Auto-Update: 2025-01-27T03:00:19.604108+00:00

CVE-2023/CVE-2023-461xx/CVE-2023-46187.json

@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2023-46187",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2025-01-27T02:15:27.750",
+  "lastModified": "2025-01-27T02:15:27.750",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.ibm.com/support/pages/node/7173892",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-287xx/CVE-2024-28766.json

@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-28766",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2025-01-27T02:15:28.253",
+  "lastModified": "2025-01-27T02:15:28.253",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
+          "baseScore": 2.4,
+          "baseSeverity": "LOW",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 0.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-548"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.ibm.com/support/pages/node/7161444",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-287xx/CVE-2024-28770.json

@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-28770",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2025-01-27T02:15:28.407",
+  "lastModified": "2025-01-27T02:15:28.407",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
+          "baseScore": 4.8,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-614"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.ibm.com/support/pages/node/7161444",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-287xx/CVE-2024-28771.json

@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-28771",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2025-01-27T02:15:28.553",
+  "lastModified": "2025-01-27T02:15:28.553",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
+          "baseScore": 4.8,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-614"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.ibm.com/support/pages/node/7161444",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-01-27T00:55:31.671717+00:00
+2025-01-27T03:00:19.604108+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-01-27T00:15:26.517000+00:00
+2025-01-27T02:15:28.553000+00:00
 ```
 
 ### Last Data Feed Release
@@ -27,22 +27,23 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
 
 ```plain
-2025-01-26T01:00:04.334646+00:00
+2025-01-27T01:00:04.374067+00:00
 ```
 
 ### Total Number of included CVEs
 
 ```plain
-278999
+279003
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `3`
+Recently added CVEs: `4`
 
-- [CVE-2025-0720](CVE-2025/CVE-2025-07xx/CVE-2025-0720.json) (`2025-01-26T23:15:21.547`)
-- [CVE-2025-0721](CVE-2025/CVE-2025-07xx/CVE-2025-0721.json) (`2025-01-27T00:15:26.317`)
-- [CVE-2025-0722](CVE-2025/CVE-2025-07xx/CVE-2025-0722.json) (`2025-01-27T00:15:26.517`)
+- [CVE-2023-46187](CVE-2023/CVE-2023-461xx/CVE-2023-46187.json) (`2025-01-27T02:15:27.750`)
+- [CVE-2024-28766](CVE-2024/CVE-2024-287xx/CVE-2024-28766.json) (`2025-01-27T02:15:28.253`)
+- [CVE-2024-28770](CVE-2024/CVE-2024-287xx/CVE-2024-28770.json) (`2025-01-27T02:15:28.407`)
+- [CVE-2024-28771](CVE-2024/CVE-2024-287xx/CVE-2024-28771.json) (`2025-01-27T02:15:28.553`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -235547,6 +235547,7 @@ CVE-2023-46181,0,0,7db94ce0542139fb0f4b825ee15b66e74831929caf8ec2bf9c6da1b7e7130
 CVE-2023-46182,0,0,7705f9133b8264c630b8811790194e5b749781d9842f011884658162bd355d29,2024-11-21T08:28:01.980000
 CVE-2023-46183,0,0,381c0c34e4bb85912abf6cef707f2b78273838b5e2c637ec311bfc3db3fa9ea1,2024-11-21T08:28:02.103000
 CVE-2023-46186,0,0,80abfc94a8f15b17311bf769031b8a124644ec766e404d60459e5a868747eedd,2024-11-21T08:28:02.253000
+CVE-2023-46187,1,1,f0720765475040d0952718f6034d5fd5ac9e8c165c27542b2a05b2cb33f4c064,2025-01-27T02:15:27.750000
 CVE-2023-46188,0,0,d7b0a16f2763ef6025d8aa76c9d5cf8a9a07e3b8b069693a5fafe3ae566ee9db,2025-01-02T12:15:11.127000
 CVE-2023-46189,0,0,f28806dd1bbd926b5db91acfeb333ca7e88214a3d98d437fece40edfdf19737f,2024-11-21T08:28:02.410000
 CVE-2023-46190,0,0,0ad59e8934a86a013c76f33b7c20f311ee90f6bc3cc0a4d121c6dc8d8c306d8d,2024-11-21T08:28:02.550000
@@ -253597,8 +253598,11 @@ CVE-2024-28760,0,0,87ee4a50e50beb3eb3a2ff436ddbd84c55b2df2ce2872466f7017d881731e
 CVE-2024-28761,0,0,f990216988bc90d162638e8b7945a6d12e4276303d0bad539d5b65fad7ce50a0,2025-01-07T21:02:54.690000
 CVE-2024-28762,0,0,e7146f96c55753c65cd4f661c712c523979eaaba20e1cbe7b3b78b7197e1711c,2024-11-21T09:06:55.017000
 CVE-2024-28764,0,0,42363a94f8163c9cad8147d31e6295d669ad4dcbcb1cf61276272a7a155229ea,2024-11-21T09:06:55.180000
+CVE-2024-28766,1,1,f5f8c94ad3c90033c091913840a4083da9be1338a9dd2c091ad18cd54071eeac,2025-01-27T02:15:28.253000
 CVE-2024-28767,0,0,3dcbbe23de561638ccf8a9738544653a62b61fe75d19cdbb00efaaf18a46718a,2024-12-20T14:15:23.850000
 CVE-2024-2877,0,0,e8536f3b9a8db8cfb1a01dc3baa76bd8616106f111c0e4e2021b78fa36854ec8,2024-11-21T09:10:44.020000
+CVE-2024-28770,1,1,02e2d0735c9fb8afb36217eabc1c8c90f1575c1918758fdda763ad63f32b91f6,2025-01-27T02:15:28.407000
+CVE-2024-28771,1,1,cbab86249397dd52365545366a532ae0eccdfaa40bbb8c36a47c61a3f59d856b,2025-01-27T02:15:28.553000
 CVE-2024-28772,0,0,78e1b65ccd01d2b2cb5151ac2638f146b229ea64b2c3771ff8b54d177679ec5a,2024-11-21T09:06:55.327000
 CVE-2024-28775,0,0,6a2db0e9a4b51ca58dc1a2ce04ae9f65cde9a99b61684111bcbdf3398dd02cad,2024-11-21T09:06:55.493000
 CVE-2024-28778,0,0,ec5802dfee3b138bf2f66b9c23844fcaeb53806b2668ca7c9490ad6fae2b4a1f,2025-01-07T16:15:33.113000
@@ -277749,9 +277753,9 @@ CVE-2025-0707,0,0,811af14c14c0a3b5a80f66025364f309edc4fe1d62ed897fbf3dfde8e4e9cd
 CVE-2025-0708,0,0,4a67dffd73a44f6c1bc3efea10acc8736f5bcaa22b0e0a5da65bd9a2075ec6b9,2025-01-24T20:15:34.200000
 CVE-2025-0709,0,0,1535a309b5582acb2180b5d077e9cc094ac386682f86c558adb350d7cc17c6da,2025-01-24T21:15:11.237000
 CVE-2025-0710,0,0,89a9f68eba5da206b05439935d78cbb5d7e1efd36c8ff9755b3b952b82bceaf5,2025-01-24T21:15:11.420000
-CVE-2025-0720,1,1,3d334bc5cfcf007ce99f555b2863380542fff74631bf3ac24195b7e910344530,2025-01-26T23:15:21.547000
-CVE-2025-0721,1,1,0fd36a356c0ad7bbfe14acbe97d07452aa51fcacd6b135289e961a1feb380b84,2025-01-27T00:15:26.317000
-CVE-2025-0722,1,1,a8a6ca79cbb757cbfd7cd93cc2a02b5c63bd231ae368388a8a6548a8e9a7e183,2025-01-27T00:15:26.517000
+CVE-2025-0720,0,0,3d334bc5cfcf007ce99f555b2863380542fff74631bf3ac24195b7e910344530,2025-01-26T23:15:21.547000
+CVE-2025-0721,0,0,0fd36a356c0ad7bbfe14acbe97d07452aa51fcacd6b135289e961a1feb380b84,2025-01-27T00:15:26.317000
+CVE-2025-0722,0,0,a8a6ca79cbb757cbfd7cd93cc2a02b5c63bd231ae368388a8a6548a8e9a7e183,2025-01-27T00:15:26.517000
 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000
 CVE-2025-20033,0,0,6c60c85e451f1d6db70378d678ddf83dacc7c823ecfb493748ed6d94114eff49,2025-01-09T07:15:28.450000
 CVE-2025-20036,0,0,a1d7639f0e568c5953a2962f5a2be630b5737d729f8c4f565a3eec7e4bf19549,2025-01-15T17:15:18.950000