EUVD-2018-12084

Malware in sbrugna...

EUVD-2020-25511

Malware in sbrugna...

Security Bulletin: IBM i2 Analyze and IBM i2 Analyst's Notebook Premium are affected by Apache Log4j Vulnerabilities (CVE-2021-45105 and CVE-2021-45046)

Summary Apache Log4j is used by IBM i2 Analyze for general purpose and application error logging. It is also used in IBM i2 Analyst's Notebook Premium when the chart store is deployed. This bulletin addresses the vulnerabilities for the reported CVE-2021-45105 and CVE-2021-45046. The below fix...

IBM i2 iBase Information Disclosure Vulnerability (CNVD-2021-94902)

IBM i2 iBase is an intuitive intelligence data management application that enables collaborative teams of analysts to capture, control and analyze data from multiple sources in a highly secure workgroup environment. An information disclosure vulnerability exists in IBM i2 iBase versions 8.9.13 an...

IBM i2 Analyst's Notebook Premium Information Disclosure Vulnerability (CNVD-2021-55190)

IBM i2 Analyst's Notebook Premium is a premium version of IBM i2 Analyst's Notebook from IBM of America. IBM i2 Analyst's Notebook Premium is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to obtain cookie values by listening to traffic...

CVE-2021-29767

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681...

CVE-2021-29770

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 202771...

Authorization

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie...

CVE-2020-4623

IBM i2 iBase 8.9.13 is affected by CVE-2020-4623 due to a DLL search order hijacking flaw that could allow a local authenticated attacker to execute arbitrary code. The issue is described across multiple sources (NVD entry and IBM Security Bulletin), identifying the affected product as IBM i2 iBa...

CVE-2020-4722

IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force I...

CVE-2020-4285

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the...

CVE-2020-4288

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the...

CVE-2020-4343

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or...

CVE-2020-4265

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force...

CVE-2020-4257

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force...

CVE-2020-4258

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force...

CVE-2020-4263

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force...

CVE-2020-4265

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force...

Memory corruption

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force...

Memory corruption

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force...