diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50311.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50311.json new file mode 100644 index 00000000000..e854a268fe9 --- /dev/null +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50311.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-50311", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-03-31T12:15:49.340", + "lastModified": "2024-03-31T12:15:49.340", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 273612." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273612", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://https://www.ibm.com/support/pages/node/7145418", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50959.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50959.json new file mode 100644 index 00000000000..664cedc860c --- /dev/null +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50959.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-50959", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-03-31T12:15:50.130", + "lastModified": "2024-03-31T12:15:50.130", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-497" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275938", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7145492", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22353.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22353.json new file mode 100644 index 00000000000..b6ef530ef9d --- /dev/null +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22353.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-22353", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-03-31T12:15:50.430", + "lastModified": "2024-03-31T12:15:50.430", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280400", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7145365", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-250xx/CVE-2024-25027.json b/CVE-2024/CVE-2024-250xx/CVE-2024-25027.json new file mode 100644 index 00000000000..ae62d6e295b --- /dev/null +++ b/CVE-2024/CVE-2024-250xx/CVE-2024-25027.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-25027", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-03-31T12:15:50.637", + "lastModified": "2024-03-31T12:15:50.637", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-311" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281607", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7145400", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 45d00d0a172..63af6178074 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-03-31T10:00:40.034940+00:00 +2024-03-31T14:00:37.764669+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-03-31T09:15:10.730000+00:00 +2024-03-31T12:15:50.637000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -243450 +243454 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `4` -- [CVE-2017-20191](CVE-2017/CVE-2017-201xx/CVE-2017-20191.json) (`2024-03-31T09:15:10.280`) -- [CVE-2020-36828](CVE-2020/CVE-2020-368xx/CVE-2020-36828.json) (`2024-03-31T09:15:10.730`) +- [CVE-2023-50311](CVE-2023/CVE-2023-503xx/CVE-2023-50311.json) (`2024-03-31T12:15:49.340`) +- [CVE-2023-50959](CVE-2023/CVE-2023-509xx/CVE-2023-50959.json) (`2024-03-31T12:15:50.130`) +- [CVE-2024-22353](CVE-2024/CVE-2024-223xx/CVE-2024-22353.json) (`2024-03-31T12:15:50.430`) +- [CVE-2024-25027](CVE-2024/CVE-2024-250xx/CVE-2024-25027.json) (`2024-03-31T12:15:50.637`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index a16bac1c685..e000b9446dc 100644 --- a/_state.csv +++ b/_state.csv @@ -102514,7 +102514,7 @@ CVE-2017-20188,0,0,5e34d93b21fe7321c82d49a605337e6d50587ce01b2027eee936b0f098c6d CVE-2017-20189,0,0,ade6bda6eb375aea7e40860fb59e445e1362eb93fcbec7e5bd5fe9f30b51df83,2024-01-30T23:01:53.763000 CVE-2017-2019,0,0,dc04a8afedb59054a87aa83702e5d1a9be8b97c84d93317a02ad5a89cce57517,2023-11-07T02:43:30.710000 CVE-2017-20190,0,0,d6a3439746c47f94d7e43a0126133d2071cc2ffe6abcadac181840167202087c,2024-03-27T12:29:30.307000 -CVE-2017-20191,1,1,e9d05a7fefefdbcd53ce8248a6151cd1c54ec2d5cbeb7bfef833634083a7a74d,2024-03-31T09:15:10.280000 +CVE-2017-20191,0,0,e9d05a7fefefdbcd53ce8248a6151cd1c54ec2d5cbeb7bfef833634083a7a74d,2024-03-31T09:15:10.280000 CVE-2017-2020,0,0,1de7d9952d4ce4a083b4f5b601557cf3eac5817062c0e0c3221158b7e3633c59,2023-11-07T02:43:30.943000 CVE-2017-2021,0,0,5561d4e26eee42c3b8d9e152476dd3066bfe2b5d26fe21ef1984c0688825c48d,2023-11-07T02:43:31.170000 CVE-2017-2022,0,0,ffe952c9e7c702bef66315b1f42a683ab9282273d19789f2033671a028ec813d,2023-11-07T02:43:31.413000 @@ -159243,7 +159243,7 @@ CVE-2020-3682,0,0,24a4348c2423fb50a4d883ab97a98087dac9114a52e3cd5f84438c3d7a885f CVE-2020-36825,0,0,beef296e9ca6b0a047894781107bf88f271e5c62478ba60a13bb1190d2c6f4ab,2024-03-25T01:51:01.223000 CVE-2020-36826,0,0,ef70df6b5da2390ae0accb834fbfb35959fe5003ceb1c6011a48c2abad7d583d,2024-03-25T13:47:14.087000 CVE-2020-36827,0,0,a6db9cbeae6630d393296ca1c94bea7d65002751fb1c23ce04ca6f82ec820e80,2024-03-25T01:51:01.223000 -CVE-2020-36828,1,1,0760ca079b3d10ce081faf566c3a60c26e1823dfa9ad6d8bb69d77855530c16d,2024-03-31T09:15:10.730000 +CVE-2020-36828,0,0,0760ca079b3d10ce081faf566c3a60c26e1823dfa9ad6d8bb69d77855530c16d,2024-03-31T09:15:10.730000 CVE-2020-3684,0,0,931f112566786124f7d6fcb2bd46c9dcab315dc8e46c2a552446825ac25c83c4,2020-11-06T16:29:14.480000 CVE-2020-3685,0,0,d53e7f1d143037625a0e7accdd772a2ca67acd945a19ee6a44795cb898b977ad,2021-01-29T23:46:03.037000 CVE-2020-3686,0,0,2751b7fc7694785f090b1a831e3239e3ac41b203ebf4010fe60035bec637d53b,2021-01-30T00:10:19.887000 @@ -235013,6 +235013,7 @@ CVE-2023-50305,0,0,52af726547eaa95f1201f2c6f25887776aab26306ea8ffca4b6104efe8e47 CVE-2023-50306,0,0,b7ddc06b3066ca347c84251d1caa127c00e942b8fec6ff8cba9ebf76cc4bab75,2024-02-20T19:50:53.960000 CVE-2023-50308,0,0,4c428dc4aa8f2a5b0595b4c0d28f670c006a7eb1ab0b493ed318005adf3984fc,2024-03-07T17:15:11.473000 CVE-2023-5031,0,0,c4c820f8faf5dd1473a354ddce4f233db0347c04137a5024c560a9cf89cf42f6,2024-03-21T02:50:08.083000 +CVE-2023-50311,1,1,edd3bb1564bc9411c71d1c8c217568371603befa46b65936359933c9c396e69a,2024-03-31T12:15:49.340000 CVE-2023-50312,0,0,6148af5f69534aed77dae184fe2b672b68a4148611b3e761eddeb346c4e8ac63,2024-03-01T14:04:26.010000 CVE-2023-5032,0,0,5a79a43feec1b10179ace323daaa9fec114a614dc3bf7faa317dd3f1e5edb419,2024-03-21T02:50:08.167000 CVE-2023-50324,0,0,cc0221acaafa968ac132d85e25d9b8e598f80dbac724406dbac7c798123ec049,2024-03-01T14:04:26.010000 @@ -235330,6 +235331,7 @@ CVE-2023-50950,0,0,dfea2c60bf930725232ee8dec76ee1dc7db647db5a23e4d3c95d00ce14c24 CVE-2023-50951,0,0,ac9a2ba6b69cc6219b314f88f75f8d16d80977a7838c8861bc4cc4a5a90b32d2,2024-02-20T19:50:53.960000 CVE-2023-50955,0,0,2dac25424bb634048955c93e845cd595a5737c34f7a73119031e8a018fd0e20a,2024-02-22T19:07:27.197000 CVE-2023-50957,0,0,a38d290def706a6975d8b2902c3d1f58a6074172158e1685b40a6a512f9caf13,2024-02-15T04:37:53.297000 +CVE-2023-50959,1,1,166709d390eea2a70b9da0dbee8c97060f8859ce51f2ae6269d33fb70daa4e74,2024-03-31T12:15:50.130000 CVE-2023-5096,0,0,1b0896fcd5a16a2bfc5ce288684748ddee835572b804e4af539b42517b79d371,2023-11-27T22:10:14.173000 CVE-2023-50961,0,0,a9d9b75e02dfcfb3f65c9ff56b43527d188f145358242dce35d298fb3c8bb736,2024-03-27T15:49:51.300000 CVE-2023-50962,0,0,365daa63183eee3bc8e35da897e2163d0fc458ef66adb39b8eb249f4c8a968ff,2024-02-12T14:31:36.920000 @@ -240309,6 +240311,7 @@ CVE-2024-22336,0,0,92b17f3ddf77b7c8a53a41f903603d0d36207de06fae8bd71fc2469777bc3 CVE-2024-22337,0,0,9a674fac9bc4716d61a028d3be9473027552f3c1c11335efca4b4ddefd1e14f0,2024-02-20T19:50:53.960000 CVE-2024-22346,0,0,638ee4e9687c7c28032b432c317662713c057110b08b4b27024e81eb8453bf9e,2024-03-19T16:50:10.570000 CVE-2024-22352,0,0,52b9cf66a5f4972c051208c662d7f56e462da827c07f4b0e55a14efcee339e76,2024-03-21T12:58:51.093000 +CVE-2024-22353,1,1,65749b626d3ae4ed12c691cfa2a61de0e58da4d78aca89dcf8cdd5debbf66af4,2024-03-31T12:15:50.430000 CVE-2024-22355,0,0,90575169d286b28c7ce02c7d947a264d77a6f25776530138b50b2f2dbc394220,2024-03-04T13:58:23.447000 CVE-2024-22356,0,0,bcc46874c9752933a72230517b74ad7a7a0d54dc67e233e91127533dfceeba1c,2024-03-26T17:09:53.043000 CVE-2024-2236,0,0,17401211af38608097c003c3b08d6e3d90e3570b70699d89a2e396d5b72c602a,2024-03-07T13:52:27.110000 @@ -241470,6 +241473,7 @@ CVE-2024-25004,0,0,7a3e97355ce2dbcf95cced55d21b2139e157cf3c2ca72e6e2fce6c561e1f0 CVE-2024-25006,0,0,c414b5ce0a5aca9d12e72e07e5e6c8a1c9166fcb862e4319cd46e89cdea2dabd,2024-02-29T13:49:29.390000 CVE-2024-25016,0,0,b2e53a7c89b3634211a0ab97be429b79a4ba549d8d66332fe5eecf2928e6745c,2024-03-04T13:58:23.447000 CVE-2024-25021,0,0,62a0335232b74d01ee7f015949b10a01e944590aa7448fb13b5616593f03b63e,2024-02-22T19:07:27.197000 +CVE-2024-25027,1,1,2ed4ef27c601d2ae744801a6e1959ae9f21e5e592c05b7842356e468dd978565,2024-03-31T12:15:50.637000 CVE-2024-25062,0,0,9596ed5cf07a8bc8469d4afc28fc727a431af7cff3b6b8e84435c301d9955756,2024-02-13T00:40:40.503000 CVE-2024-25063,0,0,8296c4ac18003d6d927b0c45a19a753add4384ce34fc59926d1f36a726ce4dbf,2024-03-04T22:45:02.117000 CVE-2024-25064,0,0,e90e896eb449d7ccff000c59a6c6d8569d7a679ad8db09883eafe6b89f6c07ea,2024-03-04T22:43:15.337000