Vulnerabilites related to ibm - websphere_enterprise_service_bus
cve-2014-6176
Vulnerability from cvelistv5
Published
2014-12-16 23:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21690780 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1031383 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1031382 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1JR51593 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98488 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690780"
},
{
"name": "1031383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031383"
},
{
"name": "1031382",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031382"
},
{
"name": "JR51593",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51593"
},
{
"name": "ibm-websphere-cve20146176-weak-security(98488)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690780"
},
{
"name": "1031383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031383"
},
{
"name": "1031382",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031382"
},
{
"name": "JR51593",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51593"
},
{
"name": "ibm-websphere-cve20146176-weak-security(98488)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21690780",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690780"
},
{
"name": "1031383",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031383"
},
{
"name": "1031382",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031382"
},
{
"name": "JR51593",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51593"
},
{
"name": "ibm-websphere-cve20146176-weak-security(98488)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6176",
"datePublished": "2014-12-16T23:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1384
Vulnerability from cvelistv5
Published
2018-03-30 16:00
Modified
2024-09-16 21:07
Severity ?
EPSS score ?
Summary
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22012604 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040624 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/138135 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/103681 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Business Process Manager |
Version: 8.6 Version: 8.6.0.CF201712 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012604"
},
{
"name": "1040624",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040624"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138135"
},
{
"name": "103681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103681"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Business Process Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.6"
},
{
"status": "affected",
"version": "8.6.0.CF201712"
}
]
}
],
"datePublic": "2018-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-07T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012604"
},
{
"name": "1040624",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040624"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138135"
},
{
"name": "103681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103681"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-03-24T00:00:00",
"ID": "CVE-2018-1384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Business Process Manager",
"version": {
"version_data": [
{
"version_value": "8.6"
},
{
"version_value": "8.6.0.CF201712"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012604",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012604"
},
{
"name": "1040624",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040624"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138135",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138135"
},
{
"name": "103681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103681"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1384",
"datePublished": "2018-03-30T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T21:07:34.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1885
Vulnerability from cvelistv5
Published
2019-04-08 14:50
Modified
2024-09-17 00:25
Severity ?
EPSS score ?
Summary
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10878106 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/152020 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/107863 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Business Automation Workflow |
Version: 18.0.0.0 Version: 18.0.0.1 Version: 18.0.0.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10878106"
},
{
"name": "ibm-business-cve20181885-info-disc (152020)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152020"
},
{
"name": "107863",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107863"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "18.0.0.0"
},
{
"status": "affected",
"version": "18.0.0.1"
},
{
"status": "affected",
"version": "18.0.0.2"
}
]
}
],
"datePublic": "2019-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/C:L/PR:N/A:N/I:N/AV:N/S:U/UI:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-11T11:06:03",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10878106"
},
{
"name": "ibm-business-cve20181885-info-disc (152020)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152020"
},
{
"name": "107863",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107863"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-04-04T00:00:00",
"ID": "CVE-2018-1885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Business Automation Workflow",
"version": {
"version_data": [
{
"version_value": "18.0.0.0"
},
{
"version_value": "18.0.0.1"
},
{
"version_value": "18.0.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10878106",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 878106 (Business Automation Workflow)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10878106"
},
{
"name": "ibm-business-cve20181885-info-disc (152020)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152020"
},
{
"name": "107863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107863"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1885",
"datePublished": "2019-04-08T14:50:37.845952Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T00:25:32.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-04-08 15:29
Modified
2024-11-21 04:00
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/107863 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/152020 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10878106 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107863 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/152020 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10878106 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | business_automation_workflow | 18.0.0.0 | |
| ibm | business_automation_workflow | 18.0.0.1 | |
| ibm | business_automation_workflow | 18.0.0.2 | |
| ibm | business_process_manager | * | |
| ibm | business_process_manager | * | |
| ibm | business_process_manager | * | |
| ibm | business_process_manager | 8.5.5.0 | |
| ibm | business_process_manager | 8.5.6.0 | |
| ibm | business_process_manager | 8.5.6.0 | |
| ibm | business_process_manager | 8.5.6.0 | |
| ibm | business_process_manager | 8.5.7.0 | |
| ibm | business_process_manager | 8.5.7.0 | |
| ibm | business_process_manager | 8.6.0.0 | |
| ibm | business_process_manager | 8.6.0.0 | |
| ibm | business_process_manager_enterprise_service_bus | 8.6 | |
| ibm | websphere_enterprise_service_bus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:18.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D36993-75D4-4EDE-8748-A3FDE4C69DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:18.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10B802CE-F898-4B60-9E2C-4D271F9211C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:18.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FBD82AD2-FE98-4716-A60A-50554620A509",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2DFAA5-B9A9-42D3-81FA-0815AD7BEE1E",
"versionEndIncluding": "7.5.1.2",
"versionStartIncluding": "7.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F25B9A-6BC9-474D-9EFD-80955C972F58",
"versionEndIncluding": "8.0.1.3",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC98B343-9E03-4056-8EB0-899B7A80CC88",
"versionEndIncluding": "8.5.0.2",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7021B830-3EE4-446D-8D87-BBD2097A023E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED3C32B-7397-434D-B084-E92C7C6E2FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.0:cf1:*:*:*:*:*:*",
"matchCriteriaId": "6131DC1F-CBA6-4025-B5A5-98307274FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.0:cf2:*:*:*:*:*:*",
"matchCriteriaId": "439A4F14-76E6-4A21-A23C-D3DA243585A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E245DD24-5C1E-4CF0-993D-0D79A5152594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf2017.06:*:*:*:*:*:*",
"matchCriteriaId": "4B1024F5-71EE-4484-8F78-525EE9FF2CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "324A0484-C50D-4400-B6FD-23D793F032AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.6.0.0:cf2018.03:*:*:*:*:*:*",
"matchCriteriaId": "8777DECA-6331-49BC-A579-252B079615EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager_enterprise_service_bus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B4BF5A7-0250-415E-94C8-E440E58CB366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E50000-A948-4D59-A3AB-04F22AD29DB5",
"versionEndIncluding": "7.5.1.2",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020."
},
{
"lang": "es",
"value": "IBM Business Automation Workflow en sus versiones 18.0.0.0.0, 18.0.0.1 y 18.0.0.0.2 podr\u00eda permitir a un atacante no autenticado obtener informaci\u00f3n sensible, utilizando una petici\u00f3n HTTP especialmente comprimida. IBM X-Force ID: 152020."
}
],
"id": "CVE-2018-1885",
"lastModified": "2024-11-21T04:00:32.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-08T15:29:00.700",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107863"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152020"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10878106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10878106"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-30 16:29
Modified
2024-11-21 03:59
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012604 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/103681 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1040624 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/138135 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012604 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103681 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040624 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/138135 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "91BDDE54-95C6-4E95-9427-D83E61355E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "8057C7D0-978D-490B-BE80-597A2CB27A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "3DEBE193-CDE1-406C-9042-4085AA0EED8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "EF781F2F-05FB-4DBD-8BC1-98A630CD375A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:advanced:*:*:*",
"matchCriteriaId": "0F1442C9-ED96-40C5-BE20-987C928BAD9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "E71AC948-9F71-403E-8035-172D5F667B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "E77872E9-D66C-47FF-AA1D-7764D65997A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "7B3D03C8-B7F4-43AF-9270-555507AAC527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:*",
"matchCriteriaId": "E69BBEFA-B321-4085-AEA1-BAE2B0B54524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:*",
"matchCriteriaId": "BE4F0900-83C3-4228-9F3B-2664C1C816F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "9942841D-3E36-4159-AA5A-B534CB701B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "7A1FCB4E-DC46-4780-9017-1E8E789E785F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:advanced:*:*:*",
"matchCriteriaId": "19B921EC-DE16-4A2B-BB29-B02A9B416470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "00DC7609-2519-4DB5-AA5E-A1CFCE0DA5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "66A4A455-A75B-4363-AC6D-DAD50287EB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "240E404A-0420-4731-8DFE-076746B14807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:advanced:*:*:*",
"matchCriteriaId": "66327978-D257-4ADE-8AEA-22547B0E4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "8F88ED9A-7D7F-4C1F-87AA-555C941DE583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201606:*:*:advanced:*:*:*",
"matchCriteriaId": "E5105E85-7A37-4A2D-9C56-955B7A414560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201609:*:*:advanced:*:*:*",
"matchCriteriaId": "F2D29466-67FB-4096-9F5C-1CE4C6E9388F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201612:*:*:advanced:*:*:*",
"matchCriteriaId": "33424F24-7A35-489A-B1B8-BEEBC165CDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201703:*:*:advanced:*:*:*",
"matchCriteriaId": "A9BD1DCB-5A74-4131-818F-62B6D6350D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201706:*:*:advanced:*:*:*",
"matchCriteriaId": "B6807E40-534F-475E-89CA-9D8D84E501C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30F4C3D8-D127-4C97-8837-ACB1FA2AC600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.0:*:*:*:registry:*:*:*",
"matchCriteriaId": "D791CC09-7B93-4C03-8CAC-1CCBFDEE411B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96EF038F-B61D-4457-A4F5-D28B25CD789E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.1:*:*:*:registry:*:*:*",
"matchCriteriaId": "A4D3CB63-ED2B-40C5-865F-20F106CAB338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A859CE4E-4D03-46AF-BDAD-5724D794D8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.2:*:*:*:registry:*:*:*",
"matchCriteriaId": "B62C841B-5684-405E-AEA1-FA31BC163AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC509CE-026D-480B-8642-F01230B29D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.3:*:*:*:registry:*:*:*",
"matchCriteriaId": "5DA247C2-A301-4436-BBB0-0F262A1D4755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "383B2DD8-EAE0-4B87-AFDE-06725E0B597A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.4:*:*:*:registry:*:*:*",
"matchCriteriaId": "50CABC1F-B01F-4AAF-A53A-2D326E4877F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42BEFE4F-A1AB-4687-AC0E-25D211F7DDEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.5:*:*:*:registry:*:*:*",
"matchCriteriaId": "1A06D42D-8310-493C-811A-D6129459C636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53D6B550-D36A-4D7A-BB32-90FDE51B715B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.0:*:*:*:registry:*:*:*",
"matchCriteriaId": "2405A890-14B6-4C4C-AB6A-761B3E5A5DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "317ECC62-26CD-4BB9-ADF2-5FE34C29B402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.1:*:*:*:registry:*:*:*",
"matchCriteriaId": "5AC5FF0C-F31C-4CFD-9BCF-12CDAF2E6B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14114411-E698-4CAC-81AC-4C1C1BA5B325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.0:*:*:*:registry:*:*:*",
"matchCriteriaId": "703DAE30-BE7D-450F-96FD-714834BD839C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6495401F-9B68-4416-A908-746DAA9E2A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.1:*:*:*:registry:*:*:*",
"matchCriteriaId": "BEAFB6E4-2BD6-44D9-B951-4CFD6224CF67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5BC6FF2F-8095-446D-8445-DD28C6C5158C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.2:*:*:*:registry:*:*:*",
"matchCriteriaId": "190CDCBB-87F5-4F1A-B744-49E4C01470F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_process_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "116EA95E-3845-4045-9E9D-F370D6D48A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_process_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278C0A9-D694-4E1A-8C58-E22995B346B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_process_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "98B87B46-4C5C-4894-A840-D5354E0519B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_process_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "18B56787-8A91-46DD-ACAB-59C8439A2815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_process_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68E45D5B-C0AE-41CB-BF07-B4692F0062D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_process_server:7.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF76BE59-BBBD-42D9-96EA-5974CC489F8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_process_manager_enterprise_service_bus:8.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3FE592-6983-4C3C-8552-B38735CB2D25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:express:*:*:*",
"matchCriteriaId": "A7B3E6D1-ADB3-4709-9E02-779EAA7A05E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:express:*:*:*",
"matchCriteriaId": "16617000-4388-43EF-AE14-8C108068155F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:express:*:*:*",
"matchCriteriaId": "05B6C389-9332-4C33-A3AD-270A54AC564E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:express:*:*:*",
"matchCriteriaId": "17E42B0A-0947-4799-993F-CBF8A84EBD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:express:*:*:*",
"matchCriteriaId": "50B6287C-5A45-46B7-A685-93D1CBA0CC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:express:*:*:*",
"matchCriteriaId": "FE68791B-B7AE-4715-810E-0C278E5C363F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:express:*:*:*",
"matchCriteriaId": "00CC8270-5ABE-428C-9090-16EC8298E50C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:express:*:*:*",
"matchCriteriaId": "A05F59A1-3063-45ED-B1E8-AABC4FC0A807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:express:*:*:*",
"matchCriteriaId": "60F679C8-74FB-40F5-A5B8-FBD6BF424379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:express:*:*:*",
"matchCriteriaId": "0DDE4CB3-1162-4A51-8EBA-2A25E8B6898B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:express:*:*:*",
"matchCriteriaId": "8FE10C1D-2077-435A-8C14-2746A685681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:express:*:*:*",
"matchCriteriaId": "EE43BACD-D187-49C9-85D1-51E3F71D2274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:express:*:*:*",
"matchCriteriaId": "8578A0D7-3330-4F79-A934-4940673383A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:express:*:*:*",
"matchCriteriaId": "80D84C06-5E93-4DA4-A333-D3CECB7D74E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:express:*:*:*",
"matchCriteriaId": "D06A925E-C739-48A9-B211-36DE458A7898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:express:*:*:*",
"matchCriteriaId": "28D39434-BC55-40CC-B02C-68C272C67013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:express:*:*:*",
"matchCriteriaId": "ADE7414F-BF17-4415-95C3-FDBC2BC5C7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:express:*:*:*",
"matchCriteriaId": "8736CAA3-7C69-4F8D-936B-2B7B3B5DEED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201606:*:*:express:*:*:*",
"matchCriteriaId": "54C2CBF0-838B-4F7F-9E63-25053EC6D2E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201609:*:*:express:*:*:*",
"matchCriteriaId": "0D6B3497-1C02-43C0-8B73-9289F7FC00A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201612:*:*:express:*:*:*",
"matchCriteriaId": "7B136A70-552E-4545-853A-BAFD0919D52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201703:*:*:express:*:*:*",
"matchCriteriaId": "94F5B156-9994-4A1A-A552-FA4108908883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201706:*:*:express:*:*:*",
"matchCriteriaId": "BD42A0F7-540B-4673-AD8C-373A424A27B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.6.0.0:*:*:*:express:*:*:*",
"matchCriteriaId": "542E8F0D-8326-48E1-9D72-C61EF104573D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.6.0.0:cf201712:*:*:express:*:*:*",
"matchCriteriaId": "837E1B12-4B58-46E6-910F-7BAC4FB47216",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "1D338AF3-8FE6-4E51-B961-344E157EECFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:standard:*:*:*",
"matchCriteriaId": "E4B6A964-F948-4FAA-A6C7-41641AF12504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "07630F25-A03C-401D-A16A-51B63014C963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:standard:*:*:*",
"matchCriteriaId": "E95968B6-FF99-4234-9EC7-6EAA9C7DA753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:standard:*:*:*",
"matchCriteriaId": "3693DBD8-F30F-44D0-A154-4C268120D7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "37281A0A-3BE1-4B22-840F-65CA7B8AB360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "446C4FEE-DDB7-41C5-BC9B-7E6B08B074BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:standard:*:*:*",
"matchCriteriaId": "3FC25EB0-CA22-4176-8752-8BD26B111F2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:standard:*:*:*",
"matchCriteriaId": "7C097D2E-5BB7-4979-A755-E928094A92C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:standard:*:*:*",
"matchCriteriaId": "021FABA7-6B97-4511-8E07-B7A34A387493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "F6E31F25-6E71-4A5C-A940-0A935AF19035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:standard:*:*:*",
"matchCriteriaId": "F646DABB-4C10-4308-8169-EC42C358CF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:standard:*:*:*",
"matchCriteriaId": "CC44A2D4-F3D3-4D98-8FDC-8274E1725800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "DF7E8429-8750-4D3C-90E1-829031C7C306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "12DA4BA4-D130-48C2-BCD0-8D76E0BADDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:standard:*:*:*",
"matchCriteriaId": "570E9DFF-F991-4D14-87F4-F7FE9554E58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:standard:*:*:*",
"matchCriteriaId": "E590C058-EC80-48FB-87C7-3F84E2BC07E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "CD9103EF-29E7-48E6-ADF4-66D74C3FF427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201606:*:*:standard:*:*:*",
"matchCriteriaId": "A30BF550-893B-4F5D-B128-157655B6F8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201609:*:*:standard:*:*:*",
"matchCriteriaId": "82E8F8FF-7C1E-4684-B479-BB3F8EA13B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201612:*:*:standard:*:*:*",
"matchCriteriaId": "25AFA35A-B7BC-430C-8AF9-73653E6D36B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201703:*:*:standard:*:*:*",
"matchCriteriaId": "6E9348B4-025E-4A86-A3B5-616840F28B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201706:*:*:standard:*:*:*",
"matchCriteriaId": "1B8D6782-F9D8-4B89-8C1D-9BB8992BD89F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135."
},
{
"lang": "es",
"value": "IBM Business Process Manager 8.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 138135."
}
],
"id": "CVE-2018-1384",
"lastModified": "2024-11-21T03:59:43.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-30T16:29:00.420",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012604"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103681"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040624"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138135"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-16 23:59
Modified
2024-11-21 02:13
Severity ?
Summary
IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | business_process_manager | 7.5.0.0 | |
| ibm | business_process_manager | 7.5.0.1 | |
| ibm | business_process_manager | 7.5.1.0 | |
| ibm | business_process_manager | 7.5.1.1 | |
| ibm | business_process_manager | 8.0.0.0 | |
| ibm | business_process_manager | 8.0.1.0 | |
| ibm | business_process_manager | 8.0.1.1 | |
| ibm | business_process_manager | 8.0.1.2 | |
| ibm | business_process_manager | 8.0.1.3 | |
| ibm | business_process_manager | 8.5.0.0 | |
| ibm | business_process_manager | 8.5.0.1 | |
| ibm | business_process_manager | 8.5.5.0 | |
| ibm | websphere_enterprise_service_bus | 7.0 | |
| ibm | websphere_process_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "91BDDE54-95C6-4E95-9427-D83E61355E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "8057C7D0-978D-490B-BE80-597A2CB27A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "3DEBE193-CDE1-406C-9042-4085AA0EED8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "EF781F2F-05FB-4DBD-8BC1-98A630CD375A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "E71AC948-9F71-403E-8035-172D5F667B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "E77872E9-D66C-47FF-AA1D-7764D65997A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "7B3D03C8-B7F4-43AF-9270-555507AAC527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:*",
"matchCriteriaId": "E69BBEFA-B321-4085-AEA1-BAE2B0B54524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:*",
"matchCriteriaId": "BE4F0900-83C3-4228-9F3B-2664C1C816F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "9942841D-3E36-4159-AA5A-B534CB701B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "7A1FCB4E-DC46-4780-9017-1E8E789E785F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "00DC7609-2519-4DB5-AA5E-A1CFCE0DA5A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA9BE19-6F37-4892-A504-EEA2F1A9EFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_process_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "116EA95E-3845-4045-9E9D-F370D6D48A5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher."
},
{
"lang": "es",
"value": "IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, y Business Process Manager Advanced 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, y 8.5.x hasta 8.5.5 desatienden la configuraci\u00f3n SSL setting en el enlace de importaci\u00f3n de HTTP del m\u00f3dulo SCA y seleccionan incondicionalmente el protocolo SSLv3, lo que facilita a atacantes remotos secuestrar sesiones o obtener informaci\u00f3n sensible a trav\u00e9s del aprovechamiento del uso de un cifrado d\u00e9bil."
}
],
"id": "CVE-2014-6176",
"lastModified": "2024-11-21T02:13:54.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-16T23:59:02.463",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51593"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690780"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1031382"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1031383"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98488"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}