519 matches found
Security Bulletin: Vulnerable netty classes from couchdb affecting IBM Knowledge Catalog for IBM Cloud Pak for Data
Summary There are vulnerabilities in netty classes from couchdb clouseau jar file included in IBM Knowledge Catalog. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafte...
BIT-COUCHDB-2020-1955
CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called requirevaliduserexceptforup. It was meant as an extension to the long standing setting requirevaliduser, which in turn requires that any and all requests to CouchDB will...
BIT-COUCHDB-2021-38295 Privilege escalation vulnerability when using HTML attachments
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...
BIT-COUCHDB-2022-24706 Remote Code Execution Vulnerability in Packaging
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...
BIT-COUCHDB-2023-26268 Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...
FreeBSD : couchdb -- information sharing via couchjs processes (fd47fcfe-ec69-4000-b9ce-e5e62102c1c7)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fd47fcfe-ec69-4000-b9ce-e5e62102c1c7 advisory. - Design documents with matching document IDs, from databases on the same cluster, may share a mutable...
Apache CouchDB < 3.3.3 Privilege Escalation
According to its banner, the version of CouchDB running on the remote host is prior to 3.3.3. It is, therefore, affected by a privilege escalation vulnerability: - Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who...
CVE-2023-45725 Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: list show rewrite update An attacker can leak the session component using an HTML-like output,...
Apache CouchDB Information Disclosure Vulnerability
Apache CouchDB is a document-oriented database system developed by the Apache Foundation using Erlang. An information disclosure vulnerability exists in Apache CouchDB 3.3.2 and earlier, and IBM Cloudan 8413 and earlier, which stems from a Design document function that receives the object of a...
Apache CouchDB < 3.3.3 Privilege Escalation Vulnerability - Windows
Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...
Apache CouchDB < 3.3.3 Privilege Escalation Vulnerability - Linux
Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...
PT-2023-29658 · Ibm +1 · Ibm Cloudant +1
Name of the Vulnerable Software and Affected Versions: Apache CouchDB versions prior to 3.3.3 IBM Cloudant versions prior to 8413 Description: Design document functions that receive a user HTTP request object may expose authorization or session cookie headers of the user who accesses the document...
VulnCheck KEV: CVE-2017-12635
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...
Apache CouchDB < 3.1.2 Privilege Escalation
According to its banner, the version of CouchDB running on the remote host is prior 3.1,2. It is, therefore, affected by a privilege escalation vulnerability. A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality due to [CVE-2023-26268]
Summary Apache CouchDB is used by IBM App Connect Enterprise Certified Container for storing flows and data used by the DesignerAuthroing operand. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality. This bulletin provides patch...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote information transfer due to CouchDB CVE-2023-26268
Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote information transfer due to CouchDB CVE-2023-26268 with details below. Vulnerability Details CVEID:CVE-2023-26268 DESCRIPTION: Apache CouchDB could allow a remote authenticated attacker to obtain sensitive...
IBM Planning Analytics Encryption Problem Vulnerability (CNVD-2023-68783)
IBM Planning Analytics is a suite of business planning analytics solutions from International Business Machines IBM. The solution supports automated execution of processes such as business planning, budgeting and analysis. Planning Analytics Cartridge for Cloud Pak for Data version v4.0 suffers...
CVE-2023-27877
IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905...
CVE-2023-27877
IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905...
Code injection
IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905...