Lucene search
+L

519 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/06/10 9:17 p.m.66 views

Security Bulletin: Vulnerable netty classes from couchdb affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary There are vulnerabilities in netty classes from couchdb clouseau jar file included in IBM Knowledge Catalog. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafte...

9.1CVSS9.1AI score0.13474EPSS
Exploits3Affected Software1
OSV
OSV
added 2024/03/06 10:51 a.m.17 views

BIT-COUCHDB-2020-1955

CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called requirevaliduserexceptforup. It was meant as an extension to the long standing setting requirevaliduser, which in turn requires that any and all requests to CouchDB will...

9.8CVSS9.4AI score0.01846EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:51 a.m.27 views

BIT-COUCHDB-2021-38295 Privilege escalation vulnerability when using HTML attachments

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

7.3CVSS7.2AI score0.02474EPSS
Exploits1References2
OSV
OSV
added 2024/03/06 10:51 a.m.34 views

BIT-COUCHDB-2022-24706 Remote Code Execution Vulnerability in Packaging

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...

10CVSS9.4AI score0.9251EPSS
Exploits9References12
OSV
OSV
added 2024/03/06 10:51 a.m.22 views

BIT-COUCHDB-2023-26268 Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...

5.3CVSS5AI score0.01429EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/12/17 12:0 a.m.21 views

FreeBSD : couchdb -- information sharing via couchjs processes (fd47fcfe-ec69-4000-b9ce-e5e62102c1c7)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fd47fcfe-ec69-4000-b9ce-e5e62102c1c7 advisory. - Design documents with matching document IDs, from databases on the same cluster, may share a mutable...

5.3CVSS6.4AI score0.01429EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/12/14 12:0 a.m.18 views

Apache CouchDB < 3.3.3 Privilege Escalation

According to its banner, the version of CouchDB running on the remote host is prior to 3.3.3. It is, therefore, affected by a privilege escalation vulnerability: - Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who...

5.7CVSS6.2AI score0.01232EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/13 8:2 a.m.32 views

CVE-2023-45725 Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: list show rewrite update An attacker can leak the session component using an HTML-like output,...

5.6AI score0.01232EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.6 views

Apache CouchDB Information Disclosure Vulnerability

Apache CouchDB is a document-oriented database system developed by the Apache Foundation using Erlang. An information disclosure vulnerability exists in Apache CouchDB 3.3.2 and earlier, and IBM Cloudan 8413 and earlier, which stems from a Design document function that receives the object of a...

5.7CVSS8.8AI score0.01232EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/12/13 12:0 a.m.16 views

Apache CouchDB < 3.3.3 Privilege Escalation Vulnerability - Windows

Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...

5.7CVSS5.7AI score0.01232EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/12/13 12:0 a.m.12 views

Apache CouchDB < 3.3.3 Privilege Escalation Vulnerability - Linux

Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...

5.7CVSS5.7AI score0.01232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/05 12:0 a.m.6 views

PT-2023-29658 · Ibm +1 · Ibm Cloudant +1

Name of the Vulnerable Software and Affected Versions: Apache CouchDB versions prior to 3.3.3 IBM Cloudant versions prior to 8413 Description: Design document functions that receive a user HTTP request object may expose authorization or session cookie headers of the user who accesses the document...

5.7CVSS4.6AI score0.01232EPSS
Exploits0References14
VulnCheck KEV
VulnCheck KEV
added 2023/11/17 12:0 a.m.7 views

VulnCheck KEV: CVE-2017-12635

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...

10CVSS7.3AI score0.99838EPSS
Exploits21References1
Tenable Nessus
Tenable Nessus
added 2023/09/29 12:0 a.m.30 views

Apache CouchDB < 3.1.2 Privilege Escalation

According to its banner, the version of CouchDB running on the remote host is prior 3.1,2. It is, therefore, affected by a privilege escalation vulnerability. A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin...

7.3CVSS6.1AI score0.02474EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/24 3:11 p.m.14 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality due to [CVE-2023-26268]

Summary Apache CouchDB is used by IBM App Connect Enterprise Certified Container for storing flows and data used by the DesignerAuthroing operand. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality. This bulletin provides patch...

5.3CVSS4.9AI score0.01429EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/18 8:23 a.m.31 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote information transfer due to CouchDB CVE-2023-26268

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote information transfer due to CouchDB CVE-2023-26268 with details below. Vulnerability Details CVEID:CVE-2023-26268 DESCRIPTION: Apache CouchDB could allow a remote authenticated attacker to obtain sensitive...

5.3CVSS4.9AI score0.01429EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2023/07/21 12:0 a.m.19 views

IBM Planning Analytics Encryption Problem Vulnerability (CNVD-2023-68783)

IBM Planning Analytics is a suite of business planning analytics solutions from International Business Machines IBM. The solution supports automated execution of processes such as business planning, budgeting and analysis. Planning Analytics Cartridge for Cloud Pak for Data version v4.0 suffers...

7.5CVSS6.7AI score0.00491EPSS
Exploits0References1
OSV
OSV
added 2023/07/19 2:15 a.m.3 views

CVE-2023-27877

IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905...

7.5CVSS5.8AI score0.00465EPSS
Exploits0References2
NVD
NVD
added 2023/07/19 2:15 a.m.25 views

CVE-2023-27877

IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905...

7.5CVSS6.2AI score0.00465EPSS
Exploits0References2
Prion
Prion
added 2023/07/19 2:15 a.m.19 views

Code injection

IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905...

5CVSS7.4AI score0.00465EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder