Lucene search
K

54 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/01/04 12:27 p.m.17 views

Security Bulletin: A vulnerability affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in the node.js ejs module affects IBM Db2 Big SQL 7.4 and earlier on Cloud Pak for Data 4.6 and earlier Vulnerability Details CVEID:CVE-2023-29827 DESCRIPTION: Node.js ejs module could allow a remote authenticated attacker to execute arbitrary code on the system, caused by...

9.8CVSS7.9AI score0.05552EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/02 4:14 p.m.27 views

Security Bulletin: Vulnerability in follow-redirects-1.15.3.tgz affects IBM Db2 Big SQL

Summary A vulnerability in node.js follow-redirects-1.15.3.tgz package affects I|BM Db2 Big SQL 7.6 and earlier on Cloud Pak for Data 4.8 and earlier. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an...

7.3CVSS7.5AI score0.00797EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/02 4:13 p.m.24 views

Security Bulletin: Vulnerability in Golang affects IBM Db2 Big SQL

Summary A vulnerability in Golang golang.org/x/net-v0.2.0 package affects I|BM Db2 Big SQL 7.6 and earlier on Cloud Pak for Data 4.8 and earlier. Vulnerability Details CVEID:CVE-2022-41723 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By sendi...

7.5CVSS7.5AI score0.04561EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/02 4:12 p.m.28 views

Security Bulletin: A vulnerability in body-parser-1.20.2.tgz affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in open source package expressjs body-parser-1.20.2.tgz affects IBM Db2 Big SQL 7.x on Cloud Pak for Data 5.x Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. ...

7.5CVSS7.5AI score0.00824EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/02 4:9 p.m.24 views

Security Bulletin: A vulnerability in python certifi package affects IBM Db2 Big SQL

Summary There is a vulnerability in python package certifi-2024.6.2-py3-none-any.whl affecting IBM Db2 Big SQL 7.7.0 on CP4D 5.0 Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root...

7.5CVSS7.2AI score0.01049EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/11/23 2:15 p.m.28 views

CVE-2024-35160

IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration...

6.5CVSS0.00352EPSS
Exploits0References2
OSV
OSV
added 2024/11/23 2:15 p.m.5 views

CVE-2024-35160

IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration...

6.5CVSS5.8AI score0.00352EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/23 1:48 p.m.34 views

CVE-2024-35160 IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure

IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration...

4.3CVSS0.00352EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/23 1:48 p.m.14 views

CVE-2024-35160 IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure

IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration...

4.3CVSS6.6AI score0.00352EPSS
Exploits0References2
CVE
CVE
added 2024/11/23 1:48 p.m.63 views

CVE-2024-35160

CVE-2024-35160 affects IBM Watson Query on Cloud Pak for Data (DV/WQ) and IBM Db2 Big SQL on Cloud Pak for Data. The root cause is insufficient session expiration that could allow an authenticated user to obtain sensitive information. Affected versions include: DWQ/DV on CPD 1.8, 2.0, 2.1, 2.2 an...

6.5CVSS4.9AI score0.00352EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2024/11/23 12:0 a.m.5 views

PT-2024-26344 · Ibm · Ibm Watson Query +1

Name of the Vulnerable Software and Affected Versions: IBM Watson Query on Cloud Pak for Data versions 1.8, 2.0, 2.1, 2.2 IBM Db2 Big SQL on Cloud Pak for Data versions 7.3, 7.4, 7.5, and 7.6 Description: The issue allows an authenticated user to obtain sensitive information due to insufficient...

6.5CVSS7AI score0.00352EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/11 8:40 p.m.32 views

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL.

Summary There are multiple vulnerabilities in IBM® Db2® 11.5 used by IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.7 and earlier. These issues were disclosed in an IBM® Db2® Security Bulletin in July 2023. Vulnerability Details CVEID:CVE-2023-30447 DESCRIPTION: IBM Db2 for Linux, UNIX and Windo...

8.8CVSS8.9AI score0.01378EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/22 4:47 p.m.50 views

Security Bulletin: IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105)

Summary Apache Log4j is used by IBM Db2 Big SQL as part of its logging infrastructure. IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j CVE-2021-45046, CVE-2021-45105. The fix includes Apache Log4j 2.17.1 Vulnerability Details CVEID: CVE-2021-451...

10CVSS1.2AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/27 7:42 p.m.179 views

Security Bulletin: IBM Db2 Big SQL for Hortonworks Data Platform, for Cloudera Data Platform Private Cloud, and IBM Db2 Big SQL on Cloud Pak for Data are affected by critical vulnerability in Log4j (CVE-2021-44228)

Summary There is a vulnerability in the version of the Log4j open source library that is part of IBM Db2 Big SQL for Hortonworks Data Platform, for Cloudera Data Platform Private Cloud, and IBM Db2 Big SQL on Cloud Pak for Data. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4...

10CVSS0.9AI score0.99999EPSS
Exploits351Affected Software1
Rows per page
Query Builder