Security Bulletin: i2 Analyze, i2 Connect and Analyst's Notebook Premium are affected by the Log4j vulnerability (CVE-2021-44228)

Summary Log4j is used by i2 Analyze and i2 Connect for general purpose and application error logging. It is also used in Analyst's Notebook Premium when the chart store is deployed. This bulletin provides mitigation for the reported CVE-2021-44228 by providing configuration that addresses Log4j...

Security Bulletin: i2 Analysts' Notebook memory corruption vulnerability

Summary i2 Analysts' Notebook is potentially vulnerable to a memory corruption vulnerability Vulnerability Details CVEID: CVE-2021-39050 DESCRIPTION: IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local...

Security Bulletin: i2 Analysts' Notebook memory corruption vulnerability

Summary i2 Analysts' Notebook is vulnerable to potential memory corruption vulnerabilities Vulnerability Details CVEID: CVE-2021-39049 DESCRIPTION: IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacke...

IBM i2 Analyst s Notebook Buffer Overflow Vulnerability

IBM i2 Analyst s Notebook is a set of operating systems from IBM running in IBM Power Systems and IBM PureSystems. i2 Analyst s Notebook is vulnerable to a buffer overflow vulnerability, which can be exploited by local attackers to overflow the buffer and gain lower-level privileges...

CVE-2021-43834 Incorrect Authentication in elabftw

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances wher...

CVE-2021-43833

CVE-2021-43833 affects eLabFTW prior to version 4.2.0, where an authenticated user can gain access to arbitrary accounts by supplying a specially crafted email address. The issue applies to instances lacking an explicit email domain allowlist. Administrators’ and target users’ notifications are n...

CVE-2021-39050

IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214440...

CVE-2021-39049

IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439...

Stack overflow

IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214440...

Stack overflow

IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439...

CVE-2021-39050

IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214440...

CVE-2021-39050

The CVE-2021-39050 entry affects IBM i2 Analyst’s Notebook versions 9.2.0, 9.2.1, and 9.2.2, describing a stack-based buffer overflow caused by improper bounds checking that could allow a local attacker to escalate privileges. The IBM security bulletin (9.3.1 update) and related IBM X-Force refer...

CVE-2021-39049

CVE-2021-39049 affects IBM i2 Analyst’s Notebook 9.2.0, 9.2.1, and 9.2.2, with a stack-based buffer overflow caused by improper bounds checking. A local attacker could overflow a buffer and gain lower-privilege access. IBM’s security bulletin notes a memory-corruption vulnerability and directs re...

CVE-2021-39049

IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439...

Vulnerabilities fixed in IBM i2 Analysts Notebook

IBM has fixed vulnerabilities in i2 Analysts' Notebook. A local malicious party could potentially exploit the vulnerabilities to obtain elevated privileges within the application. IBM has released updates to fix the vulnerabilities in i2 Analysts' Notebook 9.3.1. For more information, see:...

IBM Cognos Analytics has an unspecified vulnerability (CNVD-2021-99971)

IBM Cognos Analytics is a suite of business intelligence software from IBM Corporation of the United States. The software includes reports, dashboards and scorecards, and can assist companies in adjusting their decisions by analyzing content such as key factors and key people. IBM Cognos Analytic...

CVE-2021-29867

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212...

GitLab: Arbitrary POST request as victim user from HTML injection in Jupyter notebooks

Summary An attacker can create a Jupyter notebook that will make arbitrary POST requests as the victim user. In the "worst case" an attacker could make an admin create a new admin account for the attacker. Other possible attack vectors are forcing invites to private projects etc. Every POST reque...

CVE-2021-3786

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range...

Code injection

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range...