Lucene search
K

229 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/13 11:19 p.m.4 views

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to the FasterXML Jackson Core package (PRISMA-2023-0067)

Summary Jackson is used by IBM DataStage on Cloud Pak for Data for JSON parsing. Vulnerability Details IBM X-Force ID: 256137 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by improper input validation by the StreamReadConstraints value field. By sending a...

7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/13 11:15 p.m.14 views

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to a phishing attack due to the ExpressJS package (CVE-2024-29041)

Summary ExpressJS is used by IBM DataStage on Cloud Pak for Data as part of the web application framework. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker...

6.1CVSS6.5AI score0.00786EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/13 11:13 p.m.20 views

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to authentication and command execution issues due to the Eclipse Jetty package (CVE-2023-36479, CVE-2023-40167, CVE-2023-41900)

Summary Eclipse Jetty is used by IBM DataStage on Cloud Pak for Data as part of web server functionality. Vulnerability Details CVEID:CVE-2023-36479 DESCRIPTION: Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific...

5.3CVSS6.5AI score0.01069EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/13 11:11 p.m.12 views

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to GNOME GLib (CVE-2023-32636)

Summary GNOME GLib is used by IBM DataStage on Cloud Pak for Data as part of the data handling functionality. Vulnerability Details CVEID:CVE-2023-32636 DESCRIPTION: GNOME GLib is vulnerable to a denial of service, caused by a flaw in the fuzzvarianttext function. By sending a specially crafted...

7.5CVSS6.1AI score0.0078EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/13 11:10 p.m.10 views

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to the FasterXML jackson-databind package (CVE-2023-35116)

Summary Jackson-databind is used by IBM DataStage on Cloud Pak for Data as part of data processing. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to open a specially...

4.7CVSS4.8AI score0.00352EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/13 11:8 p.m.17 views

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to sensitive information leaks due to a flaw in the Kubernetes kube-apiserver (CVE-2019-11250, CVE-2020-8565)

Summary Kubernetes is used by IBM DataStage on Cloud Pak for Data as part of the container environment. Vulnerability Details CVEID:CVE-2019-11250 DESCRIPTION: Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by storing credentials in the log by the...

6.5CVSS5.7AI score0.01766EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/13 11:5 p.m.10 views

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to a symlink vulnerability due to Libcontainer and Docker Engine (CVE-2015-3627)

Summary Libcontainer and Docker Engine are used by IBM DataStage on Cloud Pak for Data as part of the container environment. Vulnerability Details CVEID:CVE-2015-3627 DESCRIPTION: A symlink vulnerability in Libcontainer and Docker Engine regarding the file-descriptor being opened prior to...

7.2CVSS6.3AI score0.00609EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/13 11:2 p.m.12 views

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to unlimited data accumulation due to the Netty package ( CVE-2024-29025)

Summary Netty is used by IBM DataStage on Cloud Pak for Data as part of server processing. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients...

5.3CVSS5.2AI score0.0138EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 8:11 p.m.8 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to information disclosure due to hbase-client

Summary hbase-client is used by the ds-cas-lite microservice as part of the HBase API functionality. Vulnerability Details CVEID:CVE-2024-23944 DESCRIPTION: Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child...

5.3CVSS5.7AI score0.00246EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 5:50 p.m.20 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to uncontrolled resource consumption due to commons-io.

Summary Commons.io is used by the ds-runtime microservice as part of the read/write functionality. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively...

4.3CVSS6.5AI score0.01241EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 5:47 p.m.34 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service and nonstandard cookie parsing due to hbase-client.

Summary hbase-client is used by the ds-cas-lite microservice as part of the Java client API for HBase. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter or...

5.3CVSS5.9AI score0.0326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 5:45 p.m.13 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to HTML attribute injection due to Jinja package (CVE-2024-22195)

Summary Jinja is used by DataStage on Cloud Pak for Data as part of HTML templating. Vulnerability Details CVEID:CVE-2024-22195 DESCRIPTION: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitra...

6.1CVSS6AI score0.00892EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 5:42 p.m.16 views

Security Bulletin: Vulnerability with DataStage on Cloud Pak for Data related to urllib3

Summary IBM has released the below fix for IBM DataStage on Cloud Pak for Data in response to the vulnerability found. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2019-11236 DESCRIPTION: Python urllib3 is vulnerable to CRLF injection,...

6.1CVSS6.9AI score0.02056EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 3:36 p.m.25 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service due to hbase-client

Summary hbase-client is used by the ds-cas-lite microservice as part of the HBase API functionality. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as...

7.5CVSS6.5AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 3:34 p.m.7 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary configuration injection due to pip:22.3.1

Summary Pip is used by the DataStage on Cloud Pak for Data px-runtime microservice as part of package installation. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial...

5.5CVSS5.6AI score0.00476EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 3:31 p.m.15 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to out of bounds writes due to hbase-client

Summary hbase-client is used by the ds-cas-lite microservice as part of the Java client HBase API. Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Use...

7.3CVSS6.1AI score0.02054EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 3:28 p.m.10 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to LDAP injection due to hbase-client

Summary hbase-client is used by the ds-cas-lite microservice as part of the HBase API functionality. Vulnerability Details CVEID:CVE-2023-25613 DESCRIPTION: Apache Kerby could allow a remote attacker to conduct an LDAP injection, caused by a flaw in LdapIdentityBackend. By sending a request with ...

9.8CVSS9.2AI score0.01491EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 3:24 p.m.6 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to buffer overflow due to the nsdc package

Summary Ncsd is used by DataStage on Cloud Pak for Data as part of the name service lookup. Vulnerability Details CVEID:CVE-2024-33599 DESCRIPTION: nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's nscd fixed size cache is exhausted by client requests then a...

8.1CVSS6.6AI score0.0131EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 3:20 p.m.34 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service due to the SnakeYAML package (CVE-2022-38751, CVE-2017-18640, CVE-2022-38749, CVE-2022-38750, CVE-2022-38752, CVE-2022-25857, CVE-2022-41854, CVE-2022-1471)

Summary SnakeYAML is used by DataStage on Cloud Pak for Data as part of the YAML serialization functionality. Vulnerability Details CVEID:CVE-2022-38751 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a...

9.8CVSS7.6AI score0.99615EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 3:17 p.m.27 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service due to jackson-databind package

Summary jackson-databind is used by the DataStage on Cloud Pak for Data ds-runtime service as part of JSON content handling. Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secure...

7.5CVSS7.9AI score0.17611EPSS
Exploits5Affected Software1
Rows per page
Query Builder