Lucene search
K

20 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 7:8 a.m.3 views

Security Bulletin: Due to the use of derby IBM webMethods BPM is vulnerable to unauthorized LDAP authentication

Summary IBM webMethods BPM is using derby which is affected by a known vulnerability CVE-2022-46337. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: A cleverly devised username might bypass LDAP authentication check...

9.8CVSS7.2AI score0.01418EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 12:49 a.m.3 views

CVE-2022-46337

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...

9.8CVSS7.7AI score0.01418EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/03 1:24 p.m.8 views

Security Bulletin: Apache Derby vulnerability addressed in IBM SPSS Collaboration and Deployment Services [CVE-2022-46337]

Summary Apache Derby vulnerability addressed in IBM SPSS Collaboration and Deployment Services CVE-2022-46337 Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in...

9.8CVSS6.4AI score0.01418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 5:6 a.m.14 views

Security Bulletin: Apache Derby vulnerability addressed in IBM JRS (Jazz Reporting Service) [CVE-2022-46337]

Summary Apache Derby might allow a remote attacker to bypass security restrictions caused by an LDAP injection vulnerability in the authenticator. This vulnerability affects IBM Jazz Reporting Service. This bulletin identifies the steps to take to mitigate the vulnerability. Vulnerability Details...

9.8CVSS9.4AI score0.01418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/05 4:43 a.m.12 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Apache Derby: LDAP Injection Vulnerability In Authenticator

Summary A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware...

9.8CVSS7.9AI score0.01418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/11 9:36 a.m.16 views

Security Bulletin: Security vulnerability due to Apache Derby package shipped with IBM CICS TX Standard

Summary Security vulnerability due to Apache Derby package shipped with IBM CICS TX Standard. The Apache Derby package version has been updated. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP...

9.8CVSS7.1AI score0.01418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/04 10:12 p.m.23 views

Security Bulletin: Vulnerability in Apache Derby affects watsonx.data

Summary Apache Derby could allow a remote attacker to bypass security restrictions to view and corrupt sensitive data and run sensitive database functions and procedures. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attack...

9.8CVSS9.3AI score0.01418EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/04/19 12:0 a.m.50 views

Oracle Application Testing Suite (April 2024 CPU)

The versions of Oracle Application Testing Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps...

9.8CVSS6.7AI score0.02836EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/02 7:39 a.m.31 views

Security Bulletin: IBM Jazz for Service Management is vulnerable to Apache Derby security bypass [CVE-2022-46337]

Summary Apache Derby database is used by IBM Jazz for Service Management to store dashboards data. CVE-2022-46337 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass...

9.8CVSS9.2AI score0.01418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/01 6:7 p.m.30 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to remote attack due to Apache Derby (CVE-2022-46337)

Summary Apache Derby is shipped with IBM Tivoli Netcool Impact as part of its datastructure. Information about a security vulnerability affecting Apache Derby has been published in a security bulletin. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...

9.8CVSS9.2AI score0.01418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/04 10:53 a.m.32 views

Security Bulletin: IBM Transformation Extender Advanced vulnerable to LDAP security bypass due to Apache Derby [CVE-2022-46337]

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, includes and supports Apache Derby as a pre-production database for developers. LDAP for Apache Derby is not supported in production deployment of IBM Transformation Extender Advanced. This bulletin...

9.8CVSS9.3AI score0.01418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/01 7:11 p.m.38 views

Security Bulletin: Apache Derby vulnerability addressed in IBM Business Automation Workflow on containers [CVE-2022-46337]

Summary IBM Business Automation Workflow on containers addessed CVE-2022-46337. A copy of derby is included on container images, but never used in a supported scenario. Even in unsupported scenarios, there is no way of letting derby interact with LDAP. Vulnerability Details CVEID:CVE-2022-46337...

9.8CVSS9.3AI score0.01418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/14 8:43 a.m.55 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details CVEID:CVE-2022-44729 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open...

9.8CVSS10AI score0.09254EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/06 7:25 p.m.22 views

Security Bulletin: Vulnerability in Apache Derby affects IBM Cloud Pak System [CVE-2022-46337]

Summary Vulnerability in Apache Derby affects IBM Cloud Pak System CVE-2022-46337 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by ...

9.8CVSS9.2AI score0.01418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/01 10:59 p.m.33 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Derby

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache Derby. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass...

9.8CVSS9.2AI score0.01418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 7:28 p.m.32 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.0 Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in authenticator. By sending a...

9.8CVSS9.1AI score0.0714EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/17 11:43 a.m.28 views

Security Bulletin: IBM App Connect Enterprise Toolkit & IBM Integration Bus Toolkit are vulnerable to a remote attacker due to Apache Derby. (CVE-2022-46337)

Summary IBM App Connect Enterprise Toolkit & IBM Integration Bus Toolkit are vulnerable to a remote attacker due to Apache Derby, which affects the Derby Sample Database in the toolkit. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...

9.8CVSS9.2AI score0.01418EPSS
Exploits0Affected Software2
Chainguard
Chainguard
added 2023/11/20 9:15 a.m.116 views

CVE-2022-46337 vulnerabilities

Vulnerabilities for packages: logstash-integration-jdbc, hadoop-fips, druid, spark, spark-fips...

9.8CVSS6.7AI score0.01418EPSS
Exploits0
Wolfi
Wolfi
added 2023/11/20 9:15 a.m.51 views

CVE-2022-46337 vulnerabilities

Vulnerabilities for packages: logstash-integration-jdbc, spark, druid...

9.8CVSS6.7AI score0.01418EPSS
Exploits0
CVE
CVE
added 2023/11/20 8:49 a.m.398 views

CVE-2022-46337

CVE-2022-46337 affects Apache Derby; a clever username can bypass LDAP authentication, enabling actions such as disk filling with junk Derby databases, malware execution visible to the Derby server user, and data access/corruption in LDAP-protected databases lacking SQL GRANT/REVOKE controls. IBM...

9.8CVSS9.8AI score0.01418EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder