diff --git a/2018/1xxx/CVE-2018-1725.json b/2018/1xxx/CVE-2018-1725.json index 691b065ce36..78ae562fe24 100644 --- a/2018/1xxx/CVE-2018-1725.json +++ b/2018/1xxx/CVE-2018-1725.json @@ -1,99 +1,99 @@ { - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-11-04T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1725" - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. IBM X-Force ID: 147440." - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6359945", - "name" : "https://www.ibm.com/support/pages/node/6359945", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6359945 (QRadar SIEM)" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147440", - "name" : "ibm-qradar-cve20181725-info-disc (147440)" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "SCORE" : "3.200", - "AV" : "L", - "I" : "N", - "S" : "C", - "PR" : "H", - "C" : "L", - "AC" : "L", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_type" : "CVE", - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-11-04T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2018-1725" + }, + "data_version": "4.0", + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "QRadar SIEM", - "version" : { - "version_data" : [ - { - "version_value" : "7.3.0" - }, - { - "version_value" : "7.4" - }, - { - "version_value" : "7.3.3.Patch.5" - }, - { - "version_value" : "7.4.1.Patch.1" - } - ] - } - } - ] - } + "lang": "eng", + "value": "IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. IBM X-Force ID: 147440." } - ] - } - } -} + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6359945", + "name": "https://www.ibm.com/support/pages/node/6359945", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6359945 (QRadar SIEM)" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147440", + "name": "ibm-qradar-cve20181725-info-disc (147440)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "SCORE": "3.200", + "AV": "L", + "I": "N", + "S": "C", + "PR": "H", + "C": "L", + "AC": "L", + "UI": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "data_type": "CVE", + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "QRadar SIEM", + "version": { + "version_data": [ + { + "version_value": "7.3.0" + }, + { + "version_value": "7.4" + }, + { + "version_value": "7.3.3.Patch.5" + }, + { + "version_value": "7.4.1.Patch.1" + } + ] + } + } + ] + } + } + ] + } + } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14222.json b/2020/14xxx/CVE-2020-14222.json index 26eb8f6e45f..9cfae2eb071 100644 --- a/2020/14xxx/CVE-2020-14222.json +++ b/2020/14xxx/CVE-2020-14222.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14222", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HCL Digital Experience", + "version": { + "version_data": [ + { + "version_value": "8.5, 9.0, 9.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0084769", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0084769" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site)." } ] } diff --git a/2020/14xxx/CVE-2020-14240.json b/2020/14xxx/CVE-2020-14240.json index 5efad076bd9..0fd9d67e7aa 100644 --- a/2020/14xxx/CVE-2020-14240.json +++ b/2020/14xxx/CVE-2020-14240.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14240", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HCL Notes", + "version": { + "version_data": [ + { + "version_value": "HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0084789", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0084789" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials." } ] } diff --git a/2020/26xxx/CVE-2020-26505.json b/2020/26xxx/CVE-2020-26505.json index a6f6e8c270d..69a4fa381c8 100644 --- a/2020/26xxx/CVE-2020-26505.json +++ b/2020/26xxx/CVE-2020-26505.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26505", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26505", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the \u201cMarmind\u201d web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow an attacker to perform unauthorized actions in the application on behalf of legitimate users or spread malware via the application. By using the \u201cAssets Upload\u201d function, an attacker can abuse the upload function to upload a malicious PDF file containing a stored XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.marmind.com/en/", + "refsource": "MISC", + "name": "https://www.marmind.com/en/" + }, + { + "refsource": "MISC", + "name": "https://www2.deloitte.com/de/de/pages/risk/articles/marmind-xss.html?nc=1", + "url": "https://www2.deloitte.com/de/de/pages/risk/articles/marmind-xss.html?nc=1" } ] } diff --git a/2020/4xxx/CVE-2020-4097.json b/2020/4xxx/CVE-2020-4097.json index 25413114e53..0b0872e3bf7 100644 --- a/2020/4xxx/CVE-2020-4097.json +++ b/2020/4xxx/CVE-2020-4097.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-4097", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HCL Notes", + "version": { + "version_data": [ + { + "version_value": "HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0084796", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0084796" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client." } ] }