From ef39f8844b02ebd573dcf8087dd5f3045e5cd531 Mon Sep 17 00:00:00 2001
From: cad-safe-bot <cad-safe-bot@protonmail.com>
Date: Mon, 27 Jan 2025 03:03:47 +0000
Subject: [PATCH] Auto-Update: 2025-01-27T03:00:19.604108+00:00

---
 CVE-2023/CVE-2023-461xx/CVE-2023-46187.json | 56 +++++++++++++++++++++
 CVE-2024/CVE-2024-287xx/CVE-2024-28766.json | 56 +++++++++++++++++++++
 CVE-2024/CVE-2024-287xx/CVE-2024-28770.json | 56 +++++++++++++++++++++
 CVE-2024/CVE-2024-287xx/CVE-2024-28771.json | 56 +++++++++++++++++++++
 README.md                                   | 17 ++++---
 _state.csv                                  | 10 ++--
 6 files changed, 240 insertions(+), 11 deletions(-)
 create mode 100644 CVE-2023/CVE-2023-461xx/CVE-2023-46187.json
 create mode 100644 CVE-2024/CVE-2024-287xx/CVE-2024-28766.json
 create mode 100644 CVE-2024/CVE-2024-287xx/CVE-2024-28770.json
 create mode 100644 CVE-2024/CVE-2024-287xx/CVE-2024-28771.json

diff --git a/CVE-2023/CVE-2023-461xx/CVE-2023-46187.json b/CVE-2023/CVE-2023-461xx/CVE-2023-46187.json
new file mode 100644
index 00000000000..22d7d341235
--- /dev/null
+++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46187.json
@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2023-46187",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2025-01-27T02:15:27.750",
+  "lastModified": "2025-01-27T02:15:27.750",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.ibm.com/support/pages/node/7173892",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-287xx/CVE-2024-28766.json b/CVE-2024/CVE-2024-287xx/CVE-2024-28766.json
new file mode 100644
index 00000000000..8a472c8bdfc
--- /dev/null
+++ b/CVE-2024/CVE-2024-287xx/CVE-2024-28766.json
@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-28766",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2025-01-27T02:15:28.253",
+  "lastModified": "2025-01-27T02:15:28.253",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
+          "baseScore": 2.4,
+          "baseSeverity": "LOW",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 0.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-548"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.ibm.com/support/pages/node/7161444",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-287xx/CVE-2024-28770.json b/CVE-2024/CVE-2024-287xx/CVE-2024-28770.json
new file mode 100644
index 00000000000..95c1c0cc8d6
--- /dev/null
+++ b/CVE-2024/CVE-2024-287xx/CVE-2024-28770.json
@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-28770",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2025-01-27T02:15:28.407",
+  "lastModified": "2025-01-27T02:15:28.407",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
+          "baseScore": 4.8,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-614"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.ibm.com/support/pages/node/7161444",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-287xx/CVE-2024-28771.json b/CVE-2024/CVE-2024-287xx/CVE-2024-28771.json
new file mode 100644
index 00000000000..fa4986e7f21
--- /dev/null
+++ b/CVE-2024/CVE-2024-287xx/CVE-2024-28771.json
@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-28771",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2025-01-27T02:15:28.553",
+  "lastModified": "2025-01-27T02:15:28.553",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
+          "baseScore": 4.8,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-614"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.ibm.com/support/pages/node/7161444",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index 86ac295b6ef..6638e56f7e2 100644
--- a/README.md
+++ b/README.md
@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-01-27T00:55:31.671717+00:00
+2025-01-27T03:00:19.604108+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-01-27T00:15:26.517000+00:00
+2025-01-27T02:15:28.553000+00:00
 ```
 
 ### Last Data Feed Release
@@ -27,22 +27,23 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
 
 ```plain
-2025-01-26T01:00:04.334646+00:00
+2025-01-27T01:00:04.374067+00:00
 ```
 
 ### Total Number of included CVEs
 
 ```plain
-278999
+279003
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `3`
+Recently added CVEs: `4`
 
-- [CVE-2025-0720](CVE-2025/CVE-2025-07xx/CVE-2025-0720.json) (`2025-01-26T23:15:21.547`)
-- [CVE-2025-0721](CVE-2025/CVE-2025-07xx/CVE-2025-0721.json) (`2025-01-27T00:15:26.317`)
-- [CVE-2025-0722](CVE-2025/CVE-2025-07xx/CVE-2025-0722.json) (`2025-01-27T00:15:26.517`)
+- [CVE-2023-46187](CVE-2023/CVE-2023-461xx/CVE-2023-46187.json) (`2025-01-27T02:15:27.750`)
+- [CVE-2024-28766](CVE-2024/CVE-2024-287xx/CVE-2024-28766.json) (`2025-01-27T02:15:28.253`)
+- [CVE-2024-28770](CVE-2024/CVE-2024-287xx/CVE-2024-28770.json) (`2025-01-27T02:15:28.407`)
+- [CVE-2024-28771](CVE-2024/CVE-2024-287xx/CVE-2024-28771.json) (`2025-01-27T02:15:28.553`)
 
 
 ### CVEs modified in the last Commit
diff --git a/_state.csv b/_state.csv
index 757bc6f3e1c..6aba6e2b972 100644
--- a/_state.csv
+++ b/_state.csv
@@ -235547,6 +235547,7 @@ CVE-2023-46181,0,0,7db94ce0542139fb0f4b825ee15b66e74831929caf8ec2bf9c6da1b7e7130
 CVE-2023-46182,0,0,7705f9133b8264c630b8811790194e5b749781d9842f011884658162bd355d29,2024-11-21T08:28:01.980000
 CVE-2023-46183,0,0,381c0c34e4bb85912abf6cef707f2b78273838b5e2c637ec311bfc3db3fa9ea1,2024-11-21T08:28:02.103000
 CVE-2023-46186,0,0,80abfc94a8f15b17311bf769031b8a124644ec766e404d60459e5a868747eedd,2024-11-21T08:28:02.253000
+CVE-2023-46187,1,1,f0720765475040d0952718f6034d5fd5ac9e8c165c27542b2a05b2cb33f4c064,2025-01-27T02:15:27.750000
 CVE-2023-46188,0,0,d7b0a16f2763ef6025d8aa76c9d5cf8a9a07e3b8b069693a5fafe3ae566ee9db,2025-01-02T12:15:11.127000
 CVE-2023-46189,0,0,f28806dd1bbd926b5db91acfeb333ca7e88214a3d98d437fece40edfdf19737f,2024-11-21T08:28:02.410000
 CVE-2023-46190,0,0,0ad59e8934a86a013c76f33b7c20f311ee90f6bc3cc0a4d121c6dc8d8c306d8d,2024-11-21T08:28:02.550000
@@ -253597,8 +253598,11 @@ CVE-2024-28760,0,0,87ee4a50e50beb3eb3a2ff436ddbd84c55b2df2ce2872466f7017d881731e
 CVE-2024-28761,0,0,f990216988bc90d162638e8b7945a6d12e4276303d0bad539d5b65fad7ce50a0,2025-01-07T21:02:54.690000
 CVE-2024-28762,0,0,e7146f96c55753c65cd4f661c712c523979eaaba20e1cbe7b3b78b7197e1711c,2024-11-21T09:06:55.017000
 CVE-2024-28764,0,0,42363a94f8163c9cad8147d31e6295d669ad4dcbcb1cf61276272a7a155229ea,2024-11-21T09:06:55.180000
+CVE-2024-28766,1,1,f5f8c94ad3c90033c091913840a4083da9be1338a9dd2c091ad18cd54071eeac,2025-01-27T02:15:28.253000
 CVE-2024-28767,0,0,3dcbbe23de561638ccf8a9738544653a62b61fe75d19cdbb00efaaf18a46718a,2024-12-20T14:15:23.850000
 CVE-2024-2877,0,0,e8536f3b9a8db8cfb1a01dc3baa76bd8616106f111c0e4e2021b78fa36854ec8,2024-11-21T09:10:44.020000
+CVE-2024-28770,1,1,02e2d0735c9fb8afb36217eabc1c8c90f1575c1918758fdda763ad63f32b91f6,2025-01-27T02:15:28.407000
+CVE-2024-28771,1,1,cbab86249397dd52365545366a532ae0eccdfaa40bbb8c36a47c61a3f59d856b,2025-01-27T02:15:28.553000
 CVE-2024-28772,0,0,78e1b65ccd01d2b2cb5151ac2638f146b229ea64b2c3771ff8b54d177679ec5a,2024-11-21T09:06:55.327000
 CVE-2024-28775,0,0,6a2db0e9a4b51ca58dc1a2ce04ae9f65cde9a99b61684111bcbdf3398dd02cad,2024-11-21T09:06:55.493000
 CVE-2024-28778,0,0,ec5802dfee3b138bf2f66b9c23844fcaeb53806b2668ca7c9490ad6fae2b4a1f,2025-01-07T16:15:33.113000
@@ -277749,9 +277753,9 @@ CVE-2025-0707,0,0,811af14c14c0a3b5a80f66025364f309edc4fe1d62ed897fbf3dfde8e4e9cd
 CVE-2025-0708,0,0,4a67dffd73a44f6c1bc3efea10acc8736f5bcaa22b0e0a5da65bd9a2075ec6b9,2025-01-24T20:15:34.200000
 CVE-2025-0709,0,0,1535a309b5582acb2180b5d077e9cc094ac386682f86c558adb350d7cc17c6da,2025-01-24T21:15:11.237000
 CVE-2025-0710,0,0,89a9f68eba5da206b05439935d78cbb5d7e1efd36c8ff9755b3b952b82bceaf5,2025-01-24T21:15:11.420000
-CVE-2025-0720,1,1,3d334bc5cfcf007ce99f555b2863380542fff74631bf3ac24195b7e910344530,2025-01-26T23:15:21.547000
-CVE-2025-0721,1,1,0fd36a356c0ad7bbfe14acbe97d07452aa51fcacd6b135289e961a1feb380b84,2025-01-27T00:15:26.317000
-CVE-2025-0722,1,1,a8a6ca79cbb757cbfd7cd93cc2a02b5c63bd231ae368388a8a6548a8e9a7e183,2025-01-27T00:15:26.517000
+CVE-2025-0720,0,0,3d334bc5cfcf007ce99f555b2863380542fff74631bf3ac24195b7e910344530,2025-01-26T23:15:21.547000
+CVE-2025-0721,0,0,0fd36a356c0ad7bbfe14acbe97d07452aa51fcacd6b135289e961a1feb380b84,2025-01-27T00:15:26.317000
+CVE-2025-0722,0,0,a8a6ca79cbb757cbfd7cd93cc2a02b5c63bd231ae368388a8a6548a8e9a7e183,2025-01-27T00:15:26.517000
 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000
 CVE-2025-20033,0,0,6c60c85e451f1d6db70378d678ddf83dacc7c823ecfb493748ed6d94114eff49,2025-01-09T07:15:28.450000
 CVE-2025-20036,0,0,a1d7639f0e568c5953a2962f5a2be630b5737d729f8c4f565a3eec7e4bf19549,2025-01-15T17:15:18.950000