229 matches found
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to several issues due to the Python package (CVE-2024-6232, CVE-2024-7592, CVE-2024-7592)
Summary Python is used by DataStage on Cloud Pak for Data as part of data processing functionality. Vulnerability Details CVEID:CVE-2024-6232 DESCRIPTION: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to out of bounds memory access due to the libssh2 package (CVE-2020-22218)
Summary libssh2 is used by DataStage on Cloud Pak for Data as part of secure communications. Vulnerability Details CVEID:CVE-2020-22218 DESCRIPTION: An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory. CWE:CWE-787: Out-of-bounds...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to remote code execution due to the setuptools package (CVE-2025-47273)
Summary Setuptools is used by DataStage on Cloud Pak for Data as part of package handling. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to signature forgery due to the node-forge package (CVE-2022-24771, CVE-2022-24772 )
Summary Node-forge is used by DataStage on Cloud Pak for Data as part of connection encryption. Vulnerability Details CVEID:CVE-2022-24771 DESCRIPTION: Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signatu...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to prototype pollution due to the protobufjs package (CVE-2022-25878)
Summary Protobufjs is used by DataStage on Cloud Pak for Data as part of data serialization. Vulnerability Details CVEID:CVE-2022-25878 DESCRIPTION: The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the...
CVE-2025-36034
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...
CVE-2025-36034
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...
CVE-2025-36034
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...
Security Bulletin: IBM InfoSphere DataStage Flow Designer is vulnerable due to cleartext transmission of sensitive information (CVE-2025-36034)
Summary A disclosure of sensitive information vulnerability in InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2025-36034 DESCRIPTION: IBM InfoSphere DataStage Flow Designer discloses sensitive user information in API requests in clear text that could be...
CVE-2025-36034 IBM InfoSphere DataStage Flow Designer information disclosure
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...
CVE-2025-36034 IBM InfoSphere DataStage Flow Designer information disclosure
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...
CVE-2025-36034
CVE-2025-36034 affects IBM InfoSphere DataStage Flow Designer within IBM InfoSphere Information Server 11.7. The issue causes cleartext transmission of sensitive user information in API requests, enabling potential disclosure via man-in-the-middle. The IBM security bulletin cites CWE-319 and list...
IBM InfoSphere DataStage Flow Designer 安全漏洞
IBM InfoSphere DataStage Flow Designer is a Web-based data stage flow designer from International Business Machines IBM. A security vulnerability exists in IBM InfoSphere DataStage Flow Designer that stems from the explicit transmission of sensitive information in API requests, which could lead t...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression denial of service due to the cross-spawn package (CVE-2024-21538)
Summary Cross-spawn is used by DataStage on Cloud Pak for Data as part of child process spawning. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due ...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to file descriptor exhaustion due to the Jetty package (CVE-2024-22201).
Summary Jetty is used by DataStage on Cloud Pak for Data as part of web server processing. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. ...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to directory traversal due to the pip package (CVE-2019-20916)
Summary Pip is used by DataStage on Cloud Pak for Data as part of package management. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to domain certificate spoofing due to the OkHostnameVerifier.java package ( CVE-2021-0341)
Summary OkHostnameVerifier.java is used by DataStage on Cloud Pak for Data as part of hostname verification. Vulnerability Details CVEID:CVE-2021-0341 DESCRIPTION: In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to exposure of sensitive data and authorization bypass due to the Apache ZooKeeper package (CVE-2024-23944, CVE-2023-44981)
Summary Apache ZooKeeper is used by DataStage on Cloud Pak for Data as part of configuration synchronization. Vulnerability Details CVEID:CVE-2024-23944 DESCRIPTION: Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monit...
Security Bulletin: IBM InfoSphere DataStage is vulnerable due to cleartext storage of sensitive information (CVE-2025-1499)
Summary A vulnerability due to cleartext storage of sensitive information in IBM InfoSphere DataStage was addressed. Vulnerability Details CVEID:CVE-2025-1499 DESCRIPTION: IBM InfoSphere DataStage stores credential information for database authentication in a cleartext parameter file that could b...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to security restriction bypass due to the Apache Maven package (CVE-2021-26291)
Summary Apache Maven is used by DataStage on Cloud Pak for Data as part of build management. Vulnerability Details CVEID:CVE-2021-26291 DESCRIPTION: Apache Maven could allow a remote attacker to bypass security restrictions, caused by the use of http non-SSL repository references by default. By...