Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2023-1599
Vulnerability from csaf_certbund
Published
2021-01-13 23:00
Modified
2023-06-29 22:00
Summary
IBM Security Guardium: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Security Guardium ist eine Lösung für die Überwachung und Auditierung des Datenzugriffs.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Security Guardium ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM Security Guardium ist eine L\u00f6sung f\u00fcr die \u00dcberwachung und Auditierung des Datenzugriffs.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Security Guardium ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1599 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-1599.json" }, { "category": "self", "summary": "WID-SEC-2023-1599 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1599" }, { "category": "external", "summary": "IBM Security Bulletin 7008449 vom 2023-06-29", "url": "https://www.ibm.com/support/pages/node/7008449" }, { "category": "external", "summary": "IBM Security Bulletin: 6403463 vom 2021-01-13", "url": "https://www.ibm.com/support/pages/node/6403463" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:0521 vom 2021-02-15", "url": "https://access.redhat.com/errata/RHSA-2021:0521" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:0548 vom 2021-02-16", "url": "https://access.redhat.com/errata/RHSA-2021:0548" }, { "category": "external", "summary": "Ubuntu Security Notice USN-4758-1 vom 2021-03-09", "url": "https://ubuntu.com/security/notices/USN-4758-1" } ], "source_lang": "en-US", "title": "IBM Security Guardium: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-06-29T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:33:43.193+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-1599", "initial_release_date": "2021-01-13T23:00:00.000+00:00", "revision_history": [ { "date": "2021-01-13T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2021-02-15T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-02-16T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-03-08T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2023-06-29T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von IBM aufgenommen" } ], "status": "final", "version": "5" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "IBM DB2", "product": { "name": "IBM DB2", "product_id": "5104", "product_identification_helper": { "cpe": "cpe:/a:ibm:db2:-" } } }, { "category": "product_name", "name": "IBM Security Guardium Insights 2.0.2", "product": { "name": "IBM Security Guardium Insights 2.0.2", "product_id": "316562", "product_identification_helper": { "cpe": "cpe:/a:ibm:security_guardium:10.0" } } } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-14039", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen." } ], "product_status": { "known_affected": [ "67646", "T000126", "5104", "316562" ] }, "release_date": "2021-01-13T23:00:00Z", "title": "CVE-2020-14039" }, { "cve": "CVE-2020-14145", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen." } ], "product_status": { "known_affected": [ "67646", "T000126", "5104", "316562" ] }, "release_date": "2021-01-13T23:00:00Z", "title": "CVE-2020-14145" }, { "cve": "CVE-2020-15168", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen." } ], "product_status": { "known_affected": [ "67646", "T000126", "5104", "316562" ] }, "release_date": "2021-01-13T23:00:00Z", "title": "CVE-2020-15168" }, { "cve": "CVE-2020-15586", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen." } ], "product_status": { "known_affected": [ "67646", "T000126", "5104", "316562" ] }, "release_date": "2021-01-13T23:00:00Z", "title": "CVE-2020-15586" }, { "cve": "CVE-2020-15778", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen." } ], "product_status": { "known_affected": [ "67646", "T000126", "5104", "316562" ] }, "release_date": "2021-01-13T23:00:00Z", "title": "CVE-2020-15778" }, { "cve": "CVE-2020-16845", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen." } ], "product_status": { "known_affected": [ "67646", "T000126", "5104", "316562" ] }, "release_date": "2021-01-13T23:00:00Z", "title": "CVE-2020-16845" }, { "cve": "CVE-2020-24553", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen." } ], "product_status": { "known_affected": [ "67646", "T000126", "5104", "316562" ] }, "release_date": "2021-01-13T23:00:00Z", "title": "CVE-2020-24553" }, { "cve": "CVE-2020-4166", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen." } ], "product_status": { "known_affected": [ "67646", "T000126", "5104", "316562" ] }, "release_date": "2021-01-13T23:00:00Z", "title": "CVE-2020-4166" }, { "cve": "CVE-2020-4594", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen." } ], "product_status": { "known_affected": [ "67646", "T000126", "5104", "316562" ] }, "release_date": "2021-01-13T23:00:00Z", "title": "CVE-2020-4594" }, { "cve": "CVE-2020-4595", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen." } ], "product_status": { "known_affected": [ "67646", "T000126", "5104", "316562" ] }, "release_date": "2021-01-13T23:00:00Z", "title": "CVE-2020-4595" }, { "cve": "CVE-2020-4596", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen." } ], "product_status": { "known_affected": [ "67646", "T000126", "5104", "316562" ] }, "release_date": "2021-01-13T23:00:00Z", "title": "CVE-2020-4596" }, { "cve": "CVE-2020-4597", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen." } ], "product_status": { "known_affected": [ "67646", "T000126", "5104", "316562" ] }, "release_date": "2021-01-13T23:00:00Z", "title": "CVE-2020-4597" }, { "cve": "CVE-2020-4599", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen." } ], "product_status": { "known_affected": [ "67646", "T000126", "5104", "316562" ] }, "release_date": "2021-01-13T23:00:00Z", "title": "CVE-2020-4599" }, { "cve": "CVE-2020-4600", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen." } ], "product_status": { "known_affected": [ "67646", "T000126", "5104", "316562" ] }, "release_date": "2021-01-13T23:00:00Z", "title": "CVE-2020-4600" }, { "cve": "CVE-2020-4602", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen." } ], "product_status": { "known_affected": [ "67646", "T000126", "5104", "316562" ] }, "release_date": "2021-01-13T23:00:00Z", "title": "CVE-2020-4602" }, { "cve": "CVE-2020-4604", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen." } ], "product_status": { "known_affected": [ "67646", "T000126", "5104", "316562" ] }, "release_date": "2021-01-13T23:00:00Z", "title": "CVE-2020-4604" }, { "cve": "CVE-2020-7608", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen." } ], "product_status": { "known_affected": [ "67646", "T000126", "5104", "316562" ] }, "release_date": "2021-01-13T23:00:00Z", "title": "CVE-2020-7608" }, { "cve": "CVE-2020-8244", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen." } ], "product_status": { "known_affected": [ "67646", "T000126", "5104", "316562" ] }, "release_date": "2021-01-13T23:00:00Z", "title": "CVE-2020-8244" } ] }
cve-2020-7608
Vulnerability from cvelistv5
Published
2020-03-16 19:49
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.
References
▼ | URL | Tags |
---|---|---|
https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | yargs-parser |
Version: All versions prior to version 18.1.1 and patches at 13.1.2 and 15.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:33:19.972Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "yargs-parser", "vendor": "n/a", "versions": [ { "status": "affected", "version": "All versions prior to version 18.1.1 and patches at 13.1.2 and 15.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "yargs-parser could be tricked into adding or modifying properties of Object.prototype using a \"__proto__\" payload." } ], "problemTypes": [ { "descriptions": [ { "description": "Prototype Pollution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-16T19:49:49", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "report@snyk.io", "ID": "CVE-2020-7608", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "yargs-parser", "version": { "version_data": [ { "version_value": "All versions prior to version 18.1.1 and patches at 13.1.2 and 15.0.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "yargs-parser could be tricked into adding or modifying properties of Object.prototype using a \"__proto__\" payload." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Prototype Pollution" } ] } ] }, "references": { "reference_data": [ { "name": "https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381" } ] } } } }, "cveMetadata": { "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-7608", "datePublished": "2020-03-16T19:49:49", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:33:19.972Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4597
Vulnerability from cvelistv5
Published
2021-01-13 18:10
Modified
2024-09-16 19:14
Severity ?
EPSS score ?
Summary
IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 184822.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6403463 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/184822 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Security Guardium Insights |
Version: 2.0.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:49.034Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204597-info-disc (184822)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184822" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Guardium Insights", "vendor": "IBM", "versions": [ { "status": "affected", "version": "2.0.2" } ] } ], "datePublic": "2021-01-12T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 184822." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AC:L/A:N/AV:N/C:L/S:U/I:N/UI:R/PR:N/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-13T18:10:29", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204597-info-disc (184822)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184822" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-12T00:00:00", "ID": "CVE-2020-4597", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Guardium Insights", "version": { "version_data": [ { "version_value": "2.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 184822." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "N", "S": "U", "UI": "R" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6403463", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6403463 (Security Guardium Insights)", "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204597-info-disc (184822)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184822" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4597", "datePublished": "2021-01-13T18:10:30.002368Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T19:14:48.215Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4596
Vulnerability from cvelistv5
Published
2021-01-13 18:10
Modified
2024-09-17 02:17
Severity ?
EPSS score ?
Summary
IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184812.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6403463 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/184821 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Security Guardium Insights |
Version: 2.0.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:49.018Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204596-info-disc (184821)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184821" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Guardium Insights", "vendor": "IBM", "versions": [ { "status": "affected", "version": "2.0.2" } ] } ], "datePublic": "2021-01-12T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184812." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/I:N/UI:N/A:N/AC:H/AV:N/C:H/PR:N/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-13T18:10:29", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204596-info-disc (184821)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184821" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-12T00:00:00", "ID": "CVE-2020-4596", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Guardium Insights", "version": { "version_data": [ { "version_value": "2.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184812." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "N", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6403463", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6403463 (Security Guardium Insights)", "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204596-info-disc (184821)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184821" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4596", "datePublished": "2021-01-13T18:10:29.354245Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T02:17:00.892Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-15168
Vulnerability from cvelistv5
Published
2020-09-10 18:25
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.
References
▼ | URL | Tags |
---|---|---|
https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r | x_refsource_CONFIRM | |
https://www.npmjs.com/package/node-fetch | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | node-fetch | node-fetch |
Version: <2.6.1 Version: >3.0.0-beta.1, <3.0.0-beta.9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T13:08:22.463Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.npmjs.com/package/node-fetch" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "node-fetch", "vendor": "node-fetch", "versions": [ { "status": "affected", "version": "\u003c2.6.1" }, { "status": "affected", "version": "\u003e3.0.0-beta.1, \u003c3.0.0-beta.9" } ] } ], "descriptions": [ { "lang": "en", "value": "node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don\u0027t double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-10T18:25:13", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.npmjs.com/package/node-fetch" } ], "source": { "advisory": "GHSA-w7rc-rwvf-8q5r", "discovery": "UNKNOWN" }, "title": "File size limit bypass in node-fetch", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15168", "STATE": "PUBLIC", "TITLE": "File size limit bypass in node-fetch" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "node-fetch", "version": { "version_data": [ { "version_value": "\u003c2.6.1" }, { "version_value": "\u003e3.0.0-beta.1, \u003c3.0.0-beta.9" } ] } } ] }, "vendor_name": "node-fetch" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don\u0027t double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20: Improper Input Validation" } ] }, { "description": [ { "lang": "eng", "value": "CWE-770 Allocation of Resources Without Limits or Throttling" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r", "refsource": "CONFIRM", "url": "https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r" }, { "name": "https://www.npmjs.com/package/node-fetch", "refsource": "MISC", "url": "https://www.npmjs.com/package/node-fetch" } ] }, "source": { "advisory": "GHSA-w7rc-rwvf-8q5r", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15168", "datePublished": "2020-09-10T18:25:13", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:08:22.463Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-15586
Vulnerability from cvelistv5
Published
2020-07-17 15:38
Modified
2024-08-04 13:22
Severity ?
EPSS score ?
Summary
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T13:22:29.273Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2020:1087", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html" }, { "name": "openSUSE-SU-2020:1095", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html" }, { "name": "FEDORA-2020-d75360e2b0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCR6LAKCVKL55KJQPPBBWVQGOP7RL2RW/" }, { "name": "FEDORA-2020-9cd1204ba0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WIRVUHD7TJIT7JJ33FKHIVTHPYABYPHR/" }, { "name": "openSUSE-SU-2020:1405", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html" }, { "name": "openSUSE-SU-2020:1407", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html" }, { "name": "[debian-lts-announce] 20201121 [SECURITY] [DLA 2459-1] golang-1.7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html" }, { "name": "[debian-lts-announce] 20201121 [SECURITY] [DLA 2460-1] golang-1.8 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html" }, { "name": "DSA-4848", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-4848" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2w" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200731-0005/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://groups.google.com/forum/#%21topic/golang-announce/f2c5bqrGH_g" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.cloudfoundry.org/blog/cve-2020-15586/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-14T17:20:17", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "openSUSE-SU-2020:1087", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html" }, { "name": "openSUSE-SU-2020:1095", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html" }, { "name": "FEDORA-2020-d75360e2b0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCR6LAKCVKL55KJQPPBBWVQGOP7RL2RW/" }, { "name": "FEDORA-2020-9cd1204ba0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WIRVUHD7TJIT7JJ33FKHIVTHPYABYPHR/" }, { "name": "openSUSE-SU-2020:1405", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html" }, { "name": "openSUSE-SU-2020:1407", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html" }, { "name": "[debian-lts-announce] 20201121 [SECURITY] [DLA 2459-1] golang-1.7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html" }, { "name": "[debian-lts-announce] 20201121 [SECURITY] [DLA 2460-1] golang-1.8 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html" }, { "name": "DSA-4848", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-4848" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2w" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200731-0005/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://groups.google.com/forum/#%21topic/golang-announce/f2c5bqrGH_g" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.cloudfoundry.org/blog/cve-2020-15586/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-15586", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2020:1087", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html" }, { "name": "openSUSE-SU-2020:1095", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html" }, { "name": "FEDORA-2020-d75360e2b0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCR6LAKCVKL55KJQPPBBWVQGOP7RL2RW/" }, { "name": "FEDORA-2020-9cd1204ba0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIRVUHD7TJIT7JJ33FKHIVTHPYABYPHR/" }, { "name": "openSUSE-SU-2020:1405", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html" }, { "name": "openSUSE-SU-2020:1407", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html" }, { "name": "[debian-lts-announce] 20201121 [SECURITY] [DLA 2459-1] golang-1.7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html" }, { "name": "[debian-lts-announce] 20201121 [SECURITY] [DLA 2460-1] golang-1.8 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html" }, { "name": "DSA-4848", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4848" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w", "refsource": "CONFIRM", "url": "https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w" }, { "name": "https://security.netapp.com/advisory/ntap-20200731-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200731-0005/" }, { "name": "https://groups.google.com/forum/#!topic/golang-announce/f2c5bqrGH_g", "refsource": "MISC", "url": "https://groups.google.com/forum/#!topic/golang-announce/f2c5bqrGH_g" }, { "name": "https://www.cloudfoundry.org/blog/cve-2020-15586/", "refsource": "CONFIRM", "url": "https://www.cloudfoundry.org/blog/cve-2020-15586/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15586", "datePublished": "2020-07-17T15:38:24", "dateReserved": "2020-07-07T00:00:00", "dateUpdated": "2024-08-04T13:22:29.273Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-24553
Vulnerability from cvelistv5
Published
2020-09-02 16:25
Modified
2024-08-04 15:12
Severity ?
EPSS score ?
Summary
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T15:12:09.157Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20200902 [RT-SA-2020-004] Inconsistent Behavior of Go\u0027s CGI and FastCGI Transport May Lead to Cross-Site Scripting", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2020/Sep/5" }, { "name": "FEDORA-2020-741cfa13d0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZBO7Q73GGWBVYIKNH2HNN44Q5IQND5W/" }, { "name": "openSUSE-SU-2020:1584", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00000.html" }, { "name": "openSUSE-SU-2020:1587", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00002.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://groups.google.com/forum/#%21topic/golang-announce/8wqlSbkLdPs" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2020/Sep/5" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/159049/Go-CGI-FastCGI-Transport-Cross-Site-Scripting.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200924-0003/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2020-004" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-10T14:22:40", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20200902 [RT-SA-2020-004] Inconsistent Behavior of Go\u0027s CGI and FastCGI Transport May Lead to Cross-Site Scripting", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2020/Sep/5" }, { "name": "FEDORA-2020-741cfa13d0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZBO7Q73GGWBVYIKNH2HNN44Q5IQND5W/" }, { "name": "openSUSE-SU-2020:1584", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00000.html" }, { "name": "openSUSE-SU-2020:1587", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00002.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://groups.google.com/forum/#%21topic/golang-announce/8wqlSbkLdPs" }, { "tags": [ "x_refsource_MISC" ], "url": "http://seclists.org/fulldisclosure/2020/Sep/5" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/159049/Go-CGI-FastCGI-Transport-Cross-Site-Scripting.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200924-0003/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2020-004" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-24553", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20200902 [RT-SA-2020-004] Inconsistent Behavior of Go\u0027s CGI and FastCGI Transport May Lead to Cross-Site Scripting", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Sep/5" }, { "name": "FEDORA-2020-741cfa13d0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CZBO7Q73GGWBVYIKNH2HNN44Q5IQND5W/" }, { "name": "openSUSE-SU-2020:1584", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00000.html" }, { "name": "openSUSE-SU-2020:1587", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00002.html" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "https://groups.google.com/forum/#!topic/golang-announce/8wqlSbkLdPs", "refsource": "MISC", "url": "https://groups.google.com/forum/#!topic/golang-announce/8wqlSbkLdPs" }, { "name": "http://seclists.org/fulldisclosure/2020/Sep/5", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2020/Sep/5" }, { "name": "http://packetstormsecurity.com/files/159049/Go-CGI-FastCGI-Transport-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/159049/Go-CGI-FastCGI-Transport-Cross-Site-Scripting.html" }, { "name": "https://security.netapp.com/advisory/ntap-20200924-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200924-0003/" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "https://www.redteam-pentesting.de/advisories/rt-sa-2020-004", "refsource": "MISC", "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2020-004" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-24553", "datePublished": "2020-09-02T16:25:52", "dateReserved": "2020-08-20T00:00:00", "dateUpdated": "2024-08-04T15:12:09.157Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4166
Vulnerability from cvelistv5
Published
2020-08-27 12:40
Modified
2024-09-17 00:16
Severity ?
EPSS score ?
Summary
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6323297 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/174402 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Security Guardium Insights |
Version: 2.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:00:07.041Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6323297" }, { "name": "ibm-guardium-cve20204166-info-disc (174402)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174402" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Guardium Insights", "vendor": "IBM", "versions": [ { "status": "affected", "version": "2.0.1" } ] } ], "datePublic": "2020-08-26T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/PR:N/UI:N/AC:L/S:U/I:N/A:N/C:L/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-27T12:40:31", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6323297" }, { "name": "ibm-guardium-cve20204166-info-disc (174402)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174402" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-08-26T00:00:00", "ID": "CVE-2020-4166", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Guardium Insights", "version": { "version_data": [ { "version_value": "2.0.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6323297", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6323297 (Security Guardium Insights)", "url": "https://www.ibm.com/support/pages/node/6323297" }, { "name": "ibm-guardium-cve20204166-info-disc (174402)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174402" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4166", "datePublished": "2020-08-27T12:40:31.259831Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T00:16:02.480Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-15778
Vulnerability from cvelistv5
Published
2020-07-24 00:00
Modified
2024-08-04 13:22
Severity ?
EPSS score ?
Summary
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "openssh", "vendor": "openbsd", "versions": [ { "lessThanOrEqual": "8.3p1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2020-15778", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-01T14:59:02.714297Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:12:18.895Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T13:22:30.831Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openssh.com/security.html" }, { "tags": [ "x_transferred" ], "url": "https://github.com/cpandya2909/CVE-2020-15778/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200731-0007/" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=25005567" }, { "name": "GLSA-202212-06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-06" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3166" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-04T16:53:15.270364", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.openssh.com/security.html" }, { "url": "https://github.com/cpandya2909/CVE-2020-15778/" }, { "url": "https://security.netapp.com/advisory/ntap-20200731-0007/" }, { "url": "https://news.ycombinator.com/item?id=25005567" }, { "name": "GLSA-202212-06", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-06" }, { "url": "https://access.redhat.com/errata/RHSA-2024:3166" } ], "tags": [ "disputed" ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15778", "datePublished": "2020-07-24T00:00:00", "dateReserved": "2020-07-15T00:00:00", "dateUpdated": "2024-08-04T13:22:30.831Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4604
Vulnerability from cvelistv5
Published
2021-01-13 18:10
Modified
2024-09-17 00:42
Severity ?
EPSS score ?
Summary
IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6403463 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/184881 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Security Guardium Insights |
Version: 2.0.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:49.055Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204604-info-disc (184881)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184881" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Guardium Insights", "vendor": "IBM", "versions": [ { "status": "affected", "version": "2.0.2" } ] } ], "datePublic": "2021-01-12T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.6, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/A:N/C:H/I:N/S:U/UI:N/PR:H/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-13T18:10:32", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204604-info-disc (184881)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184881" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-12T00:00:00", "ID": "CVE-2020-4604", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Guardium Insights", "version": { "version_data": [ { "version_value": "2.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "L", "C": "H", "I": "N", "PR": "H", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6403463", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6403463 (Security Guardium Insights)", "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204604-info-disc (184881)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184881" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4604", "datePublished": "2021-01-13T18:10:32.577575Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T00:42:33.371Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-8244
Vulnerability from cvelistv5
Published
2020-08-30 13:43
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.
References
▼ | URL | Tags |
---|---|---|
https://hackerone.com/reports/966347 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:56:28.050Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://hackerone.com/reports/966347" }, { "name": "[debian-lts-announce] 20210630 [SECURITY] [DLA 2698-1] node-bl security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "bl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 4.0.3, 3.0.1, 2.2.1, and 1.2.3" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer over-read vulnerability exists in bl \u003c4.0.3, \u003c3.0.1, \u003c2.2.1, and \u003c1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "Buffer Over-read (CWE-126)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-01T02:06:10", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://hackerone.com/reports/966347" }, { "name": "[debian-lts-announce] 20210630 [SECURITY] [DLA 2698-1] node-bl security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "support@hackerone.com", "ID": "CVE-2020-8244", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "bl", "version": { "version_data": [ { "version_value": "Fixed in 4.0.3, 3.0.1, 2.2.1, and 1.2.3" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer over-read vulnerability exists in bl \u003c4.0.3, \u003c3.0.1, \u003c2.2.1, and \u003c1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Buffer Over-read (CWE-126)" } ] } ] }, "references": { "reference_data": [ { "name": "https://hackerone.com/reports/966347", "refsource": "MISC", "url": "https://hackerone.com/reports/966347" }, { "name": "[debian-lts-announce] 20210630 [SECURITY] [DLA 2698-1] node-bl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2020-8244", "datePublished": "2020-08-30T13:43:55", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2024-08-04T09:56:28.050Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-16845
Vulnerability from cvelistv5
Published
2020-08-06 17:03
Modified
2024-08-04 13:45
Severity ?
EPSS score ?
Summary
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T13:45:33.920Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://groups.google.com/forum/#%21topic/golang-announce/_ulYYcIWg3Q" }, { "name": "openSUSE-SU-2020:1178", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html" }, { "name": "openSUSE-SU-2020:1194", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html" }, { "name": "FEDORA-2020-e384830a0d", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU/" }, { "name": "FEDORA-2020-deff052e7a", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO/" }, { "name": "FEDORA-2020-a55f130272", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/" }, { "name": "FEDORA-2020-b190375a37", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4/" }, { "name": "openSUSE-SU-2020:1405", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html" }, { "name": "openSUSE-SU-2020:1407", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html" }, { "name": "[debian-lts-announce] 20201121 [SECURITY] [DLA 2459-1] golang-1.7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html" }, { "name": "[debian-lts-announce] 20201121 [SECURITY] [DLA 2460-1] golang-1.8 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html" }, { "name": "DSA-4848", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-4848" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://groups.google.com/forum/#%21topic/golang-announce/NyPIaucMgXo" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200924-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-14T17:20:17", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://groups.google.com/forum/#%21topic/golang-announce/_ulYYcIWg3Q" }, { "name": "openSUSE-SU-2020:1178", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html" }, { "name": "openSUSE-SU-2020:1194", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html" }, { "name": "FEDORA-2020-e384830a0d", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU/" }, { "name": "FEDORA-2020-deff052e7a", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO/" }, { "name": "FEDORA-2020-a55f130272", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/" }, { "name": "FEDORA-2020-b190375a37", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4/" }, { "name": "openSUSE-SU-2020:1405", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html" }, { "name": "openSUSE-SU-2020:1407", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html" }, { "name": "[debian-lts-announce] 20201121 [SECURITY] [DLA 2459-1] golang-1.7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html" }, { "name": "[debian-lts-announce] 20201121 [SECURITY] [DLA 2460-1] golang-1.8 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html" }, { "name": "DSA-4848", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-4848" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://groups.google.com/forum/#%21topic/golang-announce/NyPIaucMgXo" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200924-0002/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-16845", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q", "refsource": "MISC", "url": "https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q" }, { "name": "openSUSE-SU-2020:1178", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html" }, { "name": "openSUSE-SU-2020:1194", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html" }, { "name": "FEDORA-2020-e384830a0d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU/" }, { "name": "FEDORA-2020-deff052e7a", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO/" }, { "name": "FEDORA-2020-a55f130272", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/" }, { "name": "FEDORA-2020-b190375a37", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4/" }, { "name": "openSUSE-SU-2020:1405", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html" }, { "name": "openSUSE-SU-2020:1407", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html" }, { "name": "[debian-lts-announce] 20201121 [SECURITY] [DLA 2459-1] golang-1.7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html" }, { "name": "[debian-lts-announce] 20201121 [SECURITY] [DLA 2460-1] golang-1.8 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html" }, { "name": "DSA-4848", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4848" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo", "refsource": "CONFIRM", "url": "https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo" }, { "name": "https://security.netapp.com/advisory/ntap-20200924-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200924-0002/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-16845", "datePublished": "2020-08-06T17:03:33", "dateReserved": "2020-08-04T00:00:00", "dateUpdated": "2024-08-04T13:45:33.920Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-14145
Vulnerability from cvelistv5
Published
2020-06-29 17:33
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
References
▼ | URL | Tags |
---|---|---|
https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1 | x_refsource_MISC | |
https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/ | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20200709-0004/ | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2020/12/02/1 | mailing-list, x_refsource_MLIST | |
https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d | x_refsource_MISC | |
https://docs.ssh-mitm.at/CVE-2020-14145.html | x_refsource_MISC | |
https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py | x_refsource_MISC | |
https://security.gentoo.org/glsa/202105-35 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:39:36.101Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200709-0004/" }, { "name": "[oss-security] 20201202 Some mitigation for openssh CVE-2020-14145", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2020/12/02/1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.ssh-mitm.at/CVE-2020-14145.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py" }, { "name": "GLSA-202105-35", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202105-35" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-26T13:06:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200709-0004/" }, { "name": "[oss-security] 20201202 Some mitigation for openssh CVE-2020-14145", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2020/12/02/1" }, { "tags": [ "x_refsource_MISC" ], "url": "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.ssh-mitm.at/CVE-2020-14145.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py" }, { "name": "GLSA-202105-35", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202105-35" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-14145", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1", "refsource": "MISC", "url": "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1" }, { "name": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/", "refsource": "MISC", "url": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/" }, { "name": "https://security.netapp.com/advisory/ntap-20200709-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200709-0004/" }, { "name": "[oss-security] 20201202 Some mitigation for openssh CVE-2020-14145", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/12/02/1" }, { "name": "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d", "refsource": "MISC", "url": "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d" }, { "name": "https://docs.ssh-mitm.at/CVE-2020-14145.html", "refsource": "MISC", "url": "https://docs.ssh-mitm.at/CVE-2020-14145.html" }, { "name": "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py", "refsource": "MISC", "url": "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py" }, { "name": "GLSA-202105-35", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202105-35" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-14145", "datePublished": "2020-06-29T17:33:36", "dateReserved": "2020-06-15T00:00:00", "dateUpdated": "2024-08-04T12:39:36.101Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4600
Vulnerability from cvelistv5
Published
2021-01-13 18:10
Modified
2024-09-17 00:01
Severity ?
EPSS score ?
Summary
IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184832.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6403463 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/184832 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Security Guardium Insights |
Version: 2.0.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:49.052Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204600--info-disc (184832)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184832" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Guardium Insights", "vendor": "IBM", "versions": [ { "status": "affected", "version": "2.0.2" } ] } ], "datePublic": "2021-01-12T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184832." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:N/AV:N/A:N/AC:L/C:L/I:N/S:U/UI:N/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-13T18:10:31", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204600--info-disc (184832)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184832" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-12T00:00:00", "ID": "CVE-2020-4600", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Guardium Insights", "version": { "version_data": [ { "version_value": "2.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184832." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6403463", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6403463 (Security Guardium Insights)", "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204600--info-disc (184832)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184832" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4600", "datePublished": "2021-01-13T18:10:31.318934Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T00:01:55.002Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4595
Vulnerability from cvelistv5
Published
2021-01-13 18:10
Modified
2024-09-16 17:28
Severity ?
EPSS score ?
Summary
IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184819.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6403463 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/184819 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Security Guardium Insights |
Version: 2.0.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:48.988Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204595-info-disc (184819)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184819" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Guardium Insights", "vendor": "IBM", "versions": [ { "status": "affected", "version": "2.0.2" } ] } ], "datePublic": "2021-01-12T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184819." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:N/UI:N/I:N/S:U/C:H/AV:N/AC:H/A:N/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-13T18:10:28", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204595-info-disc (184819)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184819" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-12T00:00:00", "ID": "CVE-2020-4595", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Guardium Insights", "version": { "version_data": [ { "version_value": "2.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184819." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "N", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6403463", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6403463 (Security Guardium Insights)", "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204595-info-disc (184819)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184819" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4595", "datePublished": "2021-01-13T18:10:28.667092Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T17:28:43.214Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4594
Vulnerability from cvelistv5
Published
2021-01-13 18:10
Modified
2024-09-16 22:03
Severity ?
EPSS score ?
Summary
IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184800.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6403463 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/184800 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Security Guardium Insights |
Version: 2.0.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:49.062Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204594-info-disc (184800)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184800" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Guardium Insights", "vendor": "IBM", "versions": [ { "status": "affected", "version": "2.0.2" } ] } ], "datePublic": "2021-01-12T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184800." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:H/S:U/I:N/UI:N/PR:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-13T18:10:27", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204594-info-disc (184800)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184800" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-12T00:00:00", "ID": "CVE-2020-4594", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Guardium Insights", "version": { "version_data": [ { "version_value": "2.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184800." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "N", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6403463", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6403463 (Security Guardium Insights)", "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204594-info-disc (184800)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184800" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4594", "datePublished": "2021-01-13T18:10:27.967475Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T22:03:29.253Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4599
Vulnerability from cvelistv5
Published
2021-01-13 18:10
Modified
2024-09-16 22:46
Severity ?
EPSS score ?
Summary
IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184824.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6403463 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/184824 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Security Guardium Insights |
Version: 2.0.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:49.029Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guradium-cve20204599-info-disc (184824)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184824" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Guardium Insights", "vendor": "IBM", "versions": [ { "status": "affected", "version": "2.0.2" } ] } ], "datePublic": "2021-01-12T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184824." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:L/AV:N/A:N/AC:L/UI:N/I:N/S:U/PR:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-13T18:10:30", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guradium-cve20204599-info-disc (184824)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184824" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-12T00:00:00", "ID": "CVE-2020-4599", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Guardium Insights", "version": { "version_data": [ { "version_value": "2.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184824." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6403463", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6403463 (Security Guardium Insights)", "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guradium-cve20204599-info-disc (184824)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184824" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4599", "datePublished": "2021-01-13T18:10:30.675784Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T22:46:54.611Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-14039
Vulnerability from cvelistv5
Published
2020-07-17 15:43
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.
References
▼ | URL | Tags |
---|---|---|
https://groups.google.com/forum/#%21forum/golang-announce | x_refsource_MISC | |
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html | vendor-advisory, x_refsource_SUSE | |
https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC | |
https://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2w | x_refsource_CONFIRM | |
https://security.netapp.com/advisory/ntap-20200731-0005/ | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:32:14.665Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://groups.google.com/forum/#%21forum/golang-announce" }, { "name": "openSUSE-SU-2020:1087", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html" }, { "name": "openSUSE-SU-2020:1095", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html" }, { "name": "openSUSE-SU-2020:1405", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html" }, { "name": "openSUSE-SU-2020:1407", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2w" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200731-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-14T17:20:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://groups.google.com/forum/#%21forum/golang-announce" }, { "name": "openSUSE-SU-2020:1087", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html" }, { "name": "openSUSE-SU-2020:1095", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html" }, { "name": "openSUSE-SU-2020:1405", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html" }, { "name": "openSUSE-SU-2020:1407", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2w" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200731-0005/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-14039", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://groups.google.com/forum/#!forum/golang-announce", "refsource": "MISC", "url": "https://groups.google.com/forum/#!forum/golang-announce" }, { "name": "openSUSE-SU-2020:1087", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html" }, { "name": "openSUSE-SU-2020:1095", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html" }, { "name": "openSUSE-SU-2020:1405", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html" }, { "name": "openSUSE-SU-2020:1407", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w", "refsource": "CONFIRM", "url": "https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w" }, { "name": "https://security.netapp.com/advisory/ntap-20200731-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200731-0005/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-14039", "datePublished": "2020-07-17T15:43:33", "dateReserved": "2020-06-12T00:00:00", "dateUpdated": "2024-08-04T12:32:14.665Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4602
Vulnerability from cvelistv5
Published
2021-01-13 18:10
Modified
2024-09-17 03:49
Severity ?
EPSS score ?
Summary
IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6403463 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/184836 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Security Guardium Insights |
Version: 2.0.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:49.112Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204602-info-disc (184836)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184836" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Guardium Insights", "vendor": "IBM", "versions": [ { "status": "affected", "version": "2.0.2" } ] } ], "datePublic": "2021-01-12T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.9, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:H/A:N/AC:L/AV:L/UI:N/S:U/I:N/PR:H/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-13T18:10:31", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204602-info-disc (184836)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184836" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-12T00:00:00", "ID": "CVE-2020-4602", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Guardium Insights", "version": { "version_data": [ { "version_value": "2.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "L", "C": "H", "I": "N", "PR": "H", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6403463", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6403463 (Security Guardium Insights)", "url": "https://www.ibm.com/support/pages/node/6403463" }, { "name": "ibm-guardium-cve20204602-info-disc (184836)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184836" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4602", "datePublished": "2021-01-13T18:10:31.942176Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T03:49:04.504Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.