admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-10-07 19:01:00 +00:00
parent 5725357961
commit fdecca354b
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
17 changed files with 1185 additions and 1155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/13xxx/CVE-2020-13956.json
View File

@ -293,6 +293,11 @@
"refsource": "MLIST",
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"url": "https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2@%3Cissues.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-issues] 20211007 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"url": "https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a@%3Cissues.lucene.apache.org%3E"
}
]
},

216
2021/20xxx/CVE-2021-20372.json
View File

@ -1,111 +1,111 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518."
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6496805",
"title" : "IBM Security Bulletin 6496805 (Sterling File Gateway)",
"url" : "https://www.ibm.com/support/pages/node/6496805"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sterling-cve202120372-dos (195518)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/195518"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"I" : "N",
"AC" : "L",
"SCORE" : "4.300",
"PR" : "L",
"AV" : "N",
"UI" : "N",
"A" : "L",
"C" : "N",
"S" : "U"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.2.0.0"
},
{
"version_value" : "6.0.1.0"
},
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "5.2.6.5_3"
},
{
"version_value" : "6.0.0.6"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.1.0.1"
}
]
},
"product_name" : "Sterling File Gateway"
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518."
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2021-20372",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-10-06T00:00:00"
}
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6496805",
"title": "IBM Security Bulletin 6496805 (Sterling File Gateway)",
"url": "https://www.ibm.com/support/pages/node/6496805"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-sterling-cve202120372-dos (195518)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195518"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"I": "N",
"AC": "L",
"SCORE": "4.300",
"PR": "L",
"AV": "N",
"UI": "N",
"A": "L",
"C": "N",
"S": "U"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.2.0.0"
},
{
"version_value": "6.0.1.0"
},
{
"version_value": "6.0.0.0"
},
{
"version_value": "5.2.6.5_3"
},
{
"version_value": "6.0.0.6"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.1.0.1"
}
]
},
"product_name": "Sterling File Gateway"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2021-20372",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-06T00:00:00"
}
}

206
2021/20xxx/CVE-2021-20375.json
View File

@ -1,105 +1,105 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Sterling File Gateway",
"version" : {
"version_data" : [
{
"version_value" : "2.2.0.0"
},
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "5.2.6.5_3"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.1.0.1"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2021-20375",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-10-06T00:00:00",
"STATE" : "PUBLIC"
},
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"C" : "N",
"A" : "N",
"UI" : "N",
"AV" : "N",
"SCORE" : "6.500",
"AC" : "L",
"PR" : "L",
"I" : "H"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6496803",
"name" : "https://www.ibm.com/support/pages/node/6496803",
"title" : "IBM Security Bulletin 6496803 (Sterling File Gateway)",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-sterling-cve202120375-data-manipulation (195567)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/195567"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Data Manipulation"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Sterling File Gateway",
"version": {
"version_data": [
{
"version_value": "2.2.0.0"
},
{
"version_value": "6.0.0.0"
},
{
"version_value": "5.2.6.5_3"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.1.0.1"
}
]
}
}
]
}
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567."
}
]
}
}
}
},
"CVE_data_meta": {
"ID": "CVE-2021-20375",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-06T00:00:00",
"STATE": "PUBLIC"
},
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"C": "N",
"A": "N",
"UI": "N",
"AV": "N",
"SCORE": "6.500",
"AC": "L",
"PR": "L",
"I": "H"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6496803",
"name": "https://www.ibm.com/support/pages/node/6496803",
"title": "IBM Security Bulletin 6496803 (Sterling File Gateway)",
"refsource": "CONFIRM"
},
{
"name": "ibm-sterling-cve202120375-data-manipulation (195567)",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195567"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567."
}
]
}
}

204
2021/20xxx/CVE-2021-20376.json
View File

@ -1,105 +1,105 @@
{
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "N",
"AC" : "L",
"SCORE" : "4.300",
"PR" : "L",
"AV" : "N",
"UI" : "N",
"A" : "N",
"C" : "L",
"S" : "U"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2021-20376",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-10-06T00:00:00",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.2.0.0"
},
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "5.2.6.5_3"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.1.0.1"
}
]
},
"product_name" : "Sterling File Gateway"
}
]
}
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"I": "N",
"AC": "L",
"SCORE": "4.300",
"PR": "L",
"AV": "N",
"UI": "N",
"A": "N",
"C": "L",
"S": "U"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
}
},
"data_type": "CVE",
"CVE_data_meta": {
"ID": "CVE-2021-20376",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-06T00:00:00",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.2.0.0"
},
{
"version_value": "6.0.0.0"
},
{
"version_value": "5.2.6.5_3"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.1.0.1"
}
]
},
"product_name": "Sterling File Gateway"
}
]
}
}
]
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6496789",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6496789",
"title" : "IBM Security Bulletin 6496789 (Sterling File Gateway)"
},
{
"refsource" : "XF",
"name" : "ibm-sterling-cve202120376-info-disc (195568)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/195568"
}
]
}
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6496789",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6496789",
"title": "IBM Security Bulletin 6496789 (Sterling File Gateway)"
},
{
"refsource": "XF",
"name": "ibm-sterling-cve202120376-info-disc (195568)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195568"
}
]
}
}

204
2021/20xxx/CVE-2021-20473.json
View File

@ -1,105 +1,105 @@
{
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"I" : "L",
"SCORE" : "6.300",
"AC" : "L",
"PR" : "L",
"AV" : "N",
"UI" : "N",
"A" : "L",
"C" : "L",
"S" : "U"
}
}
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.2.0.0"
},
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "5.2.6.5_3"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.1.0.1"
}
]
},
"product_name" : "Sterling File Gateway"
}
]
},
"vendor_name" : "IBM"
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"I": "L",
"SCORE": "6.300",
"AC": "L",
"PR": "L",
"AV": "N",
"UI": "N",
"A": "L",
"C": "L",
"S": "U"
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2021-20473",
"DATE_PUBLIC" : "2021-10-06T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944."
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6496785",
"title" : "IBM Security Bulletin 6496785 (Sterling File Gateway)",
"url" : "https://www.ibm.com/support/pages/node/6496785"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196944",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sterling-cve202120473-session-fixation (196944)"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
}
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.2.0.0"
},
{
"version_value": "6.0.0.0"
},
{
"version_value": "5.2.6.5_3"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.1.0.1"
}
]
},
"product_name": "Sterling File Gateway"
}
]
},
"vendor_name": "IBM"
}
]
}
]
}
}
}
},
"CVE_data_meta": {
"ID": "CVE-2021-20473",
"DATE_PUBLIC": "2021-10-06T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6496785",
"title": "IBM Security Bulletin 6496785 (Sterling File Gateway)",
"url": "https://www.ibm.com/support/pages/node/6496785"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196944",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-sterling-cve202120473-session-fixation (196944)"
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
}
}

218
2021/20xxx/CVE-2021-20481.json
View File

@ -1,111 +1,111 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.2.0.0"
},
{
"version_value" : "6.0.1.0"
},
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "5.2.6.5_3"
},
{
"version_value" : "6.0.0.6"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.1.0.1"
}
]
},
"product_name" : "Sterling File Gateway"
}
]
}
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2021-20481",
"DATE_PUBLIC" : "2021-10-06T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
},
"BM" : {
"AV" : "N",
"I" : "L",
"PR" : "L",
"SCORE" : "5.400",
"AC" : "L",
"C" : "L",
"S" : "C",
"UI" : "R",
"A" : "N"
}
}
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6496781 (Sterling File Gateway)",
"name" : "https://www.ibm.com/support/pages/node/6496781",
"url" : "https://www.ibm.com/support/pages/node/6496781"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sterling-cve202120481-xss (197503)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/197503"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.2.0.0"
},
{
"version_value": "6.0.1.0"
},
{
"version_value": "6.0.0.0"
},
{
"version_value": "5.2.6.5_3"
},
{
"version_value": "6.0.0.6"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.1.0.1"
}
]
},
"product_name": "Sterling File Gateway"
}
]
}
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197503.",
"lang" : "eng"
}
]
}
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2021-20481",
"DATE_PUBLIC": "2021-10-06T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "H",
"RL": "O"
},
"BM": {
"AV": "N",
"I": "L",
"PR": "L",
"SCORE": "5.400",
"AC": "L",
"C": "L",
"S": "C",
"UI": "R",
"A": "N"
}
}
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6496781 (Sterling File Gateway)",
"name": "https://www.ibm.com/support/pages/node/6496781",
"url": "https://www.ibm.com/support/pages/node/6496781"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-sterling-cve202120481-xss (197503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197503"
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197503.",
"lang": "eng"
}
]
}
}

216
2021/20xxx/CVE-2021-20489.json
View File

@ -1,111 +1,111 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6496777",
"title" : "IBM Security Bulletin 6496777 (Sterling File Gateway)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6496777"
},
{
"refsource" : "XF",
"name" : "ibm-sterling-cve202120489-csrf (197790)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/197790"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Sterling File Gateway",
"version" : {
"version_data" : [
{
"version_value" : "2.2.0.0"
},
{
"version_value" : "6.0.1.0"
},
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "6.1.0.3"
},
{
"version_value" : "5.2.6.5_3"
},
{
"version_value" : "6.0.0.6"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.0"
}
]
}
}
]
}
"name": "https://www.ibm.com/support/pages/node/6496777",
"title": "IBM Security Bulletin 6496777 (Sterling File Gateway)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6496777"
},
{
"refsource": "XF",
"name": "ibm-sterling-cve202120489-csrf (197790)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197790"
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-10-06T00:00:00",
"ID" : "CVE-2021-20489"
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "L",
"SCORE" : "4.300",
"PR" : "N",
"AC" : "L",
"AV" : "N",
"UI" : "R",
"A" : "N",
"C" : "N",
"S" : "U"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"data_version" : "4.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Sterling File Gateway",
"version": {
"version_data": [
{
"version_value": "2.2.0.0"
},
{
"version_value": "6.0.1.0"
},
{
"version_value": "6.0.0.0"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "5.2.6.5_3"
},
{
"version_value": "6.0.0.6"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.0"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-06T00:00:00",
"ID": "CVE-2021-20489"
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"I": "L",
"SCORE": "4.300",
"PR": "N",
"AC": "L",
"AV": "N",
"UI": "R",
"A": "N",
"C": "N",
"S": "U"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"data_version": "4.0"
}

180
2021/20xxx/CVE-2021-20552.json
View File

@ -1,93 +1,93 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170."
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6496771",
"title" : "IBM Security Bulletin 6496771 (Sterling File Gateway)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6496771"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sterling-cve202120552-info-disc (199170)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199170"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"I" : "N",
"SCORE" : "4.300",
"PR" : "L",
"AC" : "L",
"C" : "L",
"S" : "U",
"UI" : "N",
"A" : "N"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Sterling File Gateway",
"version" : {
"version_data" : [
{
"version_value" : "6.0.1.0"
},
{
"version_value" : "6.1.0.2"
}
]
}
}
]
}
"lang": "eng",
"value": "IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170."
}
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-10-06T00:00:00",
"ID" : "CVE-2021-20552",
"STATE" : "PUBLIC"
}
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6496771",
"title": "IBM Security Bulletin 6496771 (Sterling File Gateway)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6496771"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-sterling-cve202120552-info-disc (199170)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199170"
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"I": "N",
"SCORE": "4.300",
"PR": "L",
"AC": "L",
"C": "L",
"S": "U",
"UI": "N",
"A": "N"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Sterling File Gateway",
"version": {
"version_data": [
{
"version_value": "6.0.1.0"
},
{
"version_value": "6.1.0.2"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-06T00:00:00",
"ID": "CVE-2021-20552",
"STATE": "PUBLIC"
}
}

216
2021/20xxx/CVE-2021-20561.json
View File

@ -1,111 +1,111 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "H"
},
"BM" : {
"SCORE" : "5.400",
"PR" : "L",
"AC" : "L",
"I" : "L",
"AV" : "N",
"A" : "N",
"UI" : "R",
"S" : "C",
"C" : "L"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2021-20561",
"DATE_PUBLIC" : "2021-10-06T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sterling File Gateway",
"version" : {
"version_data" : [
{
"version_value" : "2.2.0.0"
},
{
"version_value" : "6.0.1.0"
},
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "6.1.0.2"
},
{
"version_value" : "6.0.0.6"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "5.2.6.5_4"
}
]
}
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "H"
},
"BM": {
"SCORE": "5.400",
"PR": "L",
"AC": "L",
"I": "L",
"AV": "N",
"A": "N",
"UI": "R",
"S": "C",
"C": "L"
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
}
},
"data_version": "4.0",
"data_type": "CVE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2021-20561",
"DATE_PUBLIC": "2021-10-06T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling File Gateway",
"version": {
"version_data": [
{
"version_value": "2.2.0.0"
},
{
"version_value": "6.0.1.0"
},
{
"version_value": "6.0.0.0"
},
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.0.0.6"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "5.2.6.5_4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6496759",
"title" : "IBM Security Bulletin 6496759 (Sterling File Gateway)",
"url" : "https://www.ibm.com/support/pages/node/6496759"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199230",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sterling-cve202120561-xss (199230)"
}
]
},
"data_format" : "MITRE"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6496759",
"title": "IBM Security Bulletin 6496759 (Sterling File Gateway)",
"url": "https://www.ibm.com/support/pages/node/6496759"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199230",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-sterling-cve202120561-xss (199230)"
}
]
},
"data_format": "MITRE"
}

216
2021/20xxx/CVE-2021-20571.json
View File

@ -1,111 +1,111 @@
{
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"UI" : "N",
"A" : "N",
"C" : "L",
"S" : "C",
"I" : "L",
"SCORE" : "4.900",
"PR" : "L",
"AC" : "H",
"AV" : "N"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "6.0.1.0"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.3"
},
{
"version_value" : "5.2.6.5_4"
},
{
"version_value" : "6.0.0.6"
}
]
},
"product_name" : "Sterling B2B Integrator"
}
]
}
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
},
"BM": {
"UI": "N",
"A": "N",
"C": "L",
"S": "C",
"I": "L",
"SCORE": "4.900",
"PR": "L",
"AC": "H",
"AV": "N"
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-10-06T00:00:00",
"ID" : "CVE-2021-20571"
},
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199246.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6496753 (Sterling B2B Integrator)",
"name" : "https://www.ibm.com/support/pages/node/6496753",
"url" : "https://www.ibm.com/support/pages/node/6496753"
},
{
"name" : "ibm-sterling-cve202120571-xss (199246)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199246"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.0.0"
},
{
"version_value": "5.2.0.0"
},
{
"version_value": "6.0.1.0"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "5.2.6.5_4"
},
{
"version_value": "6.0.0.6"
}
]
},
"product_name": "Sterling B2B Integrator"
}
]
}
}
]
}
]
}
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-06T00:00:00",
"ID": "CVE-2021-20571"
},
"description": {
"description_data": [
{
"value": "IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199246.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6496753 (Sterling B2B Integrator)",
"name": "https://www.ibm.com/support/pages/node/6496753",
"url": "https://www.ibm.com/support/pages/node/6496753"
},
{
"name": "ibm-sterling-cve202120571-xss (199246)",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199246"
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
}
}

216
2021/20xxx/CVE-2021-20584.json
View File

@ -1,111 +1,111 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6496751",
"title" : "IBM Security Bulletin 6496751 (Sterling File Gateway)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6496751"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199397",
"refsource" : "XF",
"name" : "ibm-sterling-cve202120584-file-upload (199397)",
"title" : "X-Force Vulnerability Report"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-10-06T00:00:00",
"ID" : "CVE-2021-20584",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Sterling File Gateway",
"version" : {
"version_data" : [
{
"version_value" : "2.2.0.0"
},
{
"version_value" : "6.0.1.0"
},
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "6.1.0.2"
},
{
"version_value" : "6.0.0.6"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "5.2.6.5_4"
}
]
}
}
]
}
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
}
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"SCORE" : "6.500",
"AC" : "L",
"PR" : "L",
"I" : "H",
"S" : "U",
"C" : "N",
"A" : "N",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_type" : "CVE"
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6496751",
"title": "IBM Security Bulletin 6496751 (Sterling File Gateway)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6496751"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199397",
"refsource": "XF",
"name": "ibm-sterling-cve202120584-file-upload (199397)",
"title": "X-Force Vulnerability Report"
}
]
},
"description": {
"description_data": [
{
"value": "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397.",
"lang": "eng"
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-06T00:00:00",
"ID": "CVE-2021-20584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Sterling File Gateway",
"version": {
"version_data": [
{
"version_value": "2.2.0.0"
},
{
"version_value": "6.0.1.0"
},
{
"version_value": "6.0.0.0"
},
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.0.0.6"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "5.2.6.5_4"
}
]
}
}
]
}
}
]
}
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"SCORE": "6.500",
"AC": "L",
"PR": "L",
"I": "H",
"S": "U",
"C": "N",
"A": "N",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"data_type": "CVE"
}

10
2021/29xxx/CVE-2021-29063.json
View File

@ -71,6 +71,16 @@
"refsource": "MISC",
"name": "https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md",
"url": "https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-fc30c0de34",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3M5O55E7VUDMXCPQR6MQTOIFDKHP36AA/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-244a18163c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MS2U6GLXQSRZJE2HVUAUMVFR2DWQLCZG/"
}
]
}

216
2021/29xxx/CVE-2021-29700.json
View File

@ -1,111 +1,111 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6496749",
"title" : "IBM Security Bulletin 6496749 (Sterling B2B Integrator)",
"name" : "https://www.ibm.com/support/pages/node/6496749",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sterling-cve202129700-info-disc (200656)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/200656"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"AV" : "N",
"I" : "N",
"PR" : "L",
"SCORE" : "4.300",
"AC" : "L",
"C" : "L",
"S" : "U",
"UI" : "N",
"A" : "N"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-10-06T00:00:00",
"ID" : "CVE-2021-29700",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "6.0.1.0"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.1.0.2"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "5.2.6.5_4"
},
{
"version_value" : "6.0.0.6"
}
]
}
}
]
}
"value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656.",
"lang": "eng"
}
]
}
}
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6496749",
"title": "IBM Security Bulletin 6496749 (Sterling B2B Integrator)",
"name": "https://www.ibm.com/support/pages/node/6496749",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-sterling-cve202129700-info-disc (200656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200656"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"AV": "N",
"I": "N",
"PR": "L",
"SCORE": "4.300",
"AC": "L",
"C": "L",
"S": "U",
"UI": "N",
"A": "N"
}
}
},
"data_version": "4.0",
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-06T00:00:00",
"ID": "CVE-2021-29700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value": "6.0.0.0"
},
{
"version_value": "5.2.0.0"
},
{
"version_value": "6.0.1.0"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "5.2.6.5_4"
},
{
"version_value": "6.0.0.6"
}
]
}
}
]
}
}
]
}
}
}

5
2021/33xxx/CVE-2021-33193.json
View File

@ -92,6 +92,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210917-0004/",
"url": "https://security.netapp.com/advisory/ntap-20210917-0004/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-5d2d4b6ac5",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/"
}
]
},

5
2021/3xxx/CVE-2021-3634.json
View File

@ -68,6 +68,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20211004-0003/",
"url": "https://security.netapp.com/advisory/ntap-20211004-0003/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-f2a020a065",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP/"
}
]
},

2
2021/41xxx/CVE-2021-41130.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header \"X-Endpoint-API-UserInfo\", the application can use it to do authorization. But if there are two \"X-Endpoint-API-UserInfo\" headers from the client, ESPv1 only replaces the first one, the 2nd one will be passed to the application. An attacker can send two \"X-Endpoint-API-UserInfo\" headers, the second one with a fake JWT claim. Application may use the fake JWT claim to do the authorization. This impacts following ESPv1 usages: 1) Users have configured ESPv1 to do JWT authentication with Google ID Token as described in the referenced google endpoint document. 2) Users backend application is using the info in the \"X-Endpoint-API-UserInfo\" header to do the authorization. It has been fixed by v1.58.0. You need to patch it in the following ways: * If your docker image is using tag \":1\", needs to re-start the container to pick up the new version. The tag \":1\" will automatically point to the latest version. * If your docker image tag pings to a specific minor version, e.g. \":1.57\". You need to update it to \":1.58\" and re-start the container. There are no workaround for this issue.\n"
"value": "Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header \"X-Endpoint-API-UserInfo\", the application can use it to do authorization. But if there are two \"X-Endpoint-API-UserInfo\" headers from the client, ESPv1 only replaces the first one, the 2nd one will be passed to the application. An attacker can send two \"X-Endpoint-API-UserInfo\" headers, the second one with a fake JWT claim. Application may use the fake JWT claim to do the authorization. This impacts following ESPv1 usages: 1) Users have configured ESPv1 to do JWT authentication with Google ID Token as described in the referenced google endpoint document. 2) Users backend application is using the info in the \"X-Endpoint-API-UserInfo\" header to do the authorization. It has been fixed by v1.58.0. You need to patch it in the following ways: * If your docker image is using tag \":1\", needs to re-start the container to pick up the new version. The tag \":1\" will automatically point to the latest version. * If your docker image tag pings to a specific minor version, e.g. \":1.57\". You need to update it to \":1.58\" and re-start the container. There are no workaround for this issue."
}
]
},

5
2021/41xxx/CVE-2021-41524.json
View File

@ -77,6 +77,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20211005 CVE-2021-41524: Apache HTTP Server: null pointer dereference in h2 fuzzing",
"url": "http://www.openwall.com/lists/oss-security/2021/10/05/1"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-5d2d4b6ac5",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/"
}
]
},