Security Bulletin: IBM® Db2® is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT (CVE-2023-38729)

Summary IBM® Db2® is vulnerable to sensitive information disclosure when using ADMINCMD with IMPORT or EXPORT. Note: In addition to applying Special Build, registry variable DB2LOADRESTRICTEDIOPATH needs to be set to USEEXTBLLOCATION 11.1 or later, or one or more semi-colon separated paths. When...

Security Bulletin: IBM® Db2® is vulnerable to information disclosure due to improper privilege management when certain federation features are used. (CVE-2023-29256)

Summary IBM® Db2® is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. Vulnerability Details CVEID:CVE-2023-29256 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to an information...

Security Bulletin: IBM® Db2® JDBC driver is vulnerable to remote code execution. (CVE-2023-27869, CVE-2023-27867, CVE-2023-27868)

Summary IBM® Db2® JDBC driver is vulnerable to multiple remote code execution issues. These vulnerabilties are addressed. Vulnerability Details CVEID:CVE-2023-27869 DESCRIPTION: IBM Db2 JDBC Driver could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an...

fp7-sacs.com Cross Site Scripting vulnerability OBB-3138777

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

heroic-fp7.eu Cross Site Scripting vulnerability OBB-1298197

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2020 - Includes Oracle Jan 2020 CPU minus CVE-2020-2585, CVE-2020-2654, and CVE-2020-2590

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 8 that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues were disclosed as part of the IBM Java SDK updates in Jan 2020...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by IBM Rational Application Developer for WebSphere Software. IBM Rational Application Developer for WebSphere Software has addressed the applicable CVEs. Vulnerability Details CVEID:...

Sandbox Restrictions Bypass

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java...

heroic-fp7.eu XSS vulnerability

Open Bug Bounty ID: OBB-684107 Description| Value ---|--- Affected Website:| heroic-fp7.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

Security Bulletin: Vulnerability in OpenSSL affects IBM® DB2® LUW (CVE-2015-0204)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM DB2 LUW. IBM DB2 LUW has addressed the applicable CVEs. Vulnerability Details CVEID:...

affects-fp7.eu XSS vulnerability

Vulnerable URL: http://www.affects-fp7.eu/helcats-database/mediadata.php?id=13'"116 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 15789695 VIP website status:| No Coordinated Disclosure Timeline: Description|...

fp7-greenet.eu XSS vulnerability

Open Bug Bounty ID: OBB-231541 Description| Value ---|--- Affected Website:| fp7-greenet.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Cross site scripting

Cross-site scripting XSS vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1...

RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:1036)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1036 advisory. IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several...

Open redirect

IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query...

CVE-2009-1239

IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query...

CVE-2009-1239

CVE-2009-1239 concerns IBM DB2 9.1 prior to Fix Pack 7. The issue arises from the order in which an INNER JOIN predicate and an OUTER JOIN predicate are applied, which could cause a crafted query to disclose sensitive information. Affected product/version: IBM DB2 9.1 before FP7. The primary root...

CVE-2009-1239

IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query...