Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM36F14FC6EC7B524F474517CE350AAE63CD08D5A933A94FC49B670D61FE767052
HistoryJun 15, 2018 - 10:42 p.m.

Security Bulletin: IBM OpenPages Platform with Database vulnerabilities.

2018-06-1522:42:38
www.ibm.com
13

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

JSON

Summary

These security vulnerabilities exist in all versions of IBM OpenPages with Database: See Vulnerability Details for CVE IDs.

Vulnerability Details

Customers who have IBM OpenPages with Database are potentially impacted by these vulnerabilities.

CVE-ID: CVE-2013-3751
Description: An unspecified vulnerability in Oracle Database related to the XML Parser component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/85650&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVE-ID: CVE-2013-3774
Description: An unspecified vulnerability in Oracle Database related to the Network Layer component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 7.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/85651&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE-ID: CVE-2014-4236
Description: An unspecified vulnerability in Oracle Database related to the RDBMS Core component has partial confidentiality impact, partial integrity impact, and partial availability impact.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94538&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVE-ID: CVE-2014-4237
Description: An unspecified vulnerability in Oracle Database related to the RDBMS Core component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94539&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVE-ID: CVE-2014-4245
Description: An unspecified vulnerability in Oracle Database related to the RDBMS Core component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94540&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)

Affected Products and Versions

IBM OpenPages with Database 6.2 through 7.0

Remediation/Fixes

A fix has been created for each affected version of the named product. Download and install the appropriate fix as soon as practicable. Fixes and installation instructions are provided at the URLs listed below:

Patch Download URL
IBM OpenPages with Database IF 2 <http://www.ibm.com/support/docview.wss?uid=swg24038779&gt;

Related

f5 2
nessus 2
ibm 1
openvas 2
zdi 1
checkpoint_advisories 1
prion 5
cve 5
cvelist 5
suse 1
securityvulns 2
oracle 2
f5
f5
K15892 : Oracle Database Server vulnerabilities CVE-2013-3751, CVE-2013-3774, CVE-2014-4236, CVE-2014-4237, and CVE-2014-4245
2014-12-05 00:00:00
SOL15892 - Oracle Database Server vulnerabilities CVE-2013-3751, CVE-2013-3774, CVE-2014-4236, CVE-2014-4237, and CVE-2014-4245
2014-12-04 00:00:00
nessus
nessus
Oracle Database Multiple Vulnerabilities (July 2014 CPU)
2014-07-16 00:00:00
Oracle Database Multiple Vulnerabilities (July 2013 CPU)
2013-07-17 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities had been identified in Oracle Database related to the RDBMS Core component. (CVE-2014-4236 and CVE-2014-4245)
2018-06-17 14:49:34
openvas
openvas
Oracle Database Server Multiple Unspecified Vulnerabilities -03 (Jan 2016)
2016-01-25 00:00:00
Oracle Database Server Multiple Unspecified Vulnerabilities -04 (Jan 2016)
2016-01-25 00:00:00
zdi
zdi
Oracle Database Server SQL QName Remote Code Execution Vulnerability
2013-08-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Database Server Insecure User Input Stack Buffer Overflow (CVE-2013-3751)
2014-10-22 00:00:00
prion
prion
Design/Logic Flaw
2013-07-17 13:41:00
Design/Logic Flaw
2014-07-17 11:17:00
Design/Logic Flaw
2013-07-17 13:41:00
cve
cve
CVE-2013-3774
2013-07-17 13:41:00
CVE-2013-3751
2013-07-17 13:41:00
CVE-2014-4236
2014-07-17 11:17:00
cvelist
cvelist
CVE-2013-3751
2013-07-17 10:00:00
CVE-2014-4245
2014-07-17 10:00:00
CVE-2013-3774
2013-07-17 10:00:00
suse
suse
Security update for oracle-update (important)
2013-09-13 22:04:20
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL applications security vulnerabilities
2014-07-21 00:00:00
Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities
2013-08-12 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2014
2014-07-15 00:00:00
Oracle Critical Patch Update - July 2013
2013-07-16 00:00:00

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

JSON
Related for 36F14FC6EC7B524F474517CE350AAE63CD08D5A933A94FC49B670D61FE767052
f52nessus2ibm1openvas2zdi1checkpoint_advisories1prion5cve5cvelist5suse1securityvulns2oracle2