Auto-Update: 2024-03-31T14:00:37.764669+00:00

CVE-2023/CVE-2023-503xx/CVE-2023-50311.json

@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-50311",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2024-03-31T12:15:49.340",
+  "lastModified": "2024-03-31T12:15:49.340",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.  IBM X-Force ID:  273612."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-522"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273612",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://https://www.ibm.com/support/pages/node/7145418",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-509xx/CVE-2023-50959.json

@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-50959",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2024-03-31T12:15:50.130",
+  "lastModified": "2024-03-31T12:15:50.130",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account.  IBM X-Force ID:  275938."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-497"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275938",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://www.ibm.com/support/pages/node/7145492",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-223xx/CVE-2024-22353.json

@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-22353",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2024-03-31T12:15:50.430",
+  "lastModified": "2024-03-31T12:15:50.430",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.  IBM X-Force ID:  280400."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-400"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280400",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://www.ibm.com/support/pages/node/7145365",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-250xx/CVE-2024-25027.json

@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-25027",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2024-03-31T12:15:50.637",
+  "lastModified": "2024-03-31T12:15:50.637",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption.  IBM X-Force ID:  281607."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.2,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-311"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281607",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://www.ibm.com/support/pages/node/7145400",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-03-31T10:00:40.034940+00:00
+2024-03-31T14:00:37.764669+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-03-31T09:15:10.730000+00:00
+2024-03-31T12:15:50.637000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,15 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-243450
+243454
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
+Recently added CVEs: `4`
 
-- [CVE-2017-20191](CVE-2017/CVE-2017-201xx/CVE-2017-20191.json) (`2024-03-31T09:15:10.280`)
-- [CVE-2020-36828](CVE-2020/CVE-2020-368xx/CVE-2020-36828.json) (`2024-03-31T09:15:10.730`)
+- [CVE-2023-50311](CVE-2023/CVE-2023-503xx/CVE-2023-50311.json) (`2024-03-31T12:15:49.340`)
+- [CVE-2023-50959](CVE-2023/CVE-2023-509xx/CVE-2023-50959.json) (`2024-03-31T12:15:50.130`)
+- [CVE-2024-22353](CVE-2024/CVE-2024-223xx/CVE-2024-22353.json) (`2024-03-31T12:15:50.430`)
+- [CVE-2024-25027](CVE-2024/CVE-2024-250xx/CVE-2024-25027.json) (`2024-03-31T12:15:50.637`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -102514,7 +102514,7 @@ CVE-2017-20188,0,0,5e34d93b21fe7321c82d49a605337e6d50587ce01b2027eee936b0f098c6d
 CVE-2017-20189,0,0,ade6bda6eb375aea7e40860fb59e445e1362eb93fcbec7e5bd5fe9f30b51df83,2024-01-30T23:01:53.763000
 CVE-2017-2019,0,0,dc04a8afedb59054a87aa83702e5d1a9be8b97c84d93317a02ad5a89cce57517,2023-11-07T02:43:30.710000
 CVE-2017-20190,0,0,d6a3439746c47f94d7e43a0126133d2071cc2ffe6abcadac181840167202087c,2024-03-27T12:29:30.307000
-CVE-2017-20191,1,1,e9d05a7fefefdbcd53ce8248a6151cd1c54ec2d5cbeb7bfef833634083a7a74d,2024-03-31T09:15:10.280000
+CVE-2017-20191,0,0,e9d05a7fefefdbcd53ce8248a6151cd1c54ec2d5cbeb7bfef833634083a7a74d,2024-03-31T09:15:10.280000
 CVE-2017-2020,0,0,1de7d9952d4ce4a083b4f5b601557cf3eac5817062c0e0c3221158b7e3633c59,2023-11-07T02:43:30.943000
 CVE-2017-2021,0,0,5561d4e26eee42c3b8d9e152476dd3066bfe2b5d26fe21ef1984c0688825c48d,2023-11-07T02:43:31.170000
 CVE-2017-2022,0,0,ffe952c9e7c702bef66315b1f42a683ab9282273d19789f2033671a028ec813d,2023-11-07T02:43:31.413000
@@ -159243,7 +159243,7 @@ CVE-2020-3682,0,0,24a4348c2423fb50a4d883ab97a98087dac9114a52e3cd5f84438c3d7a885f
 CVE-2020-36825,0,0,beef296e9ca6b0a047894781107bf88f271e5c62478ba60a13bb1190d2c6f4ab,2024-03-25T01:51:01.223000
 CVE-2020-36826,0,0,ef70df6b5da2390ae0accb834fbfb35959fe5003ceb1c6011a48c2abad7d583d,2024-03-25T13:47:14.087000
 CVE-2020-36827,0,0,a6db9cbeae6630d393296ca1c94bea7d65002751fb1c23ce04ca6f82ec820e80,2024-03-25T01:51:01.223000
-CVE-2020-36828,1,1,0760ca079b3d10ce081faf566c3a60c26e1823dfa9ad6d8bb69d77855530c16d,2024-03-31T09:15:10.730000
+CVE-2020-36828,0,0,0760ca079b3d10ce081faf566c3a60c26e1823dfa9ad6d8bb69d77855530c16d,2024-03-31T09:15:10.730000
 CVE-2020-3684,0,0,931f112566786124f7d6fcb2bd46c9dcab315dc8e46c2a552446825ac25c83c4,2020-11-06T16:29:14.480000
 CVE-2020-3685,0,0,d53e7f1d143037625a0e7accdd772a2ca67acd945a19ee6a44795cb898b977ad,2021-01-29T23:46:03.037000
 CVE-2020-3686,0,0,2751b7fc7694785f090b1a831e3239e3ac41b203ebf4010fe60035bec637d53b,2021-01-30T00:10:19.887000
@@ -235013,6 +235013,7 @@ CVE-2023-50305,0,0,52af726547eaa95f1201f2c6f25887776aab26306ea8ffca4b6104efe8e47
 CVE-2023-50306,0,0,b7ddc06b3066ca347c84251d1caa127c00e942b8fec6ff8cba9ebf76cc4bab75,2024-02-20T19:50:53.960000
 CVE-2023-50308,0,0,4c428dc4aa8f2a5b0595b4c0d28f670c006a7eb1ab0b493ed318005adf3984fc,2024-03-07T17:15:11.473000
 CVE-2023-5031,0,0,c4c820f8faf5dd1473a354ddce4f233db0347c04137a5024c560a9cf89cf42f6,2024-03-21T02:50:08.083000
+CVE-2023-50311,1,1,edd3bb1564bc9411c71d1c8c217568371603befa46b65936359933c9c396e69a,2024-03-31T12:15:49.340000
 CVE-2023-50312,0,0,6148af5f69534aed77dae184fe2b672b68a4148611b3e761eddeb346c4e8ac63,2024-03-01T14:04:26.010000
 CVE-2023-5032,0,0,5a79a43feec1b10179ace323daaa9fec114a614dc3bf7faa317dd3f1e5edb419,2024-03-21T02:50:08.167000
 CVE-2023-50324,0,0,cc0221acaafa968ac132d85e25d9b8e598f80dbac724406dbac7c798123ec049,2024-03-01T14:04:26.010000
@@ -235330,6 +235331,7 @@ CVE-2023-50950,0,0,dfea2c60bf930725232ee8dec76ee1dc7db647db5a23e4d3c95d00ce14c24
 CVE-2023-50951,0,0,ac9a2ba6b69cc6219b314f88f75f8d16d80977a7838c8861bc4cc4a5a90b32d2,2024-02-20T19:50:53.960000
 CVE-2023-50955,0,0,2dac25424bb634048955c93e845cd595a5737c34f7a73119031e8a018fd0e20a,2024-02-22T19:07:27.197000
 CVE-2023-50957,0,0,a38d290def706a6975d8b2902c3d1f58a6074172158e1685b40a6a512f9caf13,2024-02-15T04:37:53.297000
+CVE-2023-50959,1,1,166709d390eea2a70b9da0dbee8c97060f8859ce51f2ae6269d33fb70daa4e74,2024-03-31T12:15:50.130000
 CVE-2023-5096,0,0,1b0896fcd5a16a2bfc5ce288684748ddee835572b804e4af539b42517b79d371,2023-11-27T22:10:14.173000
 CVE-2023-50961,0,0,a9d9b75e02dfcfb3f65c9ff56b43527d188f145358242dce35d298fb3c8bb736,2024-03-27T15:49:51.300000
 CVE-2023-50962,0,0,365daa63183eee3bc8e35da897e2163d0fc458ef66adb39b8eb249f4c8a968ff,2024-02-12T14:31:36.920000
@@ -240309,6 +240311,7 @@ CVE-2024-22336,0,0,92b17f3ddf77b7c8a53a41f903603d0d36207de06fae8bd71fc2469777bc3
 CVE-2024-22337,0,0,9a674fac9bc4716d61a028d3be9473027552f3c1c11335efca4b4ddefd1e14f0,2024-02-20T19:50:53.960000
 CVE-2024-22346,0,0,638ee4e9687c7c28032b432c317662713c057110b08b4b27024e81eb8453bf9e,2024-03-19T16:50:10.570000
 CVE-2024-22352,0,0,52b9cf66a5f4972c051208c662d7f56e462da827c07f4b0e55a14efcee339e76,2024-03-21T12:58:51.093000
+CVE-2024-22353,1,1,65749b626d3ae4ed12c691cfa2a61de0e58da4d78aca89dcf8cdd5debbf66af4,2024-03-31T12:15:50.430000
 CVE-2024-22355,0,0,90575169d286b28c7ce02c7d947a264d77a6f25776530138b50b2f2dbc394220,2024-03-04T13:58:23.447000
 CVE-2024-22356,0,0,bcc46874c9752933a72230517b74ad7a7a0d54dc67e233e91127533dfceeba1c,2024-03-26T17:09:53.043000
 CVE-2024-2236,0,0,17401211af38608097c003c3b08d6e3d90e3570b70699d89a2e396d5b72c602a,2024-03-07T13:52:27.110000
@@ -241470,6 +241473,7 @@ CVE-2024-25004,0,0,7a3e97355ce2dbcf95cced55d21b2139e157cf3c2ca72e6e2fce6c561e1f0
 CVE-2024-25006,0,0,c414b5ce0a5aca9d12e72e07e5e6c8a1c9166fcb862e4319cd46e89cdea2dabd,2024-02-29T13:49:29.390000
 CVE-2024-25016,0,0,b2e53a7c89b3634211a0ab97be429b79a4ba549d8d66332fe5eecf2928e6745c,2024-03-04T13:58:23.447000
 CVE-2024-25021,0,0,62a0335232b74d01ee7f015949b10a01e944590aa7448fb13b5616593f03b63e,2024-02-22T19:07:27.197000
+CVE-2024-25027,1,1,2ed4ef27c601d2ae744801a6e1959ae9f21e5e592c05b7842356e468dd978565,2024-03-31T12:15:50.637000
 CVE-2024-25062,0,0,9596ed5cf07a8bc8469d4afc28fc727a431af7cff3b6b8e84435c301d9955756,2024-02-13T00:40:40.503000
 CVE-2024-25063,0,0,8296c4ac18003d6d927b0c45a19a753add4384ce34fc59926d1f36a726ce4dbf,2024-03-04T22:45:02.117000
 CVE-2024-25064,0,0,e90e896eb449d7ccff000c59a6c6d8569d7a679ad8db09883eafe6b89f6c07ea,2024-03-04T22:43:15.337000