - "name" : "ibm-websphere-cve20181669-info-disc (144950)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144950" - } - ] - }, + "data_format" : "MITRE", "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { - "value" : "IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950.", - "lang" : "eng" + "lang" : "eng", + "value" : "IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950." } ] }, - "data_version" : "4.0", "impact" : { "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, "BM" : { - "S" : "U", - "PR" : "L", - "AV" : "N", - "UI" : "N", - "AC" : "L", - "I" : "N", - "SCORE" : "7.100", "A" : "L", - "C" : "H" + "AC" : "L", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "7.100", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" } } }, @@ -126,11 +117,18 @@ } ] }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2018-09-20T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1669", - "STATE" : "PUBLIC" - }, - "data_format" : "MITRE" + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10730489", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10730489" + }, + { + "name" : "ibm-websphere-cve20181669-info-disc(144950)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144950" + } + ] + } }