Security Bulletin: IBM Data Virtualization Manager for z/OS has a remote code execution (RCE) vulnerability

Summary IBM Data Virtualization Manager for z/OS has a remote code execution RCE vulnerability in the JDBC component with fix pack dvm-jdbc-3.1.202406111013. Vulnerability Details CVEID: NA Description: Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during...

CVE-2024-51765

A security vulnerability has been identified in HPE Cray Data Virtualization Service DVS. Depending on configuration, this vulnerability may lead to local/cluster unauthorized access...

HPE Cray Data Virtualization Service(DVS) 安全漏洞

HPE Cray Data Virtualization Service is a distributed network service from HPE. A security vulnerability exists in HPE Cray Data Virtualization Service DVS that stems from vulnerability to unauthorized local or clustered access...

PT-2024-34896 · Hewlett Packard · Hpe Cray Data Virtualization Service

Name of the Vulnerable Software and Affected Versions: HPE Cray Data Virtualization Service DVS affected versions not specified Description: A security issue has been identified in HPE Cray Data Virtualization Service DVS, which may lead to unauthorized access, depending on the configuration. Thi...

Security Bulletin: IBM Watson Query (Data Virtualization) does not govern all of the columns of a published object

Summary IBM Watson Query Data Virtualization on Cloud Pak for Data integrates with IBM Knowledge Catalog IKC - formerly Watson Knowledge Catalog WKC - to enforce data protection rules on governed objects. When you publish objects from Watson Query to catalogs or projects, only the first n where...

Security Bulletin: IBM Data Virtualization on Cloud Pak for Data is vulnerable to OpenSSH vulnerability CVE-2024-6387

Summary IBM Data Virtualization on Cloud Pak for Data embeds a variant of the IBM Db2 database server that runs in MPP mode. For MPP functionality such as scale-out, internally the server uses the secure shell SSH protocol for inter-pod communication. SSH protocol is not exposed to external users...

Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data

Summary This bulletin addresses multiple vulnerabilities in Data Virtualization on IBM Cloud Pak for Data. Note that Data Virtualization is rebranded to Watson Query starting in IBM Cloud Pak for Data version 4.6. Vulnerability Details CVEID:CVE-2022-37598 DESCRIPTION: Node.js UglifyJS module cou...

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary command execution due to com.ibm.ws.org.apache.commons.collections (CVE-2015-7501)

Summary A security vulnerability has been identified and addressed in com.ibm.ws.org.apache.commons.collections.3.2.1-1.0.9.jar shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2015-7501 DESCRIPTION: Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid...

CVE-2022-30570

The Column Based Security component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the...

CVE-2022-30570

The Column Based Security component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the...

Design/Logic Flaw

The Column Based Security component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the...

CVE-2022-30570 TIBCO Data Virtualization Access Control Vulnerability

The Column Based Security component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the...

CVE-2022-30570

CVE-2022-30570 affects TIBCO Data Virtualization (TDV) and TDV for AWS Marketplace in the Column Based Security component. A low-privileged attacker with network access can obtain read access to application information on the affected system. Affected releases: TDV 8.5.2 and earlier; TDV for AWS ...

CVE-2022-30570

The Column Based Security component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the...

Tibco Data Virtualization 访问控制错误漏洞

Tibco Data Virtualization is a data virtualization platform from Tibco Corporation. An Access Control Error vulnerability exists in Tibco Data Virtualization version 8.5.2 and prior versions, which can be exploited to allow a low-privileged attacker with network access privileges to gain read...

TIBCO Security Advisory: July 19, 2022 - TIBCO Data Virtualization -CVE-2022-30570

TIBCO Data Virtualization Access Control Vulnerability Original release date: July 19, 2022 Lastrevised: --- CVE-2022-30570 Source: TIBCOSoftware Inc. Products Affected TIBCO Data Virtualization versions 8.5.2 and below TIBCO Data Virtualization for AWS Marketplace versions 8.5.2 and below The...

TIBCO Security Advisory: July 19, 2022 - TIBCO Data Virtualization -CVE-2022-30570

TIBCO Data Virtualization Access Control Vulnerability Original release date: July 19, 2022 Lastrevised: --- CVE-2022-30570 Source: TIBCOSoftware Inc. Products Affected TIBCO Data Virtualization versions 8.5.2 and below TIBCO Data Virtualization for AWS Marketplace versions 8.5.2 and below The...

IBM Data Virtualization on Cloud Pak for Data Information Disclosure Vulnerability

IBM Data Virtualization on Cloud Pak for Data is a cloud-native solution from IBM USA. It allows you to work with data quickly and efficiently. An information disclosure vulnerability exists in IBM Data Virtualization on Cloud Pak for Data, which can be exploited by attackers to bypass data maski...

CVE-2021-38971

IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620...

CVE-2021-38971

IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620...