28 matches found
Security Bulletin: i2 Analyze has an information disclosure vulnerability (CVE-2019-17638)
Summary i2 Analyze uses a version of Jetty wth known vulnerabilities. Vulnerability Details CVEID: CVE-2019-17638 DESCRIPTION: Eclipse Jetty, as bundled in Jenkins, could allow a remote attacker to obtain sensitive information, caused by an issue with corrupt HTTP response buffer being sent to...
CVE-2021-29766
IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680...
CVE-2021-20430
IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341...
CVE-2021-29769
IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie...
CVE-2021-29766
IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680...
CVE-2021-29769
IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie...
Information disclosure
IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681...
Authorization
IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie...
CVE-2021-29770
CVE-2021-29770 affects IBM i2 Analyze and Analyst’s Notebook Premium. The issue arises from hazardous input validation in certain data fields that can allow an authenticated user to perform unauthorized actions. Affected products/versions include IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2. The IBM ad...
CVE-2021-29769
The CVE-2021-29769 issue affects IBM i2 Analyze Premium (IBM i2 Analyze 4.3.0, 4.3.1, 4.3.2). Root cause: authorization tokens and session cookies lack the Secure attribute, enabling cookie values to be leaked if a user visits an HTTP link or a compromised site. Impact: information disclosure via...
CVE-2021-29766
CVE-2021-29766 affects IBM i2 Analyze (Analyst’s Notebook Premium) versions 4.3.0, 4.3.1, and 4.3.2. The vulnerability is an information-disclosure flaw where detailed browser error messages may reveal sensitive data to remote attackers, potentially aiding further attacks. Documented CVSS: 3.x ve...
IBM i2 Analyze安全漏洞
IBM i2 Analyst's Notebook Premium is an intuitive analysis environment that combines data storage, analysis tools, visualization and dissemination capabilities. i2 Analyst's Notebook Premium contains a security vulnerability that could be exploited by remote attackers to obtain sensitive...
Security Bulletin: IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability (CVE-2021-29767)
Summary Excess information was disclosed in http requests from i2 Analist's Notebook Premium to the i2 Analyze server. Vulnerability Details CVEID: CVE-2021-29767 DESCRIPTION: IBM i2 Analyst's Notebook Premium could allow a remote attacker to obtain sensitive information when a detailed technical...
Security Bulletin: IBM i2 Analyze and i2 Analyst's Notebook Premium has session handling vulnerability (CVE-2021-20431)
Summary i2 Analyze is subject to an auth token expiration vulnerability. Vulnerability Details CVEID: CVE-2021-20431 DESCRIPTION: IBM i2 Analyst's Notebook Premium does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. CVSS Base...
IBM i2 Analysts Notebook Premium 代码问题漏洞
IBM i2 Analyst's Notebook Premium is a premium version of IBM i2 Analyst's Notebook from IBM USA. IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability that could be exploited by an attacker to obtain sensitive information from the system...
IBM i2 Analysts Notebook Premium 安全漏洞
IBM i2 Analyst's Notebook Premium is a premium version of IBM i2 Analyst's Notebook from IBM of America. IBM i2 Analyst's Notebook Premium is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to obtain cookie values by listening to traffic...
IBM i2 Analysts Notebook Premium 安全漏洞
IBM i2 Analyst's Notebook Premium is a premium version of IBM i2 Analyst's Notebook from IBM USA. IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability that could be exploited by an attacker to obtain sensitive information...
Security Bulletin: IBM i2 Analysts' Notebook and IBM i2 Analysts' Notebook Premium Memory vulnerabilities
Summary Multiple memory corruption vulnerabilities have been found in the IBM i2 Analysts' Notebook, and IBM i2 Analysts' Notebook Premium. Please see linked CVE's for details. Vulnerability Details CVEID: CVE-2020-4549 DESCRIPTION: IBM i2 Analyst's Notebook could allow a local attacker to execut...
Security Bulletin: Multiple memory corruption vulnerabilities in IBM i2 Analyst's Notebook and IBM i2 Analyst's Notebook Premium
Summary There are a number of memory corruption vulnerabilities around the loading of .anb files that have been addressed with a fix pack. Vulnerability Details CVEID: CVE-2020-4261 DESCRIPTION: IBM i2 Intelligent Analyis Platform could allow a local attacker to execute arbitrary code on the...
IBM i2 Analysts Notebook and IBM i2 Analysts Notebook Premium Buffer Overflow Vulnerability (CNVD-2020-29555)
IBM i2 Analysts Notebook and IBM i2 Analysts Notebook Premium are both products of IBM Corporation, USA.IBM i2 Analysts Notebook is a data visualization and analysis tool. The product supports features such as data storage and data analysis.IBM i2 Analysts Notebook Premium is an advanced version ...