cvelistv5 - cve-2018-1884

CVE-2018-1884 (GCVE-0-2018-1884)

Vulnerability from cvelistv5 – Published: 2018-11-12 16:00 – Updated: 2024-09-16 19:20

Summary

IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a "zip slip" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970.

Severity ?

4.8 (Medium)


                        
                          CVSS:3.0/A:L/AC:L/AV:L/C:L/I:L/PR:L/S:U/UI:R/E:U/RC:C/RL:O

CWE

Gain Access

Assigner

ibm

References

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=ibm10737897	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/105946	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Case Manager	Affected: 5.2.0.0 Affected: 5.2.0.4 Affected: 5.2.1.0 Affected: 5.2.1.7 Affected: 5.3.0.0 Affected: 5.3.3.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737897"
          },
          {
            "name": "105946",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105946"
          },
          {
            "name": "ibm-case-cve20181884-code-exec(151970)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151970"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Case Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.2.0.0"
            },
            {
              "status": "affected",
              "version": "5.2.0.4"
            },
            {
              "status": "affected",
              "version": "5.2.1.0"
            },
            {
              "status": "affected",
              "version": "5.2.1.7"
            },
            {
              "status": "affected",
              "version": "5.3.0.0"
            },
            {
              "status": "affected",
              "version": "5.3.3.0"
            }
          ]
        }
      ],
      "datePublic": "2018-11-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a \"zip slip\" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:L/AC:L/AV:L/C:L/I:L/PR:L/S:U/UI:R/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-20T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737897"
        },
        {
          "name": "105946",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105946"
        },
        {
          "name": "ibm-case-cve20181884-code-exec(151970)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151970"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-11-08T00:00:00",
          "ID": "CVE-2018-1884",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Case Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.2.0.0"
                          },
                          {
                            "version_value": "5.2.0.4"
                          },
                          {
                            "version_value": "5.2.1.0"
                          },
                          {
                            "version_value": "5.2.1.7"
                          },
                          {
                            "version_value": "5.3.0.0"
                          },
                          {
                            "version_value": "5.3.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a \"zip slip\" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "L",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10737897",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737897"
            },
            {
              "name": "105946",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105946"
            },
            {
              "name": "ibm-case-cve20181884-code-exec(151970)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151970"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1884",
    "datePublished": "2018-11-12T16:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T19:20:19.622Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:case_manager:5.2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94D67FAF-252F-4AE5-8395-58915F1D5B21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:case_manager:5.2.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC9406F4-67CE-4E59-AB7A-8F2BCEA7FECF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:case_manager:5.2.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF0156E9-A2BF-4F09-AEEC-B94294DBD097\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:case_manager:5.2.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEC16B10-249D-4189-B584-7DAFD13740C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:case_manager:5.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CC38040-593D-441F-B396-1B2F622F113E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:case_manager:5.3.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A98B54F8-2F43-43BE-9715-DA1614EFC88E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a \\\"zip slip\\\" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970.\"}, {\"lang\": \"es\", \"value\": \"IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0 y 5.3.3.0 es vulnerabilidad a una vulnerabilidad \\\"zip slip\\\" que podr\\u00eda permitir que un atacante remoto ejecute c\\u00f3digo mediante t\\u00e9cnicas de salto de directorio. IBM X-Force ID: 151970.\"}]",
      "id": "CVE-2018-1884",
      "lastModified": "2024-11-21T04:00:32.000",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"psirt@us.ibm.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.3, \"impactScore\": 3.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-11-12T16:29:00.390",
      "references": "[{\"url\": \"http://www.ibm.com/support/docview.wss?uid=ibm10737897\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/105946\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/151970\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=ibm10737897\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/105946\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/151970\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-1884\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2018-11-12T16:29:00.390\",\"lastModified\":\"2024-11-21T04:00:32.000\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a \\\"zip slip\\\" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970.\"},{\"lang\":\"es\",\"value\":\"IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0 y 5.3.3.0 es vulnerabilidad a una vulnerabilidad \\\"zip slip\\\" que podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo mediante t\u00e9cnicas de salto de directorio. IBM X-Force ID: 151970.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.3,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:case_manager:5.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94D67FAF-252F-4AE5-8395-58915F1D5B21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:case_manager:5.2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC9406F4-67CE-4E59-AB7A-8F2BCEA7FECF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:case_manager:5.2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF0156E9-A2BF-4F09-AEEC-B94294DBD097\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:case_manager:5.2.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEC16B10-249D-4189-B584-7DAFD13740C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:case_manager:5.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CC38040-593D-441F-B396-1B2F622F113E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:case_manager:5.3.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A98B54F8-2F43-43BE-9715-DA1614EFC88E\"}]}]}],\"references\":[{\"url\":\"http://www.ibm.com/support/docview.wss?uid=ibm10737897\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105946\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/151970\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=ibm10737897\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105946\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/151970\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2018-AVI-539

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM Case Manager versions 5.3.x antérieures à 5.3.3.0-ICM-IF003
IBM	N/A	IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V versions 8.1.x antérieures à 8.1.6.1
IBM	N/A	IBM MQ versions V8, V9 LTS, V9 CD, V9.1 LTS
IBM	N/A	IBM Contact Optimization versions 9.1.0.x antérieures à 9.1.0.12
IBM	N/A	IBM Connections 5.0 versions antérieures à 5.0 CR4 et sans le correctif temporaire APAR LO94099
IBM	N/A	IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware versions 7.1.x antérieures à 7.1.8.4
IBM	N/A	IBM Case Manager versions antérieures à 5.2.0.4-ICM-IF003
IBM	N/A	IBM Spectrum Protect (formerly Tivoli Storage Manager) Client versions 7.1.x antérieures à 7.1.8.3
IBM	N/A	IBM Case Manager versions 5.2.1.x antérieures à 5.2.1.7-ICM-IF004
IBM	N/A	IBM Spectrum Protect (formerly Tivoli Storage Manager) Client versions 8.1.x antérieures à 8.1.6.1
IBM	VIOS	VIOS versions 2.2.x
IBM	N/A	IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware versions 8.1.x antérieures à 8.1.6.1
IBM	N/A	IBM Connections 5.5 versions antérieures à 5.5 CR3 et sans le correctif temporaire APAR LO94099
IBM	AIX	AIX versions 5.3, 6.1, 7.1 et 7.2
IBM	N/A	IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage for Virtual Environments): Data Protection for Hyper-V versions 7.1.x antérieures à 7.1.8.4
IBM	WebSphere	IBM WebSphere versions 9.0, 8.5, 8.0 et 7.0
IBM	N/A	IBM Connections 6.0 versions antérieures à 6.0 CR3 et sans le correctif temporaire APAR LO94099
IBM	N/A	IBM Contact Optimization versions 9.1.2.x antérieures à 9.1.2.5

References

Title

Publication Time

Tags

Bulletin de sécurité IBM ibm10730703 du 09 novembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739387 du 09 novembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10737709 du 09 novembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10737897 du 09 novembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10738765 du 09 novembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10738677 du 09 novembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10734447 du 10 novembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10737761 du 09 novembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739391 du 09 novembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Case Manager versions 5.3.x ant\u00e9rieures \u00e0 5.3.3.0-ICM-IF003",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V versions 8.1.x ant\u00e9rieures \u00e0 8.1.6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MQ versions V8, V9 LTS, V9 CD, V9.1 LTS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Contact Optimization versions 9.1.0.x ant\u00e9rieures \u00e0 9.1.0.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Connections 5.0 versions ant\u00e9rieures \u00e0 5.0 CR4 et sans le correctif temporaire APAR LO94099",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware versions 7.1.x ant\u00e9rieures \u00e0 7.1.8.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Case Manager versions ant\u00e9rieures \u00e0 5.2.0.4-ICM-IF003",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect (formerly Tivoli Storage Manager) Client versions 7.1.x ant\u00e9rieures \u00e0 7.1.8.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Case Manager versions 5.2.1.x ant\u00e9rieures \u00e0 5.2.1.7-ICM-IF004",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect (formerly Tivoli Storage Manager) Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS versions 2.2.x",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware versions 8.1.x ant\u00e9rieures \u00e0 8.1.6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Connections 5.5 versions ant\u00e9rieures \u00e0 5.5 CR3 et sans le correctif temporaire APAR LO94099",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX versions 5.3, 6.1, 7.1 et 7.2",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage for Virtual Environments): Data Protection for Hyper-V versions 7.1.x ant\u00e9rieures \u00e0 7.1.8.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere versions 9.0, 8.5, 8.0 et 7.0",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Connections 6.0 versions ant\u00e9rieures \u00e0 6.0 CR3 et sans le correctif temporaire APAR LO94099",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Contact Optimization versions 9.1.2.x ant\u00e9rieures \u00e0 9.1.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-3009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3009"
    },
    {
      "name": "CVE-2018-3092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3092"
    },
    {
      "name": "CVE-2018-2768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2768"
    },
    {
      "name": "CVE-2018-1656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1656"
    },
    {
      "name": "CVE-2018-3094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3094"
    },
    {
      "name": "CVE-2018-6922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6922"
    },
    {
      "name": "CVE-2018-3104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3104"
    },
    {
      "name": "CVE-2018-3103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3103"
    },
    {
      "name": "CVE-2018-3099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3099"
    },
    {
      "name": "CVE-2018-3098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3098"
    },
    {
      "name": "CVE-2018-2801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2801"
    },
    {
      "name": "CVE-2018-1553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1553"
    },
    {
      "name": "CVE-2018-3010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3010"
    },
    {
      "name": "CVE-2018-1884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1884"
    },
    {
      "name": "CVE-2018-3096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3096"
    },
    {
      "name": "CVE-2018-2992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2992"
    },
    {
      "name": "CVE-2018-3093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3093"
    },
    {
      "name": "CVE-2018-3097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3097"
    },
    {
      "name": "CVE-2016-8610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8610"
    },
    {
      "name": "CVE-2018-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1792"
    },
    {
      "name": "CVE-2018-2806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2806"
    },
    {
      "name": "CVE-2018-3095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3095"
    },
    {
      "name": "CVE-2018-3102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3102"
    },
    {
      "name": "CVE-2018-1798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1798"
    },
    {
      "name": "CVE-2018-12539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12539"
    },
    {
      "name": "CVE-2018-1786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1786"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-539",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10730703 du 09 novembre 2018",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ibm10730703"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739387 du 09 novembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739387"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10737709 du 09 novembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10737709"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10737897 du 09 novembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10737897"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10738765 du 09 novembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10738765"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10738677 du 09 novembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10738677"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10734447 du 10 novembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10734447"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10737761 du 09 novembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10737761"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739391 du 09 novembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739391"
    }
  ]
}

CERTFR-2018-AVI-539

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM Case Manager versions 5.3.x antérieures à 5.3.3.0-ICM-IF003
IBM	N/A	IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V versions 8.1.x antérieures à 8.1.6.1
IBM	N/A	IBM MQ versions V8, V9 LTS, V9 CD, V9.1 LTS
IBM	N/A	IBM Contact Optimization versions 9.1.0.x antérieures à 9.1.0.12
IBM	N/A	IBM Connections 5.0 versions antérieures à 5.0 CR4 et sans le correctif temporaire APAR LO94099
IBM	N/A	IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware versions 7.1.x antérieures à 7.1.8.4
IBM	N/A	IBM Case Manager versions antérieures à 5.2.0.4-ICM-IF003
IBM	N/A	IBM Spectrum Protect (formerly Tivoli Storage Manager) Client versions 7.1.x antérieures à 7.1.8.3
IBM	N/A	IBM Case Manager versions 5.2.1.x antérieures à 5.2.1.7-ICM-IF004
IBM	N/A	IBM Spectrum Protect (formerly Tivoli Storage Manager) Client versions 8.1.x antérieures à 8.1.6.1
IBM	VIOS	VIOS versions 2.2.x
IBM	N/A	IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware versions 8.1.x antérieures à 8.1.6.1
IBM	N/A	IBM Connections 5.5 versions antérieures à 5.5 CR3 et sans le correctif temporaire APAR LO94099
IBM	AIX	AIX versions 5.3, 6.1, 7.1 et 7.2
IBM	N/A	IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage for Virtual Environments): Data Protection for Hyper-V versions 7.1.x antérieures à 7.1.8.4
IBM	WebSphere	IBM WebSphere versions 9.0, 8.5, 8.0 et 7.0
IBM	N/A	IBM Connections 6.0 versions antérieures à 6.0 CR3 et sans le correctif temporaire APAR LO94099
IBM	N/A	IBM Contact Optimization versions 9.1.2.x antérieures à 9.1.2.5

References

Title

Publication Time

Tags

Bulletin de sécurité IBM ibm10730703 du 09 novembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739387 du 09 novembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10737709 du 09 novembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10737897 du 09 novembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10738765 du 09 novembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10738677 du 09 novembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10734447 du 10 novembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10737761 du 09 novembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739391 du 09 novembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Case Manager versions 5.3.x ant\u00e9rieures \u00e0 5.3.3.0-ICM-IF003",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V versions 8.1.x ant\u00e9rieures \u00e0 8.1.6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MQ versions V8, V9 LTS, V9 CD, V9.1 LTS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Contact Optimization versions 9.1.0.x ant\u00e9rieures \u00e0 9.1.0.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Connections 5.0 versions ant\u00e9rieures \u00e0 5.0 CR4 et sans le correctif temporaire APAR LO94099",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware versions 7.1.x ant\u00e9rieures \u00e0 7.1.8.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Case Manager versions ant\u00e9rieures \u00e0 5.2.0.4-ICM-IF003",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect (formerly Tivoli Storage Manager) Client versions 7.1.x ant\u00e9rieures \u00e0 7.1.8.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Case Manager versions 5.2.1.x ant\u00e9rieures \u00e0 5.2.1.7-ICM-IF004",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect (formerly Tivoli Storage Manager) Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS versions 2.2.x",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware versions 8.1.x ant\u00e9rieures \u00e0 8.1.6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Connections 5.5 versions ant\u00e9rieures \u00e0 5.5 CR3 et sans le correctif temporaire APAR LO94099",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX versions 5.3, 6.1, 7.1 et 7.2",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage for Virtual Environments): Data Protection for Hyper-V versions 7.1.x ant\u00e9rieures \u00e0 7.1.8.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere versions 9.0, 8.5, 8.0 et 7.0",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Connections 6.0 versions ant\u00e9rieures \u00e0 6.0 CR3 et sans le correctif temporaire APAR LO94099",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Contact Optimization versions 9.1.2.x ant\u00e9rieures \u00e0 9.1.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-3009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3009"
    },
    {
      "name": "CVE-2018-3092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3092"
    },
    {
      "name": "CVE-2018-2768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2768"
    },
    {
      "name": "CVE-2018-1656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1656"
    },
    {
      "name": "CVE-2018-3094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3094"
    },
    {
      "name": "CVE-2018-6922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6922"
    },
    {
      "name": "CVE-2018-3104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3104"
    },
    {
      "name": "CVE-2018-3103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3103"
    },
    {
      "name": "CVE-2018-3099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3099"
    },
    {
      "name": "CVE-2018-3098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3098"
    },
    {
      "name": "CVE-2018-2801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2801"
    },
    {
      "name": "CVE-2018-1553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1553"
    },
    {
      "name": "CVE-2018-3010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3010"
    },
    {
      "name": "CVE-2018-1884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1884"
    },
    {
      "name": "CVE-2018-3096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3096"
    },
    {
      "name": "CVE-2018-2992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2992"
    },
    {
      "name": "CVE-2018-3093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3093"
    },
    {
      "name": "CVE-2018-3097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3097"
    },
    {
      "name": "CVE-2016-8610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8610"
    },
    {
      "name": "CVE-2018-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1792"
    },
    {
      "name": "CVE-2018-2806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2806"
    },
    {
      "name": "CVE-2018-3095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3095"
    },
    {
      "name": "CVE-2018-3102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3102"
    },
    {
      "name": "CVE-2018-1798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1798"
    },
    {
      "name": "CVE-2018-12539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12539"
    },
    {
      "name": "CVE-2018-1786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1786"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-539",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10730703 du 09 novembre 2018",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ibm10730703"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739387 du 09 novembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739387"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10737709 du 09 novembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10737709"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10737897 du 09 novembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10737897"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10738765 du 09 novembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10738765"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10738677 du 09 novembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10738677"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10734447 du 10 novembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10734447"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10737761 du 09 novembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10737761"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739391 du 09 novembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739391"
    }
  ]
}

GSD-2018-1884

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-1884

Aliases

CVE-2018-1884

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1884",
    "description": "IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a \"zip slip\" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970.",
    "id": "GSD-2018-1884"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1884"
      ],
      "details": "IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a \"zip slip\" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970.",
      "id": "GSD-2018-1884",
      "modified": "2023-12-13T01:22:37.367078Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2018-11-08T00:00:00",
        "ID": "CVE-2018-1884",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Case Manager",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "5.2.0.0"
                        },
                        {
                          "version_value": "5.2.0.4"
                        },
                        {
                          "version_value": "5.2.1.0"
                        },
                        {
                          "version_value": "5.2.1.7"
                        },
                        {
                          "version_value": "5.3.0.0"
                        },
                        {
                          "version_value": "5.3.3.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a \"zip slip\" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970."
          }
        ]
      },
      "impact": {
        "cvssv3": {
          "BM": {
            "A": "L",
            "AC": "L",
            "AV": "L",
            "C": "L",
            "I": "L",
            "PR": "L",
            "S": "U",
            "SCORE": "4.800",
            "UI": "R"
          },
          "TM": {
            "E": "U",
            "RC": "C",
            "RL": "O"
          }
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Gain Access"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.ibm.com/support/docview.wss?uid=ibm10737897",
            "refsource": "CONFIRM",
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737897"
          },
          {
            "name": "105946",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105946"
          },
          {
            "name": "ibm-case-cve20181884-code-exec(151970)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151970"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:case_manager:5.2.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:case_manager:5.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:case_manager:5.3.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:case_manager:5.2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:case_manager:5.2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:case_manager:5.2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2018-1884"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a \"zip slip\" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-case-cve20181884-code-exec(151970)",
              "refsource": "XF",
              "tags": [
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151970"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10737897",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737897"
            },
            {
              "name": "105946",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105946"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:39Z",
      "publishedDate": "2018-11-12T16:29Z"
    }
  }
}

CNVD-2018-25317

Vulnerability from cnvd - Published: 2018-12-14

Title

IBM Case Manager路径遍历漏洞

Description

IBM Case Manager是美国IBM公司的一套用于管理案例的解决方案。该方案支持将内容、流程和人员相结合，并提供框架、关联性方法和集成工具以查看案例的全方位视图。 IBM Case Manager中存在路径遍历漏洞。远程攻击者可利用该漏洞执行任意代码。

Severity

中

Patch Name

IBM Case Manager路径遍历漏洞的补丁

Patch Description

IBM Case Manager是美国IBM公司的一套用于管理案例的解决方案。该方案支持将内容、流程和人员相结合，并提供框架、关联性方法和集成工具以查看案例的全方位视图。 IBM Case Manager中存在路径遍历漏洞。远程攻击者可利用该漏洞执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://www-01.ibm.com/support/docview.wss?uid=ibm10737897

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-1884 https://www.securityfocus.com/bid/105946

Impacted products

Name
['IBM Case Manager 5.1.1', 'IBM Case Manager 5.2.0', 'IBM Case Manager 5.2.1', 'IBM Case Manager 5.3.*']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "105946"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1884",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1884"
    }
  },
  "description": "IBM Case Manager\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u7ba1\u7406\u6848\u4f8b\u7684\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u652f\u6301\u5c06\u5185\u5bb9\u3001\u6d41\u7a0b\u548c\u4eba\u5458\u76f8\u7ed3\u5408\uff0c\u5e76\u63d0\u4f9b\u6846\u67b6\u3001\u5173\u8054\u6027\u65b9\u6cd5\u548c\u96c6\u6210\u5de5\u5177\u4ee5\u67e5\u770b\u6848\u4f8b\u7684\u5168\u65b9\u4f4d\u89c6\u56fe\u3002\n\nIBM Case Manager\u4e2d\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://www-01.ibm.com/support/docview.wss?uid=ibm10737897",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-25317",
  "openTime": "2018-12-14",
  "patchDescription": "IBM Case Manager\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u7ba1\u7406\u6848\u4f8b\u7684\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u652f\u6301\u5c06\u5185\u5bb9\u3001\u6d41\u7a0b\u548c\u4eba\u5458\u76f8\u7ed3\u5408\uff0c\u5e76\u63d0\u4f9b\u6846\u67b6\u3001\u5173\u8054\u6027\u65b9\u6cd5\u548c\u96c6\u6210\u5de5\u5177\u4ee5\u67e5\u770b\u6848\u4f8b\u7684\u5168\u65b9\u4f4d\u89c6\u56fe\u3002\r\n\r\nIBM Case Manager\u4e2d\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Case Manager\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Case Manager 5.1.1",
      "IBM Case Manager 5.2.0",
      "IBM Case Manager 5.2.1",
      "IBM Case Manager 5.3.*"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-1884\r\nhttps://www.securityfocus.com/bid/105946",
  "serverity": "\u4e2d",
  "submitTime": "2018-11-15",
  "title": "IBM Case Manager\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}

FKIE_CVE-2018-1884

Vulnerability from fkie_nvd - Published: 2018-11-12 16:29 - Updated: 2024-11-21 04:00

Severity ?

4.8 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=ibm10737897	Mitigation, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/105946	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/151970	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=ibm10737897	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105946	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/151970	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	case_manager	5.2.0.0
ibm	case_manager	5.2.0.4
ibm	case_manager	5.2.1.0
ibm	case_manager	5.2.1.7
ibm	case_manager	5.3.0.0
ibm	case_manager	5.3.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:case_manager:5.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94D67FAF-252F-4AE5-8395-58915F1D5B21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:case_manager:5.2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC9406F4-67CE-4E59-AB7A-8F2BCEA7FECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:case_manager:5.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF0156E9-A2BF-4F09-AEEC-B94294DBD097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:case_manager:5.2.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEC16B10-249D-4189-B584-7DAFD13740C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:case_manager:5.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC38040-593D-441F-B396-1B2F622F113E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:case_manager:5.3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98B54F8-2F43-43BE-9715-DA1614EFC88E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a \"zip slip\" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970."
    },
    {
      "lang": "es",
      "value": "IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0 y 5.3.3.0 es vulnerabilidad a una vulnerabilidad \"zip slip\" que podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo mediante t\u00e9cnicas de salto de directorio. IBM X-Force ID: 151970."
    }
  ],
  "id": "CVE-2018-1884",
  "lastModified": "2024-11-21T04:00:32.000",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 3.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-12T16:29:00.390",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737897"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105946"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151970"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-VH29-437X-8PH3

Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-1884"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-12T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a \"zip slip\" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970.",
  "id": "GHSA-vh29-437x-8ph3",
  "modified": "2022-05-13T01:32:32Z",
  "published": "2022-05-13T01:32:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1884"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151970"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737897"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105946"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-1884 (GCVE-0-2018-1884)

CERTFR-2018-AVI-539

Solution

CERTFR-2018-AVI-539

Solution

GSD-2018-1884

CNVD-2018-25317

FKIE_CVE-2018-1884

GHSA-VH29-437X-8PH3

Tags

Sightings

Nomenclature