GHSA-P77H-HV6G-FMFP Sensitive Data Exposure in ibm_db

Versions of ibmdb prior to 2.6.0 are vulnerable to Sensitive Data Exposure. The package printed database credentials in plaintext in logs while in debug mode. Recommendation Upgrade to version 2.6.0 or later and ensure sensitive information was not logged...

Sensitive Data Exposure in ibm_db

Versions of ibmdb prior to 2.6.0 are vulnerable to Sensitive Data Exposure. The package printed database credentials in plaintext in logs while in debug mode. Recommendation Upgrade to version 2.6.0 or later and ensure sensitive information was not logged...

Information Disclosure

ibmdb is vulnerable to information disclosure. The application prints the plaintext database credentials into log files while in debug mode. A local attacker will be able to access the log files and retrieve the credentials and gain access to the database...

Sensitive Data Exposure

Overview Versions of ibmdb prior to 2.6.0 are vulnerable to Sensitive Data Exposure. The package printed database credentials in plaintext in logs while in debug mode. Recommendation Upgrade to version 2.6.0 or later and ensure sensitive information was not logged. References - GitHub Issue - Sny...

ibm_db downloads Resources over HTTP

Affected versions of ibmdb insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of...

@mehrdafon/n8n-nodes-ibm-db2 (=0.4.9), connect-db2 (>=0.0.1 <=0.5.0) +14 more potentially affected by CVE-2016-10577 via ibm_db (>=0.0.1 <=1.0.1)

ibmdb NPM version =0.0.1, =0.0.1, =0.0.1, =1.1.0, =2.0.0, =1.0.1, =1.0.0, =1.0.1, =1.0.1, =1.0.1, =5.0.0, =0.0.1, =0.2.13, =0.0.3, =1.0.0 and more Source cves: CVE-2016-10577 Source advisory: OSV:GHSA-C4QP-H3M6-785F...

CVE-2016-10577

ibmdb is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibmdb before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

CVE-2016-10577

ibmdb is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibmdb before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

CVE-2016-10577

CVE-2016-10577 concerns the ibm_db Node.js interface to IBM DB2/Informix. The affected library (ibm_db before 1.0.2) downloads binary resources over HTTP, exposing users to MITM modification or interception of binaries. The documentation states that a remote attacker positioned on the network cou...

CVE-2016-10577

ibmdb is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibmdb before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

Man In The Middle (MitM)

ibmdb is vulnerable to man-in-the-middle MitM attacks. This is because the library downloads binary resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

Downloads Resources over HTTP

Overview Affected versions of ibmdb insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...