Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMCF2759FA2580A831AD3F37037CCE5ADD0096FCF73A521D6AF390441403F49062
HistoryMay 14, 2021 - 9:25 p.m.

Security Bulletin: H2 Database Vulnerabilities Affect IBM Control Center (CVE-2018-10054, CVE-2018-14335)

2021-05-1421:25:45
www.ibm.com
4

0.153 Low

EPSS

Percentile

95.9%

JSON

Summary

H2 Database could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of alias and could allow a remote attacker to obtain sensitive information, caused by improper handling of permissions in the backup function.

Vulnerability Details

CVEID:CVE-2018-10054
**DESCRIPTION:**H2 Database could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of alias. By using a specially-crafted alias, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/141388 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2018-14335
**DESCRIPTION:**H2 Database could allow a remote attacker to obtain sensitive information, caused by improper handling of permissions in the backup function. By using a symlink to a fake database file, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/147331 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Control Center 6.2.0.0

Remediation/Fixes

Product |

VRMF

|

iFix

|

Remediation

—|—|—|—

IBM Control Center

|

6.2.0.0

|

iFix08

|

Fix Central - 6.2.0.0

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm control centereq6.2.0.0

Related

ubuntucve 1
osv 2
nvd 2
prion 2
exploitpack 1
zdt 1
redhatcve 1
packetstorm 1
cve 2
broadcom 2
veracode 2
cvelist 2
atlassian 3
github 1
exploitdb 1
redhat 1
ubuntucve
ubuntucve
CVE-2018-14335
2018-07-24 00:00:00
osv
osv
CVE-2018-14335
2018-07-24 13:29:00
Improper Input Validation in Datomic
2022-05-13 01:30:17
nvd
nvd
CVE-2018-14335
2018-07-24 13:29:00
CVE-2018-10054
2018-04-11 20:29:00
prion
prion
Design/Logic Flaw
2018-07-24 13:29:00
Remote code execution
2018-04-11 20:29:00
exploitpack
exploitpack
H2 Database 1.4.197 - Information Disclosure
2018-07-30 00:00:00
zdt
zdt
H2 Database 1.4.197 - Information Disclosure Exploit
2018-07-30 00:00:00
redhatcve
redhatcve
CVE-2018-14335
2018-08-01 14:49:45
packetstorm
packetstorm
H2 Database 1.4.197 Information Disclosure
2018-07-30 00:00:00
cve
cve
CVE-2018-10054
2018-04-11 20:29:00
CVE-2018-14335
2018-07-24 13:29:00
broadcom
broadcom
BSA-2022-1837
2022-05-03 00:00:00
BSA-2022-1838
2022-05-03 00:00:00
veracode
veracode
Information Disclosure
2018-07-25 05:26:31
Arbitrary Code Execution
2018-06-25 09:19:09
cvelist
cvelist
CVE-2018-14335
2018-07-24 13:00:00
CVE-2018-10054
2018-04-11 00:00:00
atlassian
atlassian
Jira Service Management / Insight Asset Management vulnerable to RCE Security
2021-09-21 03:03:33
Jira Service Management / Insight Asset Management vulnerable to RCE Security
2021-09-21 03:03:33
RCE (Remote Code Execution) com.h2database:h2 Dependency in Bamboo Data Center and Server
2023-12-14 14:45:20
github
github
Improper Input Validation in Datomic
2022-05-13 01:30:17
exploitdb
exploitdb
H2 Database 1.4.197 - Information Disclosure
2018-07-30 00:00:00
redhat
redhat
(RHSA-2020:0727) Important: Red Hat Data Grid 7.3.3 security update
2020-03-05 12:46:52

0.153 Low

EPSS

Percentile

95.9%

JSON
Related for CF2759FA2580A831AD3F37037CCE5ADD0096FCF73A521D6AF390441403F49062
ubuntucve1osv2nvd2prion2exploitpack1zdt1redhatcve1packetstorm1cve2broadcom2veracode2cvelist2atlassian3github1exploitdb1redhat1