From f13058806120ee41eb6712d298a2a943e7c4c5b4 Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Mon, 20 Jul 2020 10:00:39 -0400 Subject: [PATCH] IBM20200720-10039 Added CVE-2020-4466, CVE-2020-4361, CVE-2020-4527 --- 2020/4xxx/CVE-2020-4361.json | 102 +++++++++++++++++++++++++++++----- 2020/4xxx/CVE-2020-4466.json | 105 ++++++++++++++++++++++++++++++----- 2020/4xxx/CVE-2020-4527.json | 102 +++++++++++++++++++++++++++++----- 3 files changed, 264 insertions(+), 45 deletions(-) diff --git a/2020/4xxx/CVE-2020-4361.json b/2020/4xxx/CVE-2020-4361.json index 420b463bec5..26dbd96a05f 100644 --- a/2020/4xxx/CVE-2020-4361.json +++ b/2020/4xxx/CVE-2020-4361.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4361", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "PR" : "L", + "A" : "N", + "I" : "N", + "S" : "U", + "SCORE" : "4.300", + "AV" : "N", + "AC" : "L", + "UI" : "N", + "C" : "L" + } + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766." + } + ] + }, + "data_format" : "MITRE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2020-4361", + "DATE_PUBLIC" : "2020-07-17T00:00:00", + "STATE" : "PUBLIC" + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/6249981", + "title" : "IBM Security Bulletin 6249981 (Planning Analytics)", + "name" : "https://www.ibm.com/support/pages/node/6249981" + }, + { + "name" : "ibm-planning-cve20204361-info-disc (178766)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/178766", + "refsource" : "XF" + } + ] + }, + "data_type" : "CVE", + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.0" + } + ] + }, + "product_name" : "Planning Analytics" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2020/4xxx/CVE-2020-4466.json b/2020/4xxx/CVE-2020-4466.json index a001dd12179..4f19ca719b9 100644 --- a/2020/4xxx/CVE-2020-4466.json +++ b/2020/4xxx/CVE-2020-4466.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4466", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "BM" : { + "SCORE" : "6.500", + "S" : "U", + "C" : "N", + "UI" : "N", + "AV" : "N", + "AC" : "L", + "A" : "H", + "PR" : "L", + "I" : "N" + }, + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + } + } + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "value" : "IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "ID" : "CVE-2020-4466", + "DATE_PUBLIC" : "2020-07-17T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6250473 (MQ for HPE NonStop)", + "url" : "https://www.ibm.com/support/pages/node/6250473", + "name" : "https://www.ibm.com/support/pages/node/6250473" + }, + { + "name" : "ibm-mq-cve20204466-dos (181563)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181563", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "8.1.0" + }, + { + "version_value" : "8.0.4" + } + ] + }, + "product_name" : "MQ for HPE NonStop" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Denial of Service" + } + ] + } + ] + }, + "data_version" : "4.0" +} diff --git a/2020/4xxx/CVE-2020-4527.json b/2020/4xxx/CVE-2020-4527.json index 651d7dc2ea9..acaae019bf1 100644 --- a/2020/4xxx/CVE-2020-4527.json +++ b/2020/4xxx/CVE-2020-4527.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4527", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/6249981", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6249981 (Planning Analytics)", + "url" : "https://www.ibm.com/support/pages/node/6249981" + }, + { + "name" : "ibm-planning-cve20204527-info-disc (182631)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/182631", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "ID" : "CVE-2020-4527", + "DATE_PUBLIC" : "2020-07-17T00:00:00" + }, + "data_type" : "CVE", + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Planning Analytics", + "version" : { + "version_data" : [ + { + "version_value" : "2.0" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "UI" : "N", + "AV" : "N", + "AC" : "H", + "C" : "H", + "SCORE" : "5.900", + "S" : "U", + "I" : "N", + "PR" : "N", + "A" : "N" + } + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 182631." + } + ] + }, + "data_format" : "MITRE" +}