mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
92 lines
2.7 KiB
JSON
92 lines
2.7 KiB
JSON
{
|
|
"id": "CVE-2015-1979",
|
|
"sourceIdentifier": "psirt@us.ibm.com",
|
|
"published": "2015-07-20T01:59:08.003",
|
|
"lastModified": "2016-11-30T03:00:32.827",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Error dialog in IBM Case Manager 5.2.1 before 5.2.1.2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to the (1) addressability or (2) comments component."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el Error dialog en IBM Case Manager 5.2.1 anterior a 5.2.1.2 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s de una entrada manipulada en el (1) direccionamiento o (2) en los comentarios del componente."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 3.5
|
|
},
|
|
"baseSeverity": "LOW",
|
|
"exploitabilityScore": 6.8,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:case_manager:5.2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EEA085E9-2791-4070-8E78-768802610EE5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:case_manager:5.2.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "019EA6F7-E6AD-491D-BB80-25C8896E6F60"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959695",
|
|
"source": "psirt@us.ibm.com",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/75538",
|
|
"source": "psirt@us.ibm.com"
|
|
}
|
|
]
|
|
} |