From 8ab82b590dbbc8a58387f041d94d0f863753e83e Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 31 Jul 2023 04:00:29 +0000 Subject: [PATCH] Auto-Update: 2023-07-31T04:00:26.572546+00:00 --- CVE-2020/CVE-2020-48xx/CVE-2020-4868.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-225xx/CVE-2023-22595.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-249xx/CVE-2023-24971.json | 59 +++++++++++++++++++++ README.md | 17 +++--- 4 files changed, 180 insertions(+), 10 deletions(-) create mode 100644 CVE-2020/CVE-2020-48xx/CVE-2020-4868.json create mode 100644 CVE-2023/CVE-2023-225xx/CVE-2023-22595.json create mode 100644 CVE-2023/CVE-2023-249xx/CVE-2023-24971.json diff --git a/CVE-2020/CVE-2020-48xx/CVE-2020-4868.json b/CVE-2020/CVE-2020-48xx/CVE-2020-4868.json new file mode 100644 index 00000000000..cd10df81dc2 --- /dev/null +++ b/CVE-2020/CVE-2020-48xx/CVE-2020-4868.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2020-4868", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-07-31T02:15:09.673", + "lastModified": "2023-07-31T02:15:09.673", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190744", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7015393", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-225xx/CVE-2023-22595.json b/CVE-2023/CVE-2023-225xx/CVE-2023-22595.json new file mode 100644 index 00000000000..a5cc4190bb6 --- /dev/null +++ b/CVE-2023/CVE-2023-225xx/CVE-2023-22595.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-22595", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-07-31T02:15:09.803", + "lastModified": "2023-07-31T02:15:09.803", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244076." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7014929", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24971.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24971.json new file mode 100644 index 00000000000..b533f3e7c5a --- /dev/null +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24971.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-24971", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-07-31T02:15:09.893", + "lastModified": "2023-07-31T02:15:09.893", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nIBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/246976", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7014933", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 44117b1b5a0..807239ed180 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-31T02:00:26.915123+00:00 +2023-07-31T04:00:26.572546+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-31T01:15:10.017000+00:00 +2023-07-31T02:15:09.893000+00:00 ``` ### Last Data Feed Release @@ -29,19 +29,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -221288 +221291 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `3` -* [CVE-2022-43831](CVE-2022/CVE-2022-438xx/CVE-2022-43831.json) (`2023-07-31T01:15:09.550`) -* [CVE-2023-35016](CVE-2023/CVE-2023-350xx/CVE-2023-35016.json) (`2023-07-31T01:15:09.667`) -* [CVE-2023-35019](CVE-2023/CVE-2023-350xx/CVE-2023-35019.json) (`2023-07-31T01:15:09.757`) -* [CVE-2023-4005](CVE-2023/CVE-2023-40xx/CVE-2023-4005.json) (`2023-07-31T01:15:09.840`) -* [CVE-2023-4006](CVE-2023/CVE-2023-40xx/CVE-2023-4006.json) (`2023-07-31T01:15:09.937`) -* [CVE-2023-4007](CVE-2023/CVE-2023-40xx/CVE-2023-4007.json) (`2023-07-31T01:15:10.017`) +* [CVE-2020-4868](CVE-2020/CVE-2020-48xx/CVE-2020-4868.json) (`2023-07-31T02:15:09.673`) +* [CVE-2023-22595](CVE-2023/CVE-2023-225xx/CVE-2023-22595.json) (`2023-07-31T02:15:09.803`) +* [CVE-2023-24971](CVE-2023/CVE-2023-249xx/CVE-2023-24971.json) (`2023-07-31T02:15:09.893`) ### CVEs modified in the last Commit