admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-08-13 12:05:30 -04:00
parent 67ed88c266
commit f4df42a8af
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
4 changed files with 176 additions and 175 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
2016/2xxx/CVE-2016-2922.json
View File

@ -1,53 +1,10 @@
{
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10718377",
"title" : "IBM Security Bulletin 718377 (Rational ClearQuest)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10718377"
},
{
"refsource" : "XF",
"name" : "ibm-clearquest-cve20162922-spoofing (113353)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113353",
"title" : "X-Force Vulnerability Report"
}
]
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-08-09T00:00:00",
"ID" : "CVE-2016-2922",
"STATE" : "PUBLIC"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"SCORE" : "3.700",
"S" : "U",
"A" : "N",
"AC" : "H",
"C" : "L",
"UI" : "N",
"AV" : "N",
"I" : "N",
"PR" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -55,6 +12,7 @@
"product" : {
"product_data" : [
{
"product_name" : "Rational ClearQuest",
"version" : {
"version_data" : [
{
@ -211,8 +169,7 @@
"version_value" : "9.0.1.3"
}
]
},
"product_name" : "Rational ClearQuest"
}
}
]
},
@ -221,20 +178,61 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.",
"lang" : "eng"
"lang" : "eng",
"value" : "IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353."
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2016-2922",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-08-09T00:00:00"
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "3.700",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10718377",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10718377"
},
{
"name" : "ibm-clearquest-cve20162922-spoofing(113353)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113353"
}
]
}
}

110
2017/1xxx/CVE-2017-1286.json
View File

@ -1,61 +1,10 @@
{
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"PR" : "L",
"AV" : "N",
"I" : "N",
"UI" : "N",
"C" : "L",
"S" : "U",
"A" : "N",
"SCORE" : "3.100",
"AC" : "H"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=swg2C1000377",
"title" : "IBM Security Bulletin C1000377 (UrbanCode Deploy)",
"url" : "https://www.ibm.com/support/docview.wss?uid=swg2C1000377",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-ucd-cve20171286-info-disc (125147)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125147",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2017-1286",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-08-06T00:00:00"
"DATE_PUBLIC" : "2018-08-06T00:00:00",
"ID" : "CVE-2017-1286",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -193,11 +142,60 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147.",
"lang" : "eng"
"lang" : "eng",
"value" : "Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "3.100",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=swg2C1000377",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=swg2C1000377"
},
{
"name" : "ibm-ucd-cve20171286-info-disc(125147)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125147"
}
]
}

116
2017/1xxx/CVE-2017-1749.json
View File

@ -1,53 +1,10 @@
{
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=swg2C1000374",
"title" : "IBM Security Bulletin C1000374 (UrbanCode Deploy)",
"name" : "https://www.ibm.com/support/docview.wss?uid=swg2C1000374"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/135522",
"name" : "ibm-ucd-cve20171749-path-traversal (135522)",
"refsource" : "XF"
}
]
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-08-06T00:00:00",
"ID" : "CVE-2017-1749",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "File Manipulation",
"lang" : "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"C" : "N",
"AC" : "L",
"A" : "N",
"S" : "U",
"SCORE" : "5.300",
"PR" : "N",
"I" : "L",
"AV" : "N"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -55,6 +12,7 @@
"product" : {
"product_data" : [
{
"product_name" : "UrbanCode Deploy",
"version" : {
"version_data" : [
{
@ -178,8 +136,7 @@
"version_value" : "6.2.6.1"
}
]
},
"product_name" : "UrbanCode Deploy"
}
}
]
},
@ -188,20 +145,61 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522.",
"lang" : "eng"
"lang" : "eng",
"value" : "IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522."
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"CVE_data_meta" : {
"ID" : "CVE-2017-1749",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-08-06T00:00:00",
"STATE" : "PUBLIC"
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "N",
"I" : "L",
"PR" : "N",
"S" : "U",
"SCORE" : "5.300",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "File Manipulation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=swg2C1000374",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=swg2C1000374"
},
{
"name" : "ibm-ucd-cve20171749-path-traversal(135522)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/135522"
}
]
}
}

9
2018/11xxx/CVE-2018-11770.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "From version 1.3.0 onward, Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs via spark-submit. However, the REST API does not use this or any other authentication mechanism, and this is not adequately documented. In this case, a user would be able to run a driver program without authenticating, but not launch executors, using the REST API. This REST API is also used by Mesos, when set up to run in cluster mode (i.e., when also running MesosClusterDispatcher), for job submission. Future versions of Spark will improve documentation on these points, and prohibit setting 'spark.authenticate.secret' when running the REST APIs, to make this clear. Future versions will also disable the REST API by default in the standalone master by changing the default value of 'spark.master.rest.enabled' to 'false'."
"value" : "From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs via spark-submit. However, the REST API does not use this or any other authentication mechanism, and this is not adequately documented. In this case, a user would be able to run a driver program without authenticating, but not launch executors, using the REST API. This REST API is also used by Mesos, when set up to run in cluster mode (i.e., when also running MesosClusterDispatcher), for job submission. Future versions of Spark will improve documentation on these points, and prohibit setting 'spark.authenticate.secret' when running the REST APIs, to make this clear. Future versions will also disable the REST API by default in the standalone master by changing the default value of 'spark.master.rest.enabled' to 'false'."
}
]
},
@ -54,7 +54,14 @@
"references" : {
"reference_data" : [
{
"name" : "[dev] 20180813 CVE-2018-11770: Apache Spark standalone master, Mesos REST APIs not controlled by authentication",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485@%3Cdev.spark.apache.org%3E"
},
{
"name" : "https://spark.apache.org/security.html#CVE-2018-11770",
"refsource" : "CONFIRM",
"url" : "https://spark.apache.org/security.html#CVE-2018-11770"
}
]
}