Lucene search
K

28 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/07/29 7:55 a.m.60 views

Security Bulletin: i2 Analyze has an information disclosure vulnerability (CVE-2019-17638)

Summary i2 Analyze uses a version of Jetty wth known vulnerabilities. Vulnerability Details CVEID: CVE-2019-17638 DESCRIPTION: Eclipse Jetty, as bundled in Jenkins, could allow a remote attacker to obtain sensitive information, caused by an issue with corrupt HTTP response buffer being sent to...

9.4CVSS1.1AI score0.11138EPSS
Exploits0Affected Software1
NVD
NVD
added 2021/07/26 12:15 p.m.17 views

CVE-2021-29766

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680...

5.3CVSS0.01275EPSS
Exploits0References2
OSV
OSV
added 2021/07/26 12:15 p.m.4 views

CVE-2021-20430

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341...

5.3CVSS5.6AI score0.01275EPSS
Exploits0References2
NVD
NVD
added 2021/07/26 12:15 p.m.15 views

CVE-2021-29769

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie...

4.3CVSS0.00511EPSS
Exploits0References2
OSV
OSV
added 2021/07/26 12:15 p.m.3 views

CVE-2021-29766

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680...

5.3CVSS5.6AI score0.01275EPSS
Exploits0References2
OSV
OSV
added 2021/07/26 12:15 p.m.4 views

CVE-2021-29769

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie...

4.3CVSS5.4AI score0.00511EPSS
Exploits0References2
Prion
Prion
added 2021/07/26 12:15 p.m.12 views

Information disclosure

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681...

5CVSS4.8AI score0.01275EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/07/26 12:15 p.m.10 views

Authorization

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie...

4.3CVSS4.1AI score0.00511EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/07/26 12:10 p.m.47 views

CVE-2021-29770

CVE-2021-29770 affects IBM i2 Analyze and Analyst’s Notebook Premium. The issue arises from hazardous input validation in certain data fields that can allow an authenticated user to perform unauthorized actions. Affected products/versions include IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2. The IBM ad...

6.5CVSS6.2AI score0.00619EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/07/26 12:10 p.m.45 views

CVE-2021-29769

The CVE-2021-29769 issue affects IBM i2 Analyze Premium (IBM i2 Analyze 4.3.0, 4.3.1, 4.3.2). Root cause: authorization tokens and session cookies lack the Secure attribute, enabling cookie values to be leaked if a user visits an HTTP link or a compromised site. Impact: information disclosure via...

4.3CVSS4.1AI score0.00511EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/07/26 12:10 p.m.46 views

CVE-2021-29766

CVE-2021-29766 affects IBM i2 Analyze (Analyst’s Notebook Premium) versions 4.3.0, 4.3.1, and 4.3.2. The vulnerability is an information-disclosure flaw where detailed browser error messages may reveal sensitive data to remote attackers, potentially aiding further attacks. Documented CVSS: 3.x ve...

5.3CVSS4.8AI score0.01275EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/07/26 12:0 a.m.5 views

IBM i2 Analyze安全漏洞

IBM i2 Analyst's Notebook Premium is an intuitive analysis environment that combines data storage, analysis tools, visualization and dissemination capabilities. i2 Analyst's Notebook Premium contains a security vulnerability that could be exploited by remote attackers to obtain sensitive...

5.3CVSS5.6AI score0.01275EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/23 3:37 p.m.21 views

Security Bulletin: IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability (CVE-2021-29767)

Summary Excess information was disclosed in http requests from i2 Analist's Notebook Premium to the i2 Analyze server. Vulnerability Details CVEID: CVE-2021-29767 DESCRIPTION: IBM i2 Analyst's Notebook Premium could allow a remote attacker to obtain sensitive information when a detailed technical...

5.3CVSS0.4AI score0.01275EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/23 2:37 p.m.21 views

Security Bulletin: IBM i2 Analyze and i2 Analyst's Notebook Premium has session handling vulnerability (CVE-2021-20431)

Summary i2 Analyze is subject to an auth token expiration vulnerability. Vulnerability Details CVEID: CVE-2021-20431 DESCRIPTION: IBM i2 Analyst's Notebook Premium does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. CVSS Base...

6.5CVSS1AI score0.00935EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2021/07/23 12:0 a.m.4 views

IBM i2 Analysts Notebook Premium 代码问题漏洞

IBM i2 Analyst's Notebook Premium is a premium version of IBM i2 Analyst's Notebook from IBM USA. IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability that could be exploited by an attacker to obtain sensitive information from the system...

6.5CVSS5.6AI score0.00935EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/07/23 12:0 a.m.5 views

IBM i2 Analysts Notebook Premium 安全漏洞

IBM i2 Analyst's Notebook Premium is a premium version of IBM i2 Analyst's Notebook from IBM of America. IBM i2 Analyst's Notebook Premium is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to obtain cookie values by listening to traffic...

4.3CVSS5.6AI score0.00511EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/07/23 12:0 a.m.4 views

IBM i2 Analysts Notebook Premium 安全漏洞

IBM i2 Analyst's Notebook Premium is a premium version of IBM i2 Analyst's Notebook from IBM USA. IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability that could be exploited by an attacker to obtain sensitive information...

5.3CVSS5.6AI score0.01275EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/11 7:34 a.m.22 views

Security Bulletin: IBM i2 Analysts' Notebook and IBM i2 Analysts' Notebook Premium Memory vulnerabilities

Summary Multiple memory corruption vulnerabilities have been found in the IBM i2 Analysts' Notebook, and IBM i2 Analysts' Notebook Premium. Please see linked CVE's for details. Vulnerability Details CVEID: CVE-2020-4549 DESCRIPTION: IBM i2 Analyst's Notebook could allow a local attacker to execut...

7.8CVSS2.5AI score0.00419EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/19 8:10 p.m.20 views

Security Bulletin: Multiple memory corruption vulnerabilities in IBM i2 Analyst's Notebook and IBM i2 Analyst's Notebook Premium

Summary There are a number of memory corruption vulnerabilities around the loading of .anb files that have been addressed with a fix pack. Vulnerability Details CVEID: CVE-2020-4261 DESCRIPTION: IBM i2 Intelligent Analyis Platform could allow a local attacker to execute arbitrary code on the...

9.3CVSS2.1AI score0.02826EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2020/05/15 12:0 a.m.4 views

IBM i2 Analysts Notebook and IBM i2 Analysts Notebook Premium Buffer Overflow Vulnerability (CNVD-2020-29555)

IBM i2 Analysts Notebook and IBM i2 Analysts Notebook Premium are both products of IBM Corporation, USA.IBM i2 Analysts Notebook is a data visualization and analysis tool. The product supports features such as data storage and data analysis.IBM i2 Analysts Notebook Premium is an advanced version ...

7.8CVSS7.8AI score0.00419EPSS
Exploits0References1
Rows per page
Query Builder