20 matches found
Security Bulletin: Due to the use of derby IBM webMethods BPM is vulnerable to unauthorized LDAP authentication
Summary IBM webMethods BPM is using derby which is affected by a known vulnerability CVE-2022-46337. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: A cleverly devised username might bypass LDAP authentication check...
CVE-2022-46337
A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...
Security Bulletin: Apache Derby vulnerability addressed in IBM SPSS Collaboration and Deployment Services [CVE-2022-46337]
Summary Apache Derby vulnerability addressed in IBM SPSS Collaboration and Deployment Services CVE-2022-46337 Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in...
Security Bulletin: Apache Derby vulnerability addressed in IBM JRS (Jazz Reporting Service) [CVE-2022-46337]
Summary Apache Derby might allow a remote attacker to bypass security restrictions caused by an LDAP injection vulnerability in the authenticator. This vulnerability affects IBM Jazz Reporting Service. This bulletin identifies the steps to take to mitigate the vulnerability. Vulnerability Details...
Security Bulletin: IBM Engineering Lifecycle Optimization - Apache Derby: LDAP Injection Vulnerability In Authenticator
Summary A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware...
Security Bulletin: Security vulnerability due to Apache Derby package shipped with IBM CICS TX Standard
Summary Security vulnerability due to Apache Derby package shipped with IBM CICS TX Standard. The Apache Derby package version has been updated. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP...
Security Bulletin: Vulnerability in Apache Derby affects watsonx.data
Summary Apache Derby could allow a remote attacker to bypass security restrictions to view and corrupt sensitive data and run sensitive database functions and procedures. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attack...
Oracle Application Testing Suite (April 2024 CPU)
The versions of Oracle Application Testing Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps...
Security Bulletin: IBM Jazz for Service Management is vulnerable to Apache Derby security bypass [CVE-2022-46337]
Summary Apache Derby database is used by IBM Jazz for Service Management to store dashboards data. CVE-2022-46337 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass...
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to remote attack due to Apache Derby (CVE-2022-46337)
Summary Apache Derby is shipped with IBM Tivoli Netcool Impact as part of its datastructure. Information about a security vulnerability affecting Apache Derby has been published in a security bulletin. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...
Security Bulletin: IBM Transformation Extender Advanced vulnerable to LDAP security bypass due to Apache Derby [CVE-2022-46337]
Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, includes and supports Apache Derby as a pre-production database for developers. LDAP for Apache Derby is not supported in production deployment of IBM Transformation Extender Advanced. This bulletin...
Security Bulletin: Apache Derby vulnerability addressed in IBM Business Automation Workflow on containers [CVE-2022-46337]
Summary IBM Business Automation Workflow on containers addessed CVE-2022-46337. A copy of derby is included on container images, but never used in a supported scenario. Even in unsupported scenarios, there is no way of letting derby interact with LDAP. Vulnerability Details CVEID:CVE-2022-46337...
Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management
Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details CVEID:CVE-2022-44729 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open...
Security Bulletin: Vulnerability in Apache Derby affects IBM Cloud Pak System [CVE-2022-46337]
Summary Vulnerability in Apache Derby affects IBM Cloud Pak System CVE-2022-46337 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by ...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Derby
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache Derby. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass...
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.0 Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in authenticator. By sending a...
Security Bulletin: IBM App Connect Enterprise Toolkit & IBM Integration Bus Toolkit are vulnerable to a remote attacker due to Apache Derby. (CVE-2022-46337)
Summary IBM App Connect Enterprise Toolkit & IBM Integration Bus Toolkit are vulnerable to a remote attacker due to Apache Derby, which affects the Derby Sample Database in the toolkit. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...
CVE-2022-46337 vulnerabilities
Vulnerabilities for packages: logstash-integration-jdbc, hadoop-fips, druid, spark, spark-fips...
CVE-2022-46337 vulnerabilities
Vulnerabilities for packages: logstash-integration-jdbc, spark, druid...
CVE-2022-46337
CVE-2022-46337 affects Apache Derby; a clever username can bypass LDAP authentication, enabling actions such as disk filling with junk Derby databases, malware execution visible to the Derby server user, and data access/corruption in LDAP-protected databases lacking SQL GRANT/REVOKE controls. IBM...