Lucene search
K

165 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/03/22 3:53 p.m.109 views

Security Bulletin: Cloudera Data Platform Private Cloud Base with IBM products have log messages vulnerable to arbitrary code execution, denial of service, remote code execution, and SQL injection due to Apache Log4j vulnerabilities

Summary Cloudera Data Platform Private Cloud Base with IBM products are affected by multiple Apache Log4j 1.x, 2.x vulnerabilities. Log messages are vulnerable to arbitrary code execution CVE-2022-23302, CVE-2021-44832, denial of service CVE-2021-45105, default file permissions CVE-2022-21704,...

10CVSS11AI score0.99999EPSS
Exploits358Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/03/21 12:0 a.m.6 views

The vulnerability of the Kylin data processing platform, related to the lack of measures for cleaning incoming data, allows a perpetrator to execute arbitrary commands.

The vulnerability of the Kylin data processing platform is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

10CVSS8.1AI score0.88614EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/11 8:2 p.m.18 views

Security Bulletin: Data masking rules are not enforced when CREATE TABLE AS SELECT statement is executed in IBM Big SQL

Summary A software defect in IBM Big SQL prevents data masking rules to be enforced when a user executes CREATE TABLE AS SELECT … WITH DATA statement. The newly created table contains unmasked data. Vulnerability Details CVEID:CVE-2022-22353 DESCRIPTION: IBM Big SQL could allow an authenticated...

6.5CVSS6.2AI score0.00864EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/02/10 12:0 a.m.10 views

The vulnerability of the Class.forName(...) method in the Kylin data processing platform allows attackers to compromise the confidentiality, integrity, and accessibility of information.

The vulnerability of the Class.forName... method in the Kylin data processing platform is related to the use of externally controlled input parameters for class selection. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of...

9.8CVSS7.7AI score0.02902EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2022/01/12 12:0 a.m.14 views

Siemens COMOS Web Component Cross-Site Request Forgery Vulnerability

COMOS is a unified data platform for collaborative plant design, operations, and management that supports the collection, processing, preservation, and distribution of information throughout the plant lifecycle.A cross-site request forgery vulnerability exists in the Siemens COMOS Web component,...

8.8CVSS3.2AI score0.00361EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/12 12:0 a.m.20 views

Siemens COMOS Web Component Cross-Site Scripting Vulnerability

COMOS is a unified data platform for collaborative plant design, operations, and management that supports the collection, processing, storage, and distribution of information throughout the plant lifecycle.A cross-site scripting vulnerability exists in the Siemens COMOS Web component that could b...

6.1CVSS2.1AI score0.00509EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/02 12:0 a.m.15 views

Dell EMC Streaming Data Platform code issue vulnerability

A code issue vulnerability exists in Dell EMC Streaming Data Platform, a Dell platform for real-time ingestion, storage, and analysis of continuous streaming data, which is caused by a design or implementation error in the code development process of a network system or product. improper design o...

5.3CVSS2.4AI score0.01015EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/02 12:0 a.m.16 views

Dell Emc Streaming Data Platform Code Issue Vulnerability (CNVD-2022-21491)

Dell Emc Streaming Data Platform, a Dell platform for real-time ingestion, storage and analysis of continuous streaming data, is vulnerable to a code issue that could be exploited by a remote, unauthenticated attacker to reuse old session artifacts to emulate a legitimate user...

9.8CVSS2.8AI score0.01157EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/02 12:0 a.m.5 views

Dell EMC Streaming Data Platform SQL Injection Vulnerability

Dell Emc Streaming Data Platform is a Dell platform for ingesting, storing and analyzing continuous streaming data in real time. A security vulnerability exists in Dell Emc Streaming Data Platform, which arises from a database-based application that lacks validation of externally entered SQL...

8.8CVSS7.6AI score0.00845EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/02 12:0 a.m.6 views

Unspecified Vulnerability in Dell Emc Streaming Data Platform

Dell Emc Streaming Data Platform is a Dell platform for ingesting, storing and analyzing continuous streaming data in real time. A security vulnerability exists in the Dell Emc Streaming Data Platform that originates from the inclusion of an indirect object reference, which can be exploited by an...

6.5CVSS6.6AI score0.00675EPSS
Exploits0References1
OSV
OSV
added 2021/11/30 9:15 p.m.4 views

CVE-2021-36328

Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database...

8.8CVSS7.5AI score0.00845EPSS
Exploits0References1
OSV
OSV
added 2021/11/30 9:15 p.m.7 views

CVE-2021-36330

Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user...

9.8CVSS5.8AI score0.01157EPSS
Exploits0References1
NVD
NVD
added 2021/11/30 9:15 p.m.17 views

CVE-2021-36330

Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user...

9.8CVSS0.01157EPSS
Exploits0References1
NVD
NVD
added 2021/11/30 9:15 p.m.18 views

CVE-2021-36328

Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database...

8.8CVSS0.00845EPSS
Exploits0References1
OSV
OSV
added 2021/11/30 9:15 p.m.3 views

CVE-2021-36326

Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface UI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted forma...

6.5CVSS6.7AI score0.01181EPSS
Exploits0References1
NVD
NVD
added 2021/11/30 9:15 p.m.17 views

CVE-2021-36327

Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choi...

5.3CVSS0.01015EPSS
Exploits0References1
NVD
NVD
added 2021/11/30 9:15 p.m.22 views

CVE-2021-36326

Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface UI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted forma...

6.5CVSS0.01181EPSS
Exploits0References1
Prion
Prion
added 2021/11/30 9:15 p.m.13 views

Design/Logic Flaw

Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...

4CVSS6.6AI score0.00675EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/11/30 9:15 p.m.19 views

Session fixation

Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user...

7.5CVSS9.3AI score0.01157EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/11/30 9:15 p.m.20 views

Format string

Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface UI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted forma...

4.3CVSS6.4AI score0.01181EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder