1255 matches found
CVE-2021-29770
CVE-2021-29770 affects IBM i2 Analyze and Analyst’s Notebook Premium. The issue arises from hazardous input validation in certain data fields that can allow an authenticated user to perform unauthorized actions. Affected products/versions include IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2. The IBM ad...
CVE-2021-29769
The CVE-2021-29769 issue affects IBM i2 Analyze Premium (IBM i2 Analyze 4.3.0, 4.3.1, 4.3.2). Root cause: authorization tokens and session cookies lack the Secure attribute, enabling cookie values to be leaked if a user visits an HTTP link or a compromised site. Impact: information disclosure via...
CVE-2021-29767
IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681...
CVE-2021-29767
CVE-2021-29767 affects IBM i2 Analyst’s Notebook Premium versions 9.2.0, 9.2.1 and 9.2.2. The vulnerability is an information-disclosure flaw where a remote attacker could obtain sensitive data when a detailed technical error message is returned in the browser, enabling potential follow-on attack...
CVE-2021-29766
CVE-2021-29766 affects IBM i2 Analyze (Analyst’s Notebook Premium) versions 4.3.0, 4.3.1, and 4.3.2. The vulnerability is an information-disclosure flaw where detailed browser error messages may reveal sensitive data to remote attackers, potentially aiding further attacks. Documented CVSS: 3.x ve...
CVE-2021-29766
IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680...
CVE-2021-20431
The CVE-2021-20431 vulnerability affects IBM i2 Analyst’s Notebook Premium 9.2.0, 9.2.1, and 9.2.2, where sessions are not invalidated after logout, potentially allowing an attacker to obtain sensitive information from the system. The issue is documented with a base CVSSv3.1 score of 6.5 (Network...
CVE-2021-20431
IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. IBM X-Force ID: 196342...
CVE-2021-20430
CVE-2021-20430 affects IBM i2 Analyst’s Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, 4.3.2). A remote attacker could obtain sensitive information when a detailed technical error message is returned in the browser, enabling information disclosure. Affected products and versions are IBM i2 Analyz...
CVE-2021-20430
IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341...
Vulnerabilities fixed in IBM i2 Analyst's Notebook
Vulnerabilities have been fixed in the IBM i2 Analyst's Notebook. A malicious party could exploit the vulnerabilities to obtain system data and sensitive information. IBM has released updates to fix the vulnerabilities. For more information, see: https://www.ibm.com/support/pages/node/6474861...
IBM i2 Analyze安全漏洞
IBM i2 Analyst's Notebook Premium is an intuitive analysis environment that combines data storage, analysis tools, visualization and dissemination capabilities. i2 Analyst's Notebook Premium contains a security vulnerability that could be exploited by remote attackers to obtain sensitive...
Security Bulletin: IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability (CVE-2021-29767)
Summary Excess information was disclosed in http requests from i2 Analist's Notebook Premium to the i2 Analyze server. Vulnerability Details CVEID: CVE-2021-29767 DESCRIPTION: IBM i2 Analyst's Notebook Premium could allow a remote attacker to obtain sensitive information when a detailed technical...
Security Bulletin: i2 Analyse and Analyst's Notebook Premium have hyperlink clicking vulnerability (CVE-2021-29770)
Summary IBM i2 Analyse and Analyst's Notebook Premium are vulnerable to malicious hyperlinks in certain data fields Vulnerability Details CVEID: CVE-2021-29770 DESCRIPTION: IBM i2 Analyst's Notebook Premium could allow an authenticated user to perform unauthorized actions due to hazardous input...
Security Bulletin: IBM Analyst's Notebook Premium uses a component with known vulnerabilities (CVE-2020-16013, CVE-2020-16009, CVE-2020-15999)
Summary IBM i2 Analyst's Notebook Premium uses a browser component version with known vulnerabilities. Vulnerability Details CVEID: CVE-2020-16013 DESCRIPTION: Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in V8. By persuading ...
Security Bulletin: IBM i2 Analyze and i2 Analyst's Notebook Premium has session handling vulnerability (CVE-2021-20431)
Summary i2 Analyze is subject to an auth token expiration vulnerability. Vulnerability Details CVEID: CVE-2021-20431 DESCRIPTION: IBM i2 Analyst's Notebook Premium does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. CVSS Base...
IBM i2 Analysts Notebook Premium 安全漏洞
IBM i2 Analyst's Notebook Premium is a premium version of IBM i2 Analyst's Notebook from IBM USA. IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability that could be exploited by an attacker to obtain sensitive information...
IBM i2 Analysts Notebook Premium 代码问题漏洞
IBM i2 Analyst's Notebook Premium is a premium version of IBM i2 Analyst's Notebook from IBM USA. IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability that could be exploited by an attacker to obtain sensitive information from the system...
IBM i2 Analysts Notebook Premium 安全漏洞
IBM i2 Analyst's Notebook Premium is a premium version of IBM i2 Analyst's Notebook from IBM of America. IBM i2 Analyst's Notebook Premium is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to obtain cookie values by listening to traffic...
CVE-2021-3614
A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage...