165 matches found
Security Bulletin: Cloudera Data Platform Private Cloud Base with IBM products have log messages vulnerable to arbitrary code execution, denial of service, remote code execution, and SQL injection due to Apache Log4j vulnerabilities
Summary Cloudera Data Platform Private Cloud Base with IBM products are affected by multiple Apache Log4j 1.x, 2.x vulnerabilities. Log messages are vulnerable to arbitrary code execution CVE-2022-23302, CVE-2021-44832, denial of service CVE-2021-45105, default file permissions CVE-2022-21704,...
The vulnerability of the Kylin data processing platform, related to the lack of measures for cleaning incoming data, allows a perpetrator to execute arbitrary commands.
The vulnerability of the Kylin data processing platform is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows an attacker to execute arbitrary commands...
Security Bulletin: Data masking rules are not enforced when CREATE TABLE AS SELECT statement is executed in IBM Big SQL
Summary A software defect in IBM Big SQL prevents data masking rules to be enforced when a user executes CREATE TABLE AS SELECT … WITH DATA statement. The newly created table contains unmasked data. Vulnerability Details CVEID:CVE-2022-22353 DESCRIPTION: IBM Big SQL could allow an authenticated...
The vulnerability of the Class.forName(...) method in the Kylin data processing platform allows attackers to compromise the confidentiality, integrity, and accessibility of information.
The vulnerability of the Class.forName... method in the Kylin data processing platform is related to the use of externally controlled input parameters for class selection. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of...
Siemens COMOS Web Component Cross-Site Request Forgery Vulnerability
COMOS is a unified data platform for collaborative plant design, operations, and management that supports the collection, processing, preservation, and distribution of information throughout the plant lifecycle.A cross-site request forgery vulnerability exists in the Siemens COMOS Web component,...
Siemens COMOS Web Component Cross-Site Scripting Vulnerability
COMOS is a unified data platform for collaborative plant design, operations, and management that supports the collection, processing, storage, and distribution of information throughout the plant lifecycle.A cross-site scripting vulnerability exists in the Siemens COMOS Web component that could b...
Dell EMC Streaming Data Platform code issue vulnerability
A code issue vulnerability exists in Dell EMC Streaming Data Platform, a Dell platform for real-time ingestion, storage, and analysis of continuous streaming data, which is caused by a design or implementation error in the code development process of a network system or product. improper design o...
Dell Emc Streaming Data Platform Code Issue Vulnerability (CNVD-2022-21491)
Dell Emc Streaming Data Platform, a Dell platform for real-time ingestion, storage and analysis of continuous streaming data, is vulnerable to a code issue that could be exploited by a remote, unauthenticated attacker to reuse old session artifacts to emulate a legitimate user...
Dell EMC Streaming Data Platform SQL Injection Vulnerability
Dell Emc Streaming Data Platform is a Dell platform for ingesting, storing and analyzing continuous streaming data in real time. A security vulnerability exists in Dell Emc Streaming Data Platform, which arises from a database-based application that lacks validation of externally entered SQL...
Unspecified Vulnerability in Dell Emc Streaming Data Platform
Dell Emc Streaming Data Platform is a Dell platform for ingesting, storing and analyzing continuous streaming data in real time. A security vulnerability exists in the Dell Emc Streaming Data Platform that originates from the inclusion of an indirect object reference, which can be exploited by an...
CVE-2021-36328
Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database...
CVE-2021-36330
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user...
CVE-2021-36330
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user...
CVE-2021-36328
Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database...
CVE-2021-36326
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface UI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted forma...
CVE-2021-36327
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choi...
CVE-2021-36326
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface UI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted forma...
Design/Logic Flaw
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...
Session fixation
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user...
Format string
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface UI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted forma...