21 matches found
EUVD-2021-16342
Malware in sbrugna...
EUVD-2020-25835
Malware in sbrugna...
EUVD-2020-25831
Malware in sbrugna...
CVE-2021-29868
IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213...
Session fixation
IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213...
CVE-2021-29868
IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213...
CVE-2021-29868
IBM i2 iBase versions 8.9.13 and 9.0.0 have an information disclosure vulnerability caused by insufficient session expiration. A local attacker could obtain sensitive information due to session handling, as described in IBM’s security bulletin and CNVD/NVD entries. Remediation: upgrade to IBM i2 ...
Security Bulletin: Insufficient session expiration in IBM i2 iBase
Summary IBM i2 iBase provides insufficient login sessioon timeouts Vulnerability Details CVEID: CVE-2021-29868 DESCRIPTION: IBM i2 iBase could allow a local attacker to obtain sensitive information due to insufficient session expiration. CVSS Base score: 4 CVSS Temporal Score: See:...
IBM i2 iBase Code Execution Vulnerability
IBM i2 iBase is a data analysis application from IBM Corporation. The software provides flexible data acquisition and visualization tools for data analysis. i2 iBase has a code execution vulnerability that can be exploited by attackers to execute arbitrary code on the system...
CVE-2020-4623
IBM i2 iBase 8.9.13 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a DLL search order hijacking flaw. By using a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 184984...
Code injection
IBM i2 iBase 8.9.13 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a DLL search order hijacking flaw. By using a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 184984...
CVE-2020-4623
IBM i2 iBase 8.9.13 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a DLL search order hijacking flaw. By using a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 184984...
Security Bulletin: IBM i2 iBase vulnerable to DLL highjacking (CVE-2020-4623)
Summary i2 iBase is vulnerable to DLL highjacking attacks. Vulnerability Details CVEID: CVE-2020-4623 DESCRIPTION: IBM i2 iBase could allow a local authenticated attacker to execute arbitrary code on the system, caused by a DLL search order hijacking flaw. By using a specially-crafted .DLL file, ...
Security Bulletin: IBM I2 iBase is vulnerable to unrestricted file upload (CVE-2020-4588)
Summary iBase file uploads does not restrict the file type to be uploaded. This issue has been addressed. Vulnerability Details CVEID: CVE-2020-4588 DESCRIPTION: IBM i2 iBase could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result i...
Security Bulletin: Sensitive information vulnerability affects IBM i2 iBase (CVE-2020-4584)
Summary The sensitive information vulnerability was addressed in IBM i2 iBase. Vulnerability Details CVEID: CVE-2020-4584 DESCRIPTION: IBM i2 iBase could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information...
CVE-2020-4588
IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579...
CVE-2020-4584
IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574...
Information disclosure
IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574...
CVE-2020-4588
IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579...
CVE-2020-4588
IBM i2 iBase 8.9.13 is vulnerable to unrestricted file upload, allowing uploaded executables to be run, potentially causing code execution on a victim. IBM’s Security Bulletin confirms the fix in iBase 9 and advises upgrading to a version that includes the fix. Affected product/version: IBM i2 iB...