Vulnerability-Lookup

CNVD-2018-04988

Vulnerability from cnvd - Published: 2018-03-13

Title

IBM Application Performance Management for Monitoring&Diagnostics信息泄露漏洞

Description

IBM Application Performance Management for Monitoring&Diagnostics是美国IBM公司的一款用于监视和诊断的应用程序性能管理工具。 IBM Application Performance Management for Monitoring&Diagnostics中存在安全漏洞。攻击者可利用该漏洞获取敏感的个人数据。

Severity

中

Patch Name

IBM Application Performance Management for Monitoring&Diagnostics信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www-01.ibm.com/support/docview.wss?uid=swg22014035

Reference

http://www.ibm.com/support/docview.wss?uid=swg22014035 https://exchange.xforce.ibmcloud.com/vulnerabilities/138210

Impacted products

Name
['IBM Application Performance Management for Monitoring&Diagnostics 8.1.4', 'IBM Application Performance Management for Monitoring&Diagnostics 8.1.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1387"
    }
  },
  "description": "IBM Application Performance Management for Monitoring\u0026Diagnostics\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u76d1\u89c6\u548c\u8bca\u65ad\u7684\u5e94\u7528\u7a0b\u5e8f\u6027\u80fd\u7ba1\u7406\u5de5\u5177\u3002\r\n\r\nIBM Application Performance Management for Monitoring\u0026Diagnostics\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u7684\u4e2a\u4eba\u6570\u636e\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg22014035",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-04988",
  "openTime": "2018-03-13",
  "patchDescription": "IBM Application Performance Management for Monitoring\u0026Diagnostics\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u76d1\u89c6\u548c\u8bca\u65ad\u7684\u5e94\u7528\u7a0b\u5e8f\u6027\u80fd\u7ba1\u7406\u5de5\u5177\u3002\r\n\r\nIBM Application Performance Management for Monitoring\u0026Diagnostics\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u7684\u4e2a\u4eba\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Application Performance Management for Monitoring\u0026Diagnostics\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Application Performance Management for Monitoring\u0026Diagnostics 8.1.4",
      "IBM Application Performance Management for Monitoring\u0026Diagnostics 8.1.3"
    ]
  },
  "referenceLink": "http://www.ibm.com/support/docview.wss?uid=swg22014035\r\nhttps://exchange.xforce.ibmcloud.com/vulnerabilities/138210",
  "serverity": "\u4e2d",
  "submitTime": "2018-03-12",
  "title": "IBM Application Performance Management for Monitoring\u0026Diagnostics\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2018-1387 (GCVE-0-2018-1387)

Vulnerability from cvelistv5 – Published: 2018-03-08 16:00 – Updated: 2024-09-17 00:45

Summary

IBM Application Performance Management for Monitoring & Diagnostics (IBM Monitoring 8.1.3 and 8.1.4) may release sensitive personal data to the staff who can access to the database of this product. IBM X-Force ID: 138210.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:N/S:U/UI:N

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg22014035	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/103403	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	Monitoring	Affected: 8.1.3 Affected: 8.1.4

Date Public ?

2018-03-02 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:38.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22014035"
          },
          {
            "name": "ibm-apm-cve20181387-info-disc(138210)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138210"
          },
          {
            "name": "103403",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103403"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Monitoring",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.1.3"
            },
            {
              "status": "affected",
              "version": "8.1.4"
            }
          ]
        }
      ],
      "datePublic": "2018-03-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Application Performance Management for Monitoring \u0026 Diagnostics (IBM Monitoring 8.1.3 and 8.1.4) may release sensitive personal data to the staff who can access to the database of this product. IBM X-Force ID: 138210."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-15T09:57:02.000Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22014035"
        },
        {
          "name": "ibm-apm-cve20181387-info-disc(138210)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138210"
        },
        {
          "name": "103403",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103403"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-03-02T00:00:00",
          "ID": "CVE-2018-1387",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Monitoring",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.1.3"
                          },
                          {
                            "version_value": "8.1.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Application Performance Management for Monitoring \u0026 Diagnostics (IBM Monitoring 8.1.3 and 8.1.4) may release sensitive personal data to the staff who can access to the database of this product. IBM X-Force ID: 138210."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22014035",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22014035"
            },
            {
              "name": "ibm-apm-cve20181387-info-disc(138210)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138210"
            },
            {
              "name": "103403",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103403"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1387",
    "datePublished": "2018-03-08T16:00:00.000Z",
    "dateReserved": "2017-12-13T00:00:00.000Z",
    "dateUpdated": "2024-09-17T00:45:49.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-04988

CVE-2018-1387 (GCVE-0-2018-1387)

Tags

Sightings

Nomenclature