From f57e4d7356100dbe3a145464b33dc47bc32bd63b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Feb 2023 17:00:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/31xxx/CVE-2022-31259.json | 7 ++- 2022/36xxx/CVE-2022-36775.json | 82 ++++++++++++++++++++++++++-- 2022/42xxx/CVE-2022-42439.json | 20 +++---- 2022/43xxx/CVE-2022-43927.json | 83 ++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43929.json | 83 ++++++++++++++++++++++++++-- 2022/46xxx/CVE-2022-46892.json | 5 -- 2023/0xxx/CVE-2023-0822.json | 99 ++++++++++++++++++++++++++++++++-- 2023/0xxx/CVE-2023-0895.json | 85 +++++++++++++++++++++++++++++ 2023/22xxx/CVE-2023-22868.json | 83 ++++++++++++++++++++++++++-- 2023/24xxx/CVE-2023-24369.json | 56 ++++++++++++++++--- 2023/24xxx/CVE-2023-24964.json | 83 ++++++++++++++++++++++++++-- 11 files changed, 641 insertions(+), 45 deletions(-) create mode 100644 2023/0xxx/CVE-2023-0895.json diff --git a/2022/31xxx/CVE-2022-31259.json b/2022/31xxx/CVE-2022-31259.json index 2d7eb489ac9..1f638f217b7 100644 --- a/2022/31xxx/CVE-2022-31259.json +++ b/2022/31xxx/CVE-2022-31259.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1)." + "value": "The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1)." } ] }, @@ -66,6 +66,11 @@ "url": "https://github.com/beego/beego/tree/v2.0.2", "refsource": "MISC", "name": "https://github.com/beego/beego/tree/v2.0.2" + }, + { + "refsource": "MISC", + "name": "https://github.com/advisories/GHSA-qx32-f6g6-fcfr", + "url": "https://github.com/advisories/GHSA-qx32-f6g6-fcfr" } ] } diff --git a/2022/36xxx/CVE-2022-36775.json b/2022/36xxx/CVE-2022-36775.json index 55aee4682f5..5802ab872e6 100644 --- a/2022/36xxx/CVE-2022-36775.json +++ b/2022/36xxx/CVE-2022-36775.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-36775", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "644 Improper Neutralization of HTTP Headers for Scripting Syntax" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Access ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, 10.0.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6953617", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6953617" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233576", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233576" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/42xxx/CVE-2022-42439.json b/2022/42xxx/CVE-2022-42439.json index 3d413a1fb6d..6148dc21a07 100644 --- a/2022/42xxx/CVE-2022-42439.json +++ b/2022/42xxx/CVE-2022-42439.json @@ -40,12 +40,14 @@ "version": { "version_data": [ { - "version_value": "11.0.0.17", - "version_affected": "=" + "version_affected": "<", + "version_name": "11.0.0.17", + "version_value": "11.0.0.19" }, { - "version_value": "12.0.4.0", - "version_affected": "=" + "version_affected": "<", + "version_name": "12.0.4.0", + "version_value": "12.0.5.0" } ] } @@ -58,15 +60,15 @@ }, "references": { "reference_data": [ - { - "url": "https://www.ibm.com/support/pages/node/6890607", - "refsource": "MISC", - "name": "https://www.ibm.com/support/pages/node/6890607" - }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238211", "refsource": "MISC", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238211" + }, + { + "url": "https://www.ibm.com/support/pages/node/6952435", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6952435" } ] }, diff --git a/2022/43xxx/CVE-2022-43927.json b/2022/43xxx/CVE-2022-43927.json index 3110438c11b..30dc7e65dc5 100644 --- a/2022/43xxx/CVE-2022-43927.json +++ b/2022/43xxx/CVE-2022-43927.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43927", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Db2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.5, 11.1 ,11.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6953759", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6953759" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241671", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241671" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/43xxx/CVE-2022-43929.json b/2022/43xxx/CVE-2022-43929.json index 6f8a4d61d9f..1079da4e6cc 100644 --- a/2022/43xxx/CVE-2022-43929.json +++ b/2022/43xxx/CVE-2022-43929.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43929", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Db2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1 and 11.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6953763", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6953763" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241676", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241676" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2022/46xxx/CVE-2022-46892.json b/2022/46xxx/CVE-2022-46892.json index 8dae54aab6d..a8ed3e984df 100644 --- a/2022/46xxx/CVE-2022-46892.json +++ b/2022/46xxx/CVE-2022-46892.json @@ -52,11 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "https://amperecomputing.com/products/security-bulletins/rc_os_re-enable.html", - "refsource": "MISC", - "name": "https://amperecomputing.com/products/security-bulletins/rc_os_re-enable.html" - }, { "refsource": "MISC", "name": "https://amperecomputing.com/products/security-bulletins/root-complex-OS-re-enable", diff --git a/2023/0xxx/CVE-2023-0822.json b/2023/0xxx/CVE-2023-0822.json index daca905cf68..7bfe67d1d2e 100644 --- a/2023/0xxx/CVE-2023-0822.json +++ b/2023/0xxx/CVE-2023-0822.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0822", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285 Improper Authorization", + "cweId": "CWE-285" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Delta Electronics ", + "product": { + "product_data": [ + { + "product_name": "DIAEnergie ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "v1.9.03.001" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06", + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "ICSA-22-298-06", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nDelta did not publicly release v1.9.01.002, v1.9.02.001, and v1.9.03.001, which address these vulnerabilities. Users are encouraged to contact Delta to receive these updates. \n\n
" + } + ], + "value": "\nDelta did not publicly release v1.9.01.002, v1.9.02.001, and v1.9.03.001, which address these vulnerabilities. Users are encouraged to contact Delta to receive these updates. \n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/0xxx/CVE-2023-0895.json b/2023/0xxx/CVE-2023-0895.json new file mode 100644 index 00000000000..ed71eb56cd6 --- /dev/null +++ b/2023/0xxx/CVE-2023-0895.json @@ -0,0 +1,85 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-0895", + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Coder \u2013 add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018id\u2019 parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpcalc", + "product": { + "product_data": [ + { + "product_name": "WP Coder \u2013 add custom html, css and js code", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.5.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4b6a9cd-4d29-4bd8-afa3-b5d455ad8340", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4b6a9cd-4d29-4bd8-afa3-b5d455ad8340" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?old=2757782&old_path=wp-coder%2Ftrunk%2Fadmin%2Fpartials%2Finclude-data.php&new=&new_path=wp-coder%2Ftrunk%2Fadmin%2Fpartials%2Finclude-data.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?old=2757782&old_path=wp-coder%2Ftrunk%2Fadmin%2Fpartials%2Finclude-data.php&new=&new_path=wp-coder%2Ftrunk%2Fadmin%2Fpartials%2Finclude-data.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Etan Imanol Castro Aldrete" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH" + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22868.json b/2023/22xxx/CVE-2023-22868.json index c9566e846e3..d2135ab1358 100644 --- a/2023/22xxx/CVE-2023-22868.json +++ b/2023/22xxx/CVE-2023-22868.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-22868", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Aspera Faspex", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6952319", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6952319" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244117", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244117" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/24xxx/CVE-2023-24369.json b/2023/24xxx/CVE-2023-24369.json index 698d10a0dff..1834a167892 100644 --- a/2023/24xxx/CVE-2023-24369.json +++ b/2023/24xxx/CVE-2023-24369.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-24369", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-24369", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ujcms/ujcms/issues/3", + "refsource": "MISC", + "name": "https://github.com/ujcms/ujcms/issues/3" } ] } diff --git a/2023/24xxx/CVE-2023-24964.json b/2023/24xxx/CVE-2023-24964.json index 6de6f072e44..854e75147cb 100644 --- a/2023/24xxx/CVE-2023-24964.json +++ b/2023/24xxx/CVE-2023-24964.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-24964", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-312 Cleartext Storage of Sensitive Information", + "cweId": "CWE-312" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6953519", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6953519" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/246463", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/246463" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] }