EUVD-2021-16258

Malware in sbrugna...

Security Bulletin: i2 Analyze, i2 Connect and Analyst's Notebook Premium are affected by the Log4j vulnerability (CVE-2021-44228)

Summary Log4j is used by i2 Analyze and i2 Connect for general purpose and application error logging. It is also used in Analyst's Notebook Premium when the chart store is deployed. This bulletin provides mitigation for the reported CVE-2021-44228 by providing configuration that addresses Log4j...

Security Bulletin: DB2 bundled with IBM i2 Analyze is affected by multiple vulnerabilities (CVE-2021-38931, CVE-2021-29678, CVE-2021-20373, CVE-2021-39002, CVE-2021-38926)

Summary IBM i2 Analyze bundles DB2. IBM DB2 has issued fixes for multiple security vulnerabilities. Vulnerability Details CVEID: CVE-2021-38931 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.1, and 11.5 is vulnerable to an information disclosure as a result of a...

Security Bulletin: Multiple vulnerabilities in IBM HTP server optionally used by i2 Analyze

Summary There are multiple vulnerabilities in the IBM HTTP Server bundled and optionally deployed with IBM i2 Analyze. The referenced bulletin points to fixes for the issues. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versio...

Security Bulletin: Multiple vulnerabilities in IBM DB2

Summary Multiple vulnerabilities have been found in IBM DB2. DB2 users should refer to the security bulletins listed below for remediation actions. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

Security Bulletin: IBM i2 Analyze is affected by multiple DB2 vulnerabilities

Summary DB2 has multiple security vulnerabilities. DB2 users should refer to the linked DB2 security bulletins to determine is remediation is required. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

Security Bulletin: Vulnerability in IBM WebSphere HTTP Server affects IBM i2 Analyze

Summary Versions of the IBM Websphere HTTP Server bundled with IBM i2 Analyze have vulnerabilities. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM i2 Analyze| IBM i2 Analyze 4.3.1...

Security Bulletin: i2 Analyze has an information disclosure vulnerability (CVE-2019-17638)

Summary i2 Analyze uses a version of Jetty wth known vulnerabilities. Vulnerability Details CVEID: CVE-2019-17638 DESCRIPTION: Eclipse Jetty, as bundled in Jenkins, could allow a remote attacker to obtain sensitive information, caused by an issue with corrupt HTTP response buffer being sent to...

IBM i2 Analyze Information Disclosure Vulnerability (CNVD-2022-05109)

IBM i2 Analyze is an integrated set of security services and stores from IBM USA that provides authorized users with the ability to search, analyze and store intelligence data. IBM i2 Analyst has a security vulnerability that could be exploited by remote attackers to obtain sensitive information...

IBM i2 Analyze Information Disclosure Vulnerability

IBM i2 Analyze is an integrated set of security services and stores from IBM USA that provides authorized users with the ability to search, analyze, and store intelligence data. IBM i2 Analyze is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to obtai...

CVE-2021-29784

IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 203168...

Information disclosure

IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 203168...

Input validation

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 202771...

CVE-2021-29784

IBM i2 Analyze (versions 4.3.0, 4.3.1, 4.3.2) is affected by an information-disclosure vulnerability where a detailed error message rendered in the browser can leak sensitive data. Root cause is information disclosure via verbose browser error dialogs. Impact is information exposure; no exploit d...

CVE-2021-29784

IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 203168...

CVE-2021-29770

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 202771...

CVE-2021-29769

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie...

CVE-2021-29769

The CVE-2021-29769 issue affects IBM i2 Analyze Premium (IBM i2 Analyze 4.3.0, 4.3.1, 4.3.2). Root cause: authorization tokens and session cookies lack the Secure attribute, enabling cookie values to be leaked if a user visits an HTTP link or a compromised site. Impact: information disclosure via...

CVE-2021-29766

CVE-2021-29766 affects IBM i2 Analyze (Analyst’s Notebook Premium) versions 4.3.0, 4.3.1, and 4.3.2. The vulnerability is an information-disclosure flaw where detailed browser error messages may reveal sensitive data to remote attackers, potentially aiding further attacks. Documented CVSS: 3.x ve...

Security Bulletin: IBM i2 Analyze missing security header (CVE-2021-29769)

Summary Some secure header options were missing in communication with the i2 Analyze server. Vulnerability Details CVEID: CVE-2021-29769 DESCRIPTION: IBM i2 Analyst's Notebook Premium does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the...