Lucene search
+L

229 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/07/23 1:31 p.m.10 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to several issues due to the Python package (CVE-2024-6232, CVE-2024-7592, CVE-2024-7592)

Summary Python is used by DataStage on Cloud Pak for Data as part of data processing functionality. Vulnerability Details CVEID:CVE-2024-6232 DESCRIPTION: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile...

7.8CVSS6.8AI score0.02303EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/23 1:28 p.m.5 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to out of bounds memory access due to the libssh2 package (CVE-2020-22218)

Summary libssh2 is used by DataStage on Cloud Pak for Data as part of secure communications. Vulnerability Details CVEID:CVE-2020-22218 DESCRIPTION: An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory. CWE:CWE-787: Out-of-bounds...

7.5CVSS6.6AI score0.00914EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/23 1:25 p.m.3 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to remote code execution due to the setuptools package (CVE-2025-47273)

Summary Setuptools is used by DataStage on Cloud Pak for Data as part of package handling. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in...

8.8CVSS7.3AI score0.01479EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/23 1:23 p.m.7 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to signature forgery due to the node-forge package (CVE-2022-24771, CVE-2022-24772 )

Summary Node-forge is used by DataStage on Cloud Pak for Data as part of connection encryption. Vulnerability Details CVEID:CVE-2022-24771 DESCRIPTION: Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signatu...

7.5CVSS6.2AI score0.01015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/23 1:20 p.m.14 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to prototype pollution due to the protobufjs package (CVE-2022-25878)

Summary Protobufjs is used by DataStage on Cloud Pak for Data as part of data serialization. Vulnerability Details CVEID:CVE-2022-25878 DESCRIPTION: The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the...

8.2CVSS8.3AI score0.02071EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/28 3:17 p.m.10 views

CVE-2025-36034

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...

5.9CVSS6.6AI score0.00145EPSS
Exploits0References1
NVD
NVD
added 2025/06/26 4:15 p.m.9 views

CVE-2025-36034

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...

5.9CVSS0.00145EPSS
Exploits0References1
OSV
OSV
added 2025/06/26 4:15 p.m.6 views

CVE-2025-36034

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...

5.9CVSS5.8AI score0.00145EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 3:42 p.m.7 views

Security Bulletin: IBM InfoSphere DataStage Flow Designer is vulnerable due to cleartext transmission of sensitive information (CVE-2025-36034)

Summary A disclosure of sensitive information vulnerability in InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2025-36034 DESCRIPTION: IBM InfoSphere DataStage Flow Designer discloses sensitive user information in API requests in clear text that could be...

5.9CVSS6.4AI score0.00145EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/26 3:14 p.m.7 views

CVE-2025-36034 IBM InfoSphere DataStage Flow Designer information disclosure

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...

5.3CVSS6.5AI score0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/26 3:14 p.m.12 views

CVE-2025-36034 IBM InfoSphere DataStage Flow Designer information disclosure

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...

5.3CVSS0.00145EPSS
Exploits0References1
CVE
CVE
added 2025/06/26 3:14 p.m.33 views

CVE-2025-36034

CVE-2025-36034 affects IBM InfoSphere DataStage Flow Designer within IBM InfoSphere Information Server 11.7. The issue causes cleartext transmission of sensitive user information in API requests, enabling potential disclosure via man-in-the-middle. The IBM security bulletin cites CWE-319 and list...

5.9CVSS6.5AI score0.00145EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.5 views

IBM InfoSphere DataStage Flow Designer 安全漏洞

IBM InfoSphere DataStage Flow Designer is a Web-based data stage flow designer from International Business Machines IBM. A security vulnerability exists in IBM InfoSphere DataStage Flow Designer that stems from the explicit transmission of sensitive information in API requests, which could lead t...

5.9CVSS6.1AI score0.00145EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/23 4:27 p.m.3 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression denial of service due to the cross-spawn package (CVE-2024-21538)

Summary Cross-spawn is used by DataStage on Cloud Pak for Data as part of child process spawning. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due ...

8.7CVSS6.1AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/23 4:25 p.m.9 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to file descriptor exhaustion due to the Jetty package (CVE-2024-22201).

Summary Jetty is used by DataStage on Cloud Pak for Data as part of web server processing. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. ...

7.5CVSS7.5AI score0.01433EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/23 4:24 p.m.8 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to directory traversal due to the pip package (CVE-2019-20916)

Summary Pip is used by DataStage on Cloud Pak for Data as part of package management. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have...

7.5CVSS7.5AI score0.03028EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/18 1:45 p.m.7 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to domain certificate spoofing due to the OkHostnameVerifier.java package ( CVE-2021-0341)

Summary OkHostnameVerifier.java is used by DataStage on Cloud Pak for Data as part of hostname verification. Vulnerability Details CVEID:CVE-2021-0341 DESCRIPTION: In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly...

7.5CVSS6.4AI score0.00877EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/12 7:30 p.m.4 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to exposure of sensitive data and authorization bypass due to the Apache ZooKeeper package (CVE-2024-23944, CVE-2023-44981)

Summary Apache ZooKeeper is used by DataStage on Cloud Pak for Data as part of configuration synchronization. Vulnerability Details CVEID:CVE-2024-23944 DESCRIPTION: Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monit...

9.1CVSS7.2AI score0.01713EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/01 12:19 a.m.19 views

Security Bulletin: IBM InfoSphere DataStage is vulnerable due to cleartext storage of sensitive information (CVE-2025-1499)

Summary A vulnerability due to cleartext storage of sensitive information in IBM InfoSphere DataStage was addressed. Vulnerability Details CVEID:CVE-2025-1499 DESCRIPTION: IBM InfoSphere DataStage stores credential information for database authentication in a cleartext parameter file that could b...

6.5CVSS6.6AI score0.00189EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/28 3:4 p.m.17 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to security restriction bypass due to the Apache Maven package (CVE-2021-26291)

Summary Apache Maven is used by DataStage on Cloud Pak for Data as part of build management. Vulnerability Details CVEID:CVE-2021-26291 DESCRIPTION: Apache Maven could allow a remote attacker to bypass security restrictions, caused by the use of http non-SSL repository references by default. By...

9.1CVSS6.4AI score0.08691EPSS
Exploits2Affected Software1
Rows per page
Query Builder