Auto-Update: 2024-07-08T04:00:46.600768+00:00

2025-05-07 19:16:29 +00:00 · 2024-07-08 04:03:40 +00:00 · 2024-07-08 04:03:40 +00:00 · 7ee6fbedc4
commit 7ee6fbedc4
parent 3f3ce85486
5 changed files with 192 additions and 8 deletions
--- a/CVE-2024/CVE-2024-318xx/CVE-2024-31897.json
+++ b/CVE-2024/CVE-2024-318xx/CVE-2024-31897.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-31897",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2024-07-08T03:15:02.200",
+  "lastModified": "2024-07-08T03:15:02.200",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.  IBM X-Force ID:  288178."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-918"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288178",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://www.ibm.com/support/pages/node/7159332",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-375xx/CVE-2024-37528.json
+++ b/CVE-2024/CVE-2024-375xx/CVE-2024-37528.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-37528",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2024-07-08T03:15:02.450",
+  "lastModified": "2024-07-08T03:15:02.450",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  294293."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.7,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/294293",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://www.ibm.com/support/pages/node/7159332",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-383xx/CVE-2024-38330.json
+++ b/CVE-2024/CVE-2024-383xx/CVE-2024-38330.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-38330",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2024-07-08T02:15:01.963",
+  "lastModified": "2024-07-08T02:15:01.963",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call.  A malicious actor could cause user-controlled code to run with administrator privilege.  IBM X-Force ID:  295227."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.0,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.0,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-427"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295227",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://www.ibm.com/support/pages/node/7159615",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-07-08T02:00:52.780388+00:00
+2024-07-08T04:00:46.600768+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-07-08T01:15:12.283000+00:00
+2024-07-08T03:15:02.450000+00:00
 ```

 ### Last Data Feed Release
@ -33,15 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-255982
+255985
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `3`

- [CVE-2024-39723](CVE-2024/CVE-2024-397xx/CVE-2024-39723.json) (`2024-07-08T01:15:12.283`)
- [CVE-2024-5711](CVE-2024/CVE-2024-57xx/CVE-2024-5711.json) (`2024-07-08T00:15:01.940`)
+- [CVE-2024-31897](CVE-2024/CVE-2024-318xx/CVE-2024-31897.json) (`2024-07-08T03:15:02.200`)
+- [CVE-2024-37528](CVE-2024/CVE-2024-375xx/CVE-2024-37528.json) (`2024-07-08T03:15:02.450`)
+- [CVE-2024-38330](CVE-2024/CVE-2024-383xx/CVE-2024-38330.json) (`2024-07-08T02:15:01.963`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -250140,6 +250140,7 @@ CVE-2024-31890,0,0,eda850bb7869648d895763435641ab97f0cfe4aeba8f677c829b9f47f4e39
 CVE-2024-31893,0,0,12d01c628fd750c0cbf441575efefbf394d1654280d687a3cb134821594970b6,2024-05-24T01:15:30.977000
 CVE-2024-31894,0,0,5d58af989adc88e1f21decb4e4b73370061e14ed54479d7579f2f2b5b7332e1e,2024-05-24T01:15:30.977000
 CVE-2024-31895,0,0,38db7df97417d61bcac3e1b48b52fd0d409c4088497b5231955dcf460bac575b,2024-05-24T01:15:30.977000
+CVE-2024-31897,1,1,182a4efe962bd0dda6fe8374c6f347433cb7182e6d81b169ce8637e886650c5d,2024-07-08T03:15:02.200000
 CVE-2024-31898,0,0,fe11d56c38d536e9464d27f478b4e4ead8cc2f4ae21f96cd1641416bd47ac1cc,2024-07-01T12:37:24.220000
 CVE-2024-3190,0,0,c17e9142af04bd9f9561cc561aacffdced5eb94e572636fb91c22838cccaf428,2024-05-30T13:15:41.297000
 CVE-2024-31902,0,0,691e6ecfd39ef5647a37266bd43ffa72513315c6d9b9212e3f86fe6033112d46,2024-07-01T12:37:24.220000
@ -253544,6 +253545,7 @@ CVE-2024-3748,0,0,130f91484f33c46b6a8a1b827c41c8bedf887e9f91a42beeaa1df38ecf15e9
 CVE-2024-3749,0,0,b3391f40e1bcbcef1a08d3c4874bc14a907340ab4c3bf6aac04f7b2d59e58359,2024-07-03T02:06:31.950000
 CVE-2024-3750,0,0,803f7e301e80982b4e00371ccc1f410724a29d03fdd424fb4c54aeb0b034ff94,2024-05-16T13:03:05.353000
 CVE-2024-3752,0,0,06a3522f543993aef42f352f0c011207c560c2e5a1d63c9d8ccc34a87adab0ce,2024-05-06T12:44:56.377000
+CVE-2024-37528,1,1,466e44ca3d67cf0bd2554ddb994b6a482df15c519fa37763028d9eaa54c0db71,2024-07-08T03:15:02.450000
 CVE-2024-37532,0,0,e146e982646d7ada5c23ac27c75ae644abb706f6257f2f96ca13a6820b942f27,2024-06-20T16:07:50.417000
 CVE-2024-37535,0,0,062f7ebb43bb6d2a8ccb3332e5242404947b076c7894d1777e030e1c8e622113,2024-07-03T02:04:19.710000
 CVE-2024-37539,0,0,cf8215e427c44405b85d45864072ac95523da6695b14f5bb6424adeb6f0f0b13,2024-07-06T13:15:10.190000
@ -253754,6 +253756,7 @@ CVE-2024-3832,0,0,1075b96952121645fbb81b228e0c3813e39db7e21c4c9aa1fc24c30b61618c
 CVE-2024-38322,0,0,2ad94da74065acba3b226c62072e2f5047b092e831ca2ac4223b96f7198e87ca,2024-07-01T12:37:24.220000
 CVE-2024-38329,0,0,6a4543a55a7780ada6e17c79a82dd0a8355d271b676150df85f00b992a580a6b,2024-06-20T12:44:01.637000
 CVE-2024-3833,0,0,ba630503495cf2aaf1fce7ce704a30930ed35eb1665a53e19102e8c18f607a36,2024-05-03T03:16:28.940000
+CVE-2024-38330,1,1,afd0aa77c5cf4ac189f407ee8c2028f9b8b0c930533e7b174cdca01535213723,2024-07-08T02:15:01.963000
 CVE-2024-3834,0,0,a26b5bbbf7ca8a185b9797b4c7859f6535301f1ab4b8908e1c720ae8be2c469e,2024-07-03T02:06:36.447000
 CVE-2024-38344,0,0,9ab5a9367a4478293ac2379112f78ca200a2cb316c550e5b0a6b06a397872c02,2024-07-05T12:55:51.367000
 CVE-2024-38345,0,0,1774bc0880f4df20bde976d92e0bffb0cb942e8f3f0d5a48fcaa1b81b6829fd6,2024-07-05T12:55:51.367000
@ -254219,7 +254222,7 @@ CVE-2024-39705,0,0,91d39f33d5bd2d9618d124407e406b5aefb3921b0f0d526c128476a465358
 CVE-2024-39708,0,0,111516979aea28b8e657aa098e90e19a44667358e9b94bc0cc0d55aace553cee,2024-06-28T10:27:00.920000
 CVE-2024-3971,0,0,1320cc801330d2d12e5c1ffdfdf6be7f25a4100ca447a2f7a5815c90f2431f60,2024-06-17T12:42:04.623000
 CVE-2024-3972,0,0,336c66699a431faa29a5282b5eb6832d488e7d167b3d03dca5d4b3950fce0bec,2024-06-17T12:42:04.623000
-CVE-2024-39723,1,1,d96f5452a9111c88cf72e549ad59361cff4c806be10625ef83db1c7ab2520662,2024-07-08T01:15:12.283000
+CVE-2024-39723,0,0,d96f5452a9111c88cf72e549ad59361cff4c806be10625ef83db1c7ab2520662,2024-07-08T01:15:12.283000
 CVE-2024-3974,0,0,30b94b89b01dd2c6057362330f67dc78937f3f3edffa0c5a57e7602f711f919a,2024-05-14T16:11:39.510000
 CVE-2024-3977,0,0,e9f44416847592725fc2cd47ffed9c743bca75989a5c2d940c73903d22d68b79,2024-06-17T12:42:04.623000
 CVE-2024-3978,0,0,338ec55d360d0ecf1dfe595690a2d37e24aa4129fa5a75aae324bfa31cd2fe9a,2024-06-17T12:42:04.623000
@ -255598,7 +255601,7 @@ CVE-2024-5700,0,0,75281b3d92ab48138fa84376c62cf06e3b235ecbf0492685b83c4b5de8ec65
 CVE-2024-5701,0,0,c0b77ae9f34889006ada566ff239d80e91c1e1e51e6239a509f45a6d387ce8ce,2024-06-11T13:54:12.057000
 CVE-2024-5702,0,0,050114b692a9d22e1a3779ff238583d9efc9d6e8072ff7c077a659f94eb85b8c,2024-06-19T10:15:11.583000
 CVE-2024-5710,0,0,bbba5caf4cb4f465fb2a1f44424b7af778bd56d5f1b17eb3b38248b8a0397322,2024-07-01T10:15:30.183000
-CVE-2024-5711,1,1,d9db03d6362abb942f4ac27229f074628c924324fa288e57eb21704281f10e54,2024-07-08T00:15:01.940000
+CVE-2024-5711,0,0,d9db03d6362abb942f4ac27229f074628c924324fa288e57eb21704281f10e54,2024-07-08T00:15:01.940000
 CVE-2024-5712,0,0,782e6f09ec4801a2090922da0634157b6b0760d6d2ff619b99db06cdc44198b4,2024-07-01T12:37:24.220000
 CVE-2024-5714,0,0,d09606fe85d7a014a058870c51f9ff79e6af54534c316b686a2562e2d0e92e3e,2024-06-27T19:25:12.067000
 CVE-2024-5724,0,0,03384c71395c84af225b0ffa60ba9818c028df2b73c4ae064cd0a263a53e8317,2024-06-20T12:44:01.637000