19 matches found
EUVD-2023-31602
Malicious code in bioql PyPI...
EUVD-2023-31603
Malicious code in bioql PyPI...
CVE-2025-10771
A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. The attack...
CVE-2025-10771
A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. The attack...
CVE-2025-10771 jeecgboot JimuReport DB2 JDBC testConnection deserialization
A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. The attack...
CVE-2025-10768
A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connectionurl causes deserialization. The attack may be initiated remotely. The exploit has been...
CVE-2025-58045
DataEase (DataEase Open Source) contains a JDBC URL injection vulnerability affecting DB2 and MongoDB data source configuration handlers. In versions up to 2.10.13, when extraParams is empty, the HOSTNAME, PORT, and DATABASE values are concatenated into the JDBC URL without filtering illegal para...
CVE-2025-58045 Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...
CVE-2025-58045 Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...
Security Bulletin: Multiple security vulnerabilities have been identified in DB2 JDBC driver shipped with IBM Tivoli Business Service Manager
Summary DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip in zlib...
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to insecure cryptographic algorithm and information disclosure due to DB2 JDBC Driver (CVE-2023-47152)
Summary DB2 JDBC driver is shipped with IBM Tivoli Netcool Impact as part of the db2 data source adapter. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-47152 DESCRIPTION: IBM Db2 for Linux, UNIX...
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to a denial of service due to DB2 JDBC driver (CVE-2023-45178)
Summary DB2 JDBC driver is shipped with IBM Tivoli Netcool Impact as part of the db2 data source adapter. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-45178 DESCRIPTION: IBM Db2 for Linux, UNIX...
Security Bulletin: Multiple security vulnerabilities have been identified in DB2 JDBC driver shipped with IBM Tivoli Business Service Manager
Summary DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details CVEID:CVE-2015-8383 DESCRIPTION: PCRE is vulnerable...
Security Bulletin: Multiple vulnerabilities in DB2 JDBC driver affect IBM Tivoli Netcool Impact
Summary DB2 JDBC driver is shipped with IBM Tivoli Netcool Impact as part of the db2 data source adapter. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-27869 DESCRIPTION: IBM Db2 JDBC Driver for...
Security Bulletin: Multiple security vulnerabilities have been identified in DB2 JDBC driver shipped with IBM Tivoli Business Service Manager
Summary DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
CVE-2023-27867
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could exploit this...
CVE-2023-27869
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could...
PT-2023-5228 · Ibm · Ibm Db2 Jdbc Driver
Name of the Vulnerable Software and Affected Versions: IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows versions 10.5, 11.1, and 11.5 Description: The issue is related to incorrect code generation management in the IBM DB2 database management system's JDBC client driver. It allows a remote...
CVE-2007-2582
The IBM DB2JDS vulnerability (CVE-2007-2582) in IBM DB2 9.x and earlier allows remote code execution via a crafted packet to the DB2JDS service on TCP port 6789, and also DoS through an invalid LANG parameter or an oversized packet causing a MemTree overflow. IBM TRIRIGA Application Platform is n...