Security Bulletin: Data masking rules are not enforced when CREATE TABLE AS SELECT statement is executed in IBM Big SQL

Summary A software defect in IBM Big SQL prevents data masking rules to be enforced when a user executes CREATE TABLE AS SELECT … WITH DATA statement. The newly created table contains unmasked data. Vulnerability Details CVEID:CVE-2022-22353 DESCRIPTION: IBM Big SQL could allow an authenticated...

The vulnerability of the Class.forName(...) method in the Kylin data processing platform allows attackers to compromise the confidentiality, integrity, and accessibility of information.

The vulnerability of the Class.forName... method in the Kylin data processing platform is related to the use of externally controlled input parameters for class selection. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of...

Siemens COMOS Web Component Cross-Site Scripting Vulnerability

COMOS is a unified data platform for collaborative plant design, operations, and management that supports the collection, processing, storage, and distribution of information throughout the plant lifecycle.A cross-site scripting vulnerability exists in the Siemens COMOS Web component that could b...

Siemens COMOS Web Component Cross-Site Request Forgery Vulnerability

COMOS is a unified data platform for collaborative plant design, operations, and management that supports the collection, processing, preservation, and distribution of information throughout the plant lifecycle.A cross-site request forgery vulnerability exists in the Siemens COMOS Web component,...

Dell EMC Streaming Data Platform SQL Injection Vulnerability

Dell Emc Streaming Data Platform is a Dell platform for ingesting, storing and analyzing continuous streaming data in real time. A security vulnerability exists in Dell Emc Streaming Data Platform, which arises from a database-based application that lacks validation of externally entered SQL...

Dell EMC Streaming Data Platform code issue vulnerability

A code issue vulnerability exists in Dell EMC Streaming Data Platform, a Dell platform for real-time ingestion, storage, and analysis of continuous streaming data, which is caused by a design or implementation error in the code development process of a network system or product. improper design o...

Dell Emc Streaming Data Platform Code Issue Vulnerability (CNVD-2022-21491)

Dell Emc Streaming Data Platform, a Dell platform for real-time ingestion, storage and analysis of continuous streaming data, is vulnerable to a code issue that could be exploited by a remote, unauthenticated attacker to reuse old session artifacts to emulate a legitimate user...

Unspecified Vulnerability in Dell Emc Streaming Data Platform

Dell Emc Streaming Data Platform is a Dell platform for ingesting, storing and analyzing continuous streaming data in real time. A security vulnerability exists in the Dell Emc Streaming Data Platform that originates from the inclusion of an indirect object reference, which can be exploited by an...

CVE-2021-36330

Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user...

CVE-2021-36328

Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database...

CVE-2021-36328

Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database...

CVE-2021-36330

Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user...

CVE-2021-36327

Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choi...

CVE-2021-36326

Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface UI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted forma...

CVE-2021-36326

Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface UI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted forma...

Session fixation

Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user...

Format string

Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface UI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted forma...

Design/Logic Flaw

Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...

CVE-2021-36330

Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user...

CVE-2021-36330

Dell EMC Streaming Data Platform versions before 1.3 are affected by an Insufficient Session Expiration vulnerability. A remote unauthenticated attacker could reuse old session artifacts to impersonate a legitimate user. A Dell-emitted security update (DSA-2021-205) exists to address third-party ...