From fdecca354b7c72cf879cf69759f1a53f957eca6e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 7 Oct 2021 19:01:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/13xxx/CVE-2020-13956.json | 5 + 2021/20xxx/CVE-2021-20372.json | 216 ++++++++++++++++---------------- 2021/20xxx/CVE-2021-20375.json | 206 +++++++++++++++---------------- 2021/20xxx/CVE-2021-20376.json | 204 +++++++++++++++--------------- 2021/20xxx/CVE-2021-20473.json | 204 +++++++++++++++--------------- 2021/20xxx/CVE-2021-20481.json | 218 ++++++++++++++++----------------- 2021/20xxx/CVE-2021-20489.json | 216 ++++++++++++++++---------------- 2021/20xxx/CVE-2021-20552.json | 180 +++++++++++++-------------- 2021/20xxx/CVE-2021-20561.json | 216 ++++++++++++++++---------------- 2021/20xxx/CVE-2021-20571.json | 216 ++++++++++++++++---------------- 2021/20xxx/CVE-2021-20584.json | 216 ++++++++++++++++---------------- 2021/29xxx/CVE-2021-29063.json | 10 ++ 2021/29xxx/CVE-2021-29700.json | 216 ++++++++++++++++---------------- 2021/33xxx/CVE-2021-33193.json | 5 + 2021/3xxx/CVE-2021-3634.json | 5 + 2021/41xxx/CVE-2021-41130.json | 2 +- 2021/41xxx/CVE-2021-41524.json | 5 + 17 files changed, 1185 insertions(+), 1155 deletions(-) diff --git a/2020/13xxx/CVE-2020-13956.json b/2020/13xxx/CVE-2020-13956.json index c396258acdf..16c5ebbe751 100644 --- a/2020/13xxx/CVE-2020-13956.json +++ b/2020/13xxx/CVE-2020-13956.json @@ -293,6 +293,11 @@ "refsource": "MLIST", "name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", "url": "https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2@%3Cissues.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-issues] 20211007 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", + "url": "https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a@%3Cissues.lucene.apache.org%3E" } ] }, diff --git a/2021/20xxx/CVE-2021-20372.json b/2021/20xxx/CVE-2021-20372.json index d85ed43acdc..ef71a6ddcf9 100644 --- a/2021/20xxx/CVE-2021-20372.json +++ b/2021/20xxx/CVE-2021-20372.json @@ -1,111 +1,111 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518." - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6496805", - "title" : "IBM Security Bulletin 6496805 (Sterling File Gateway)", - "url" : "https://www.ibm.com/support/pages/node/6496805" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sterling-cve202120372-dos (195518)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/195518" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } - ] - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "I" : "N", - "AC" : "L", - "SCORE" : "4.300", - "PR" : "L", - "AV" : "N", - "UI" : "N", - "A" : "L", - "C" : "N", - "S" : "U" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0.0" - }, - { - "version_value" : "6.0.1.0" - }, - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "5.2.6.5_3" - }, - { - "version_value" : "6.0.0.6" - }, - { - "version_value" : "6.0.3.4" - }, - { - "version_value" : "6.1.0.0" - }, - { - "version_value" : "6.1.0.1" - } - ] - }, - "product_name" : "Sterling File Gateway" - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518." } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2021-20372", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-10-06T00:00:00" - } -} + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6496805", + "title": "IBM Security Bulletin 6496805 (Sterling File Gateway)", + "url": "https://www.ibm.com/support/pages/node/6496805" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-sterling-cve202120372-dos (195518)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195518" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "I": "N", + "AC": "L", + "SCORE": "4.300", + "PR": "L", + "AV": "N", + "UI": "N", + "A": "L", + "C": "N", + "S": "U" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.2.0.0" + }, + { + "version_value": "6.0.1.0" + }, + { + "version_value": "6.0.0.0" + }, + { + "version_value": "5.2.6.5_3" + }, + { + "version_value": "6.0.0.6" + }, + { + "version_value": "6.0.3.4" + }, + { + "version_value": "6.1.0.0" + }, + { + "version_value": "6.1.0.1" + } + ] + }, + "product_name": "Sterling File Gateway" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2021-20372", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-10-06T00:00:00" + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20375.json b/2021/20xxx/CVE-2021-20375.json index 2f61835d151..e2a25ac0352 100644 --- a/2021/20xxx/CVE-2021-20375.json +++ b/2021/20xxx/CVE-2021-20375.json @@ -1,105 +1,105 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Sterling File Gateway", - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0.0" - }, - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "5.2.6.5_3" - }, - { - "version_value" : "6.0.3.4" - }, - { - "version_value" : "6.1.0.0" - }, - { - "version_value" : "6.1.0.1" - } - ] - } - } - ] - } - } - ] - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2021-20375", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-10-06T00:00:00", - "STATE" : "PUBLIC" - }, - "data_type" : "CVE", - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "C" : "N", - "A" : "N", - "UI" : "N", - "AV" : "N", - "SCORE" : "6.500", - "AC" : "L", - "PR" : "L", - "I" : "H" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6496803", - "name" : "https://www.ibm.com/support/pages/node/6496803", - "title" : "IBM Security Bulletin 6496803 (Sterling File Gateway)", - "refsource" : "CONFIRM" - }, - { - "name" : "ibm-sterling-cve202120375-data-manipulation (195567)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/195567" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Data Manipulation" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling File Gateway", + "version": { + "version_data": [ + { + "version_value": "2.2.0.0" + }, + { + "version_value": "6.0.0.0" + }, + { + "version_value": "5.2.6.5_3" + }, + { + "version_value": "6.0.3.4" + }, + { + "version_value": "6.1.0.0" + }, + { + "version_value": "6.1.0.1" + } + ] + } + } + ] + } + } ] - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567." - } - ] - } -} + } + }, + "CVE_data_meta": { + "ID": "CVE-2021-20375", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-10-06T00:00:00", + "STATE": "PUBLIC" + }, + "data_type": "CVE", + "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "C": "N", + "A": "N", + "UI": "N", + "AV": "N", + "SCORE": "6.500", + "AC": "L", + "PR": "L", + "I": "H" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + } + } + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6496803", + "name": "https://www.ibm.com/support/pages/node/6496803", + "title": "IBM Security Bulletin 6496803 (Sterling File Gateway)", + "refsource": "CONFIRM" + }, + { + "name": "ibm-sterling-cve202120375-data-manipulation (195567)", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195567" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Data Manipulation" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567." + } + ] + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20376.json b/2021/20xxx/CVE-2021-20376.json index 2caabf8d8c3..23c9eb4b06a 100644 --- a/2021/20xxx/CVE-2021-20376.json +++ b/2021/20xxx/CVE-2021-20376.json @@ -1,105 +1,105 @@ { - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "N", - "AC" : "L", - "SCORE" : "4.300", - "PR" : "L", - "AV" : "N", - "UI" : "N", - "A" : "N", - "C" : "L", - "S" : "U" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "ID" : "CVE-2021-20376", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-10-06T00:00:00", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0.0" - }, - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "5.2.6.5_3" - }, - { - "version_value" : "6.0.3.4" - }, - { - "version_value" : "6.1.0.0" - }, - { - "version_value" : "6.1.0.1" - } - ] - }, - "product_name" : "Sterling File Gateway" - } - ] - } + "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "I": "N", + "AC": "L", + "SCORE": "4.300", + "PR": "L", + "AV": "N", + "UI": "N", + "A": "N", + "C": "L", + "S": "U" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + } + }, + "data_type": "CVE", + "CVE_data_meta": { + "ID": "CVE-2021-20376", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-10-06T00:00:00", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.2.0.0" + }, + { + "version_value": "6.0.0.0" + }, + { + "version_value": "5.2.6.5_3" + }, + { + "version_value": "6.0.3.4" + }, + { + "version_value": "6.1.0.0" + }, + { + "version_value": "6.1.0.1" + } + ] + }, + "product_name": "Sterling File Gateway" + } + ] + } + } ] - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6496789", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6496789", - "title" : "IBM Security Bulletin 6496789 (Sterling File Gateway)" - }, - { - "refsource" : "XF", - "name" : "ibm-sterling-cve202120376-info-disc (195568)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/195568" - } - ] - } -} + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6496789", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6496789", + "title": "IBM Security Bulletin 6496789 (Sterling File Gateway)" + }, + { + "refsource": "XF", + "name": "ibm-sterling-cve202120376-info-disc (195568)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195568" + } + ] + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20473.json b/2021/20xxx/CVE-2021-20473.json index 4232ac55831..a87f445025f 100644 --- a/2021/20xxx/CVE-2021-20473.json +++ b/2021/20xxx/CVE-2021-20473.json @@ -1,105 +1,105 @@ { - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "I" : "L", - "SCORE" : "6.300", - "AC" : "L", - "PR" : "L", - "AV" : "N", - "UI" : "N", - "A" : "L", - "C" : "L", - "S" : "U" - } - } - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0.0" - }, - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "5.2.6.5_3" - }, - { - "version_value" : "6.0.3.4" - }, - { - "version_value" : "6.1.0.0" - }, - { - "version_value" : "6.1.0.1" - } - ] - }, - "product_name" : "Sterling File Gateway" - } - ] - }, - "vendor_name" : "IBM" + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "I": "L", + "SCORE": "6.300", + "AC": "L", + "PR": "L", + "AV": "N", + "UI": "N", + "A": "L", + "C": "L", + "S": "U" } - ] - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2021-20473", - "DATE_PUBLIC" : "2021-10-06T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944." - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6496785", - "title" : "IBM Security Bulletin 6496785 (Sterling File Gateway)", - "url" : "https://www.ibm.com/support/pages/node/6496785" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196944", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sterling-cve202120473-session-fixation (196944)" - } - ] - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } + } + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.2.0.0" + }, + { + "version_value": "6.0.0.0" + }, + { + "version_value": "5.2.6.5_3" + }, + { + "version_value": "6.0.3.4" + }, + { + "version_value": "6.1.0.0" + }, + { + "version_value": "6.1.0.1" + } + ] + }, + "product_name": "Sterling File Gateway" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - } -} + } + }, + "CVE_data_meta": { + "ID": "CVE-2021-20473", + "DATE_PUBLIC": "2021-10-06T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6496785", + "title": "IBM Security Bulletin 6496785 (Sterling File Gateway)", + "url": "https://www.ibm.com/support/pages/node/6496785" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196944", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-sterling-cve202120473-session-fixation (196944)" + } + ] + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20481.json b/2021/20xxx/CVE-2021-20481.json index 9aca9bec863..81d15f31b5c 100644 --- a/2021/20xxx/CVE-2021-20481.json +++ b/2021/20xxx/CVE-2021-20481.json @@ -1,111 +1,111 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0.0" - }, - { - "version_value" : "6.0.1.0" - }, - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "5.2.6.5_3" - }, - { - "version_value" : "6.0.0.6" - }, - { - "version_value" : "6.0.3.4" - }, - { - "version_value" : "6.1.0.0" - }, - { - "version_value" : "6.1.0.1" - } - ] - }, - "product_name" : "Sterling File Gateway" - } - ] - } - } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2021-20481", - "DATE_PUBLIC" : "2021-10-06T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "H", - "RL" : "O" - }, - "BM" : { - "AV" : "N", - "I" : "L", - "PR" : "L", - "SCORE" : "5.400", - "AC" : "L", - "C" : "L", - "S" : "C", - "UI" : "R", - "A" : "N" - } - } - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6496781 (Sterling File Gateway)", - "name" : "https://www.ibm.com/support/pages/node/6496781", - "url" : "https://www.ibm.com/support/pages/node/6496781" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sterling-cve202120481-xss (197503)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/197503" - } - ] - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.2.0.0" + }, + { + "version_value": "6.0.1.0" + }, + { + "version_value": "6.0.0.0" + }, + { + "version_value": "5.2.6.5_3" + }, + { + "version_value": "6.0.0.6" + }, + { + "version_value": "6.0.3.4" + }, + { + "version_value": "6.1.0.0" + }, + { + "version_value": "6.1.0.1" + } + ] + }, + "product_name": "Sterling File Gateway" + } + ] + } + } ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197503.", - "lang" : "eng" - } - ] - } -} + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2021-20481", + "DATE_PUBLIC": "2021-10-06T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "H", + "RL": "O" + }, + "BM": { + "AV": "N", + "I": "L", + "PR": "L", + "SCORE": "5.400", + "AC": "L", + "C": "L", + "S": "C", + "UI": "R", + "A": "N" + } + } + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6496781 (Sterling File Gateway)", + "name": "https://www.ibm.com/support/pages/node/6496781", + "url": "https://www.ibm.com/support/pages/node/6496781" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-sterling-cve202120481-xss (197503)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197503" + } + ] + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197503.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20489.json b/2021/20xxx/CVE-2021-20489.json index f2152856460..95f2c152505 100644 --- a/2021/20xxx/CVE-2021-20489.json +++ b/2021/20xxx/CVE-2021-20489.json @@ -1,111 +1,111 @@ { - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6496777", - "title" : "IBM Security Bulletin 6496777 (Sterling File Gateway)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6496777" - }, - { - "refsource" : "XF", - "name" : "ibm-sterling-cve202120489-csrf (197790)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/197790" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Sterling File Gateway", - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0.0" - }, - { - "version_value" : "6.0.1.0" - }, - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "6.1.0.3" - }, - { - "version_value" : "5.2.6.5_3" - }, - { - "version_value" : "6.0.0.6" - }, - { - "version_value" : "6.0.3.4" - }, - { - "version_value" : "6.1.0.0" - } - ] - } - } - ] - } + "name": "https://www.ibm.com/support/pages/node/6496777", + "title": "IBM Security Bulletin 6496777 (Sterling File Gateway)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6496777" + }, + { + "refsource": "XF", + "name": "ibm-sterling-cve202120489-csrf (197790)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197790" } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-10-06T00:00:00", - "ID" : "CVE-2021-20489" - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "L", - "SCORE" : "4.300", - "PR" : "N", - "AC" : "L", - "AV" : "N", - "UI" : "R", - "A" : "N", - "C" : "N", - "S" : "U" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "data_version" : "4.0" -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790.", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling File Gateway", + "version": { + "version_data": [ + { + "version_value": "2.2.0.0" + }, + { + "version_value": "6.0.1.0" + }, + { + "version_value": "6.0.0.0" + }, + { + "version_value": "6.1.0.3" + }, + { + "version_value": "5.2.6.5_3" + }, + { + "version_value": "6.0.0.6" + }, + { + "version_value": "6.0.3.4" + }, + { + "version_value": "6.1.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-10-06T00:00:00", + "ID": "CVE-2021-20489" + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "I": "L", + "SCORE": "4.300", + "PR": "N", + "AC": "L", + "AV": "N", + "UI": "R", + "A": "N", + "C": "N", + "S": "U" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20552.json b/2021/20xxx/CVE-2021-20552.json index d86de1d6e88..e5c1b43d818 100644 --- a/2021/20xxx/CVE-2021-20552.json +++ b/2021/20xxx/CVE-2021-20552.json @@ -1,93 +1,93 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170." - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6496771", - "title" : "IBM Security Bulletin 6496771 (Sterling File Gateway)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6496771" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sterling-cve202120552-info-disc (199170)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199170" - } - ] - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "I" : "N", - "SCORE" : "4.300", - "PR" : "L", - "AC" : "L", - "C" : "L", - "S" : "U", - "UI" : "N", - "A" : "N" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Sterling File Gateway", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.1.0" - }, - { - "version_value" : "6.1.0.2" - } - ] - } - } - ] - } + "lang": "eng", + "value": "IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170." } - ] - } - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-10-06T00:00:00", - "ID" : "CVE-2021-20552", - "STATE" : "PUBLIC" - } -} + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6496771", + "title": "IBM Security Bulletin 6496771 (Sterling File Gateway)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6496771" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-sterling-cve202120552-info-disc (199170)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199170" + } + ] + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "I": "N", + "SCORE": "4.300", + "PR": "L", + "AC": "L", + "C": "L", + "S": "U", + "UI": "N", + "A": "N" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling File Gateway", + "version": { + "version_data": [ + { + "version_value": "6.0.1.0" + }, + { + "version_value": "6.1.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-10-06T00:00:00", + "ID": "CVE-2021-20552", + "STATE": "PUBLIC" + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20561.json b/2021/20xxx/CVE-2021-20561.json index b544c935490..a3dae34f51d 100644 --- a/2021/20xxx/CVE-2021-20561.json +++ b/2021/20xxx/CVE-2021-20561.json @@ -1,111 +1,111 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "H" - }, - "BM" : { - "SCORE" : "5.400", - "PR" : "L", - "AC" : "L", - "I" : "L", - "AV" : "N", - "A" : "N", - "UI" : "R", - "S" : "C", - "C" : "L" - } - } - }, - "data_version" : "4.0", - "data_type" : "CVE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2021-20561", - "DATE_PUBLIC" : "2021-10-06T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sterling File Gateway", - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0.0" - }, - { - "version_value" : "6.0.1.0" - }, - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "6.1.0.2" - }, - { - "version_value" : "6.0.0.6" - }, - { - "version_value" : "6.0.3.4" - }, - { - "version_value" : "6.1.0.0" - }, - { - "version_value" : "5.2.6.5_4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "H" + }, + "BM": { + "SCORE": "5.400", + "PR": "L", + "AC": "L", + "I": "L", + "AV": "N", + "A": "N", + "UI": "R", + "S": "C", + "C": "L" } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + } + }, + "data_version": "4.0", + "data_type": "CVE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2021-20561", + "DATE_PUBLIC": "2021-10-06T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sterling File Gateway", + "version": { + "version_data": [ + { + "version_value": "2.2.0.0" + }, + { + "version_value": "6.0.1.0" + }, + { + "version_value": "6.0.0.0" + }, + { + "version_value": "6.1.0.2" + }, + { + "version_value": "6.0.0.6" + }, + { + "version_value": "6.0.3.4" + }, + { + "version_value": "6.1.0.0" + }, + { + "version_value": "5.2.6.5_4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6496759", - "title" : "IBM Security Bulletin 6496759 (Sterling File Gateway)", - "url" : "https://www.ibm.com/support/pages/node/6496759" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199230", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sterling-cve202120561-xss (199230)" - } - ] - }, - "data_format" : "MITRE" -} + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6496759", + "title": "IBM Security Bulletin 6496759 (Sterling File Gateway)", + "url": "https://www.ibm.com/support/pages/node/6496759" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199230", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-sterling-cve202120561-xss (199230)" + } + ] + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20571.json b/2021/20xxx/CVE-2021-20571.json index e2609667e66..8b73a848ef3 100644 --- a/2021/20xxx/CVE-2021-20571.json +++ b/2021/20xxx/CVE-2021-20571.json @@ -1,111 +1,111 @@ { - "data_type" : "CVE", - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "UI" : "N", - "A" : "N", - "C" : "L", - "S" : "C", - "I" : "L", - "SCORE" : "4.900", - "PR" : "L", - "AC" : "H", - "AV" : "N" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "5.2.0.0" - }, - { - "version_value" : "6.0.1.0" - }, - { - "version_value" : "6.1.0.0" - }, - { - "version_value" : "6.0.3.4" - }, - { - "version_value" : "6.1.0.3" - }, - { - "version_value" : "5.2.6.5_4" - }, - { - "version_value" : "6.0.0.6" - } - ] - }, - "product_name" : "Sterling B2B Integrator" - } - ] - } + "data_type": "CVE", + "data_version": "4.0", + "impact": { + "cvssv3": { + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + }, + "BM": { + "UI": "N", + "A": "N", + "C": "L", + "S": "C", + "I": "L", + "SCORE": "4.900", + "PR": "L", + "AC": "H", + "AV": "N" } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-10-06T00:00:00", - "ID" : "CVE-2021-20571" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199246.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6496753 (Sterling B2B Integrator)", - "name" : "https://www.ibm.com/support/pages/node/6496753", - "url" : "https://www.ibm.com/support/pages/node/6496753" - }, - { - "name" : "ibm-sterling-cve202120571-xss (199246)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199246" - } - ] - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.0.0.0" + }, + { + "version_value": "5.2.0.0" + }, + { + "version_value": "6.0.1.0" + }, + { + "version_value": "6.1.0.0" + }, + { + "version_value": "6.0.3.4" + }, + { + "version_value": "6.1.0.3" + }, + { + "version_value": "5.2.6.5_4" + }, + { + "version_value": "6.0.0.6" + } + ] + }, + "product_name": "Sterling B2B Integrator" + } + ] + } + } ] - } - ] - } -} + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-10-06T00:00:00", + "ID": "CVE-2021-20571" + }, + "description": { + "description_data": [ + { + "value": "IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199246.", + "lang": "eng" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6496753 (Sterling B2B Integrator)", + "name": "https://www.ibm.com/support/pages/node/6496753", + "url": "https://www.ibm.com/support/pages/node/6496753" + }, + { + "name": "ibm-sterling-cve202120571-xss (199246)", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199246" + } + ] + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20584.json b/2021/20xxx/CVE-2021-20584.json index 66061a8fb5d..bf34f6acde5 100644 --- a/2021/20xxx/CVE-2021-20584.json +++ b/2021/20xxx/CVE-2021-20584.json @@ -1,111 +1,111 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6496751", - "title" : "IBM Security Bulletin 6496751 (Sterling File Gateway)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6496751" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199397", - "refsource" : "XF", - "name" : "ibm-sterling-cve202120584-file-upload (199397)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397.", - "lang" : "eng" - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-10-06T00:00:00", - "ID" : "CVE-2021-20584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Sterling File Gateway", - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0.0" - }, - { - "version_value" : "6.0.1.0" - }, - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "6.1.0.2" - }, - { - "version_value" : "6.0.0.6" - }, - { - "version_value" : "6.0.3.4" - }, - { - "version_value" : "6.1.0.0" - }, - { - "version_value" : "5.2.6.5_4" - } - ] - } - } - ] - } + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] } - ] - } - }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "SCORE" : "6.500", - "AC" : "L", - "PR" : "L", - "I" : "H", - "S" : "U", - "C" : "N", - "A" : "N", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "data_type" : "CVE" -} + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6496751", + "title": "IBM Security Bulletin 6496751 (Sterling File Gateway)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6496751" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199397", + "refsource": "XF", + "name": "ibm-sterling-cve202120584-file-upload (199397)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397.", + "lang": "eng" + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-10-06T00:00:00", + "ID": "CVE-2021-20584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling File Gateway", + "version": { + "version_data": [ + { + "version_value": "2.2.0.0" + }, + { + "version_value": "6.0.1.0" + }, + { + "version_value": "6.0.0.0" + }, + { + "version_value": "6.1.0.2" + }, + { + "version_value": "6.0.0.6" + }, + { + "version_value": "6.0.3.4" + }, + { + "version_value": "6.1.0.0" + }, + { + "version_value": "5.2.6.5_4" + } + ] + } + } + ] + } + } + ] + } + }, + "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "SCORE": "6.500", + "AC": "L", + "PR": "L", + "I": "H", + "S": "U", + "C": "N", + "A": "N", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29063.json b/2021/29xxx/CVE-2021-29063.json index 7699c724559..79544bc4de0 100644 --- a/2021/29xxx/CVE-2021-29063.json +++ b/2021/29xxx/CVE-2021-29063.json @@ -71,6 +71,16 @@ "refsource": "MISC", "name": "https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md", "url": "https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-fc30c0de34", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3M5O55E7VUDMXCPQR6MQTOIFDKHP36AA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-244a18163c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MS2U6GLXQSRZJE2HVUAUMVFR2DWQLCZG/" } ] } diff --git a/2021/29xxx/CVE-2021-29700.json b/2021/29xxx/CVE-2021-29700.json index 295656f74be..3026cc90d45 100644 --- a/2021/29xxx/CVE-2021-29700.json +++ b/2021/29xxx/CVE-2021-29700.json @@ -1,111 +1,111 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656.", - "lang" : "eng" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6496749", - "title" : "IBM Security Bulletin 6496749 (Sterling B2B Integrator)", - "name" : "https://www.ibm.com/support/pages/node/6496749", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sterling-cve202129700-info-disc (200656)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/200656" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "AV" : "N", - "I" : "N", - "PR" : "L", - "SCORE" : "4.300", - "AC" : "L", - "C" : "L", - "S" : "U", - "UI" : "N", - "A" : "N" - } - } - }, - "data_version" : "4.0", - "data_type" : "CVE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-10-06T00:00:00", - "ID" : "CVE-2021-29700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Sterling B2B Integrator", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "5.2.0.0" - }, - { - "version_value" : "6.0.1.0" - }, - { - "version_value" : "6.1.0.0" - }, - { - "version_value" : "6.1.0.2" - }, - { - "version_value" : "6.0.3.4" - }, - { - "version_value" : "5.2.6.5_4" - }, - { - "version_value" : "6.0.0.6" - } - ] - } - } - ] - } + "value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656.", + "lang": "eng" } - ] - } - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6496749", + "title": "IBM Security Bulletin 6496749 (Sterling B2B Integrator)", + "name": "https://www.ibm.com/support/pages/node/6496749", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-sterling-cve202129700-info-disc (200656)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200656" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "AV": "N", + "I": "N", + "PR": "L", + "SCORE": "4.300", + "AC": "L", + "C": "L", + "S": "U", + "UI": "N", + "A": "N" + } + } + }, + "data_version": "4.0", + "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-10-06T00:00:00", + "ID": "CVE-2021-29700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_value": "6.0.0.0" + }, + { + "version_value": "5.2.0.0" + }, + { + "version_value": "6.0.1.0" + }, + { + "version_value": "6.1.0.0" + }, + { + "version_value": "6.1.0.2" + }, + { + "version_value": "6.0.3.4" + }, + { + "version_value": "5.2.6.5_4" + }, + { + "version_value": "6.0.0.6" + } + ] + } + } + ] + } + } + ] + } + } +} \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33193.json b/2021/33xxx/CVE-2021-33193.json index b17660c5ab6..0daae672e51 100644 --- a/2021/33xxx/CVE-2021-33193.json +++ b/2021/33xxx/CVE-2021-33193.json @@ -92,6 +92,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210917-0004/", "url": "https://security.netapp.com/advisory/ntap-20210917-0004/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-5d2d4b6ac5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/" } ] }, diff --git a/2021/3xxx/CVE-2021-3634.json b/2021/3xxx/CVE-2021-3634.json index 13a48cbe60f..eb50456b359 100644 --- a/2021/3xxx/CVE-2021-3634.json +++ b/2021/3xxx/CVE-2021-3634.json @@ -68,6 +68,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20211004-0003/", "url": "https://security.netapp.com/advisory/ntap-20211004-0003/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-f2a020a065", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP/" } ] }, diff --git a/2021/41xxx/CVE-2021-41130.json b/2021/41xxx/CVE-2021-41130.json index 0007281644e..4b1efbd94ad 100644 --- a/2021/41xxx/CVE-2021-41130.json +++ b/2021/41xxx/CVE-2021-41130.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header \"X-Endpoint-API-UserInfo\", the application can use it to do authorization. But if there are two \"X-Endpoint-API-UserInfo\" headers from the client, ESPv1 only replaces the first one, the 2nd one will be passed to the application. An attacker can send two \"X-Endpoint-API-UserInfo\" headers, the second one with a fake JWT claim. Application may use the fake JWT claim to do the authorization. This impacts following ESPv1 usages: 1) Users have configured ESPv1 to do JWT authentication with Google ID Token as described in the referenced google endpoint document. 2) Users backend application is using the info in the \"X-Endpoint-API-UserInfo\" header to do the authorization. It has been fixed by v1.58.0. You need to patch it in the following ways: * If your docker image is using tag \":1\", needs to re-start the container to pick up the new version. The tag \":1\" will automatically point to the latest version. * If your docker image tag pings to a specific minor version, e.g. \":1.57\". You need to update it to \":1.58\" and re-start the container. There are no workaround for this issue.\n" + "value": "Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header \"X-Endpoint-API-UserInfo\", the application can use it to do authorization. But if there are two \"X-Endpoint-API-UserInfo\" headers from the client, ESPv1 only replaces the first one, the 2nd one will be passed to the application. An attacker can send two \"X-Endpoint-API-UserInfo\" headers, the second one with a fake JWT claim. Application may use the fake JWT claim to do the authorization. This impacts following ESPv1 usages: 1) Users have configured ESPv1 to do JWT authentication with Google ID Token as described in the referenced google endpoint document. 2) Users backend application is using the info in the \"X-Endpoint-API-UserInfo\" header to do the authorization. It has been fixed by v1.58.0. You need to patch it in the following ways: * If your docker image is using tag \":1\", needs to re-start the container to pick up the new version. The tag \":1\" will automatically point to the latest version. * If your docker image tag pings to a specific minor version, e.g. \":1.57\". You need to update it to \":1.58\" and re-start the container. There are no workaround for this issue." } ] }, diff --git a/2021/41xxx/CVE-2021-41524.json b/2021/41xxx/CVE-2021-41524.json index a21ba6ea0af..633bb2ce476 100644 --- a/2021/41xxx/CVE-2021-41524.json +++ b/2021/41xxx/CVE-2021-41524.json @@ -77,6 +77,11 @@ "refsource": "MLIST", "name": "[oss-security] 20211005 CVE-2021-41524: Apache HTTP Server: null pointer dereference in h2 fuzzing", "url": "http://www.openwall.com/lists/oss-security/2021/10/05/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-5d2d4b6ac5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/" } ] },