54 matches found
Security Bulletin: A vulnerability affects IBM Db2 Big SQL on Cloud Pak for Data
Summary A vulnerability in the node.js ejs module affects IBM Db2 Big SQL 7.4 and earlier on Cloud Pak for Data 4.6 and earlier Vulnerability Details CVEID:CVE-2023-29827 DESCRIPTION: Node.js ejs module could allow a remote authenticated attacker to execute arbitrary code on the system, caused by...
Security Bulletin: Vulnerability in follow-redirects-1.15.3.tgz affects IBM Db2 Big SQL
Summary A vulnerability in node.js follow-redirects-1.15.3.tgz package affects I|BM Db2 Big SQL 7.6 and earlier on Cloud Pak for Data 4.8 and earlier. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an...
Security Bulletin: Vulnerability in Golang affects IBM Db2 Big SQL
Summary A vulnerability in Golang golang.org/x/net-v0.2.0 package affects I|BM Db2 Big SQL 7.6 and earlier on Cloud Pak for Data 4.8 and earlier. Vulnerability Details CVEID:CVE-2022-41723 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By sendi...
Security Bulletin: A vulnerability in body-parser-1.20.2.tgz affects IBM Db2 Big SQL on Cloud Pak for Data
Summary A vulnerability in open source package expressjs body-parser-1.20.2.tgz affects IBM Db2 Big SQL 7.x on Cloud Pak for Data 5.x Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. ...
Security Bulletin: A vulnerability in python certifi package affects IBM Db2 Big SQL
Summary There is a vulnerability in python package certifi-2024.6.2-py3-none-any.whl affecting IBM Db2 Big SQL 7.7.0 on CP4D 5.0 Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root...
CVE-2024-35160
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration...
CVE-2024-35160
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration...
CVE-2024-35160 IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration...
CVE-2024-35160 IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration...
CVE-2024-35160
CVE-2024-35160 affects IBM Watson Query on Cloud Pak for Data (DV/WQ) and IBM Db2 Big SQL on Cloud Pak for Data. The root cause is insufficient session expiration that could allow an authenticated user to obtain sensitive information. Affected versions include: DWQ/DV on CPD 1.8, 2.0, 2.1, 2.2 an...
PT-2024-26344 · Ibm · Ibm Watson Query +1
Name of the Vulnerable Software and Affected Versions: IBM Watson Query on Cloud Pak for Data versions 1.8, 2.0, 2.1, 2.2 IBM Db2 Big SQL on Cloud Pak for Data versions 7.3, 7.4, 7.5, and 7.6 Description: The issue allows an authenticated user to obtain sensitive information due to insufficient...
Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL.
Summary There are multiple vulnerabilities in IBM® Db2® 11.5 used by IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.7 and earlier. These issues were disclosed in an IBM® Db2® Security Bulletin in July 2023. Vulnerability Details CVEID:CVE-2023-30447 DESCRIPTION: IBM Db2 for Linux, UNIX and Windo...
Security Bulletin: IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105)
Summary Apache Log4j is used by IBM Db2 Big SQL as part of its logging infrastructure. IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j CVE-2021-45046, CVE-2021-45105. The fix includes Apache Log4j 2.17.1 Vulnerability Details CVEID: CVE-2021-451...
Security Bulletin: IBM Db2 Big SQL for Hortonworks Data Platform, for Cloudera Data Platform Private Cloud, and IBM Db2 Big SQL on Cloud Pak for Data are affected by critical vulnerability in Log4j (CVE-2021-44228)
Summary There is a vulnerability in the version of the Log4j open source library that is part of IBM Db2 Big SQL for Hortonworks Data Platform, for Cloudera Data Platform Private Cloud, and IBM Db2 Big SQL on Cloud Pak for Data. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4...