3 matches found
CVE-2024-31870
IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in...
Security Bulletin: IBM i is vulnerable to user profile enumeration due to a supplied table function in Db2 for i. [CVE-2024-31870]
Summary IBM i is vulnerable to a local user enumerating user profile names without authority to the user profile objects as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section...
Security Bulletin: Due to use of Apache Log4j, OmniFind Text Search Server for DB2 for i is vulnerable to arbitrary code execution (CVE-2021-4104)
Summary There is a vulnerability in Apache Log4j CVE-2021-4104 as described in the vulnerability details section. Apache Log4j v1 is used by OmniFind Text Search Server for DB2 for i for generating logs and diagnostic traces in some of its components. IBM has addressed the vulnerability in OmniFi...