11 matches found
Security Bulletin: Due to use of Apache Jena SDB, IBM Jazz Reporting Service is affected by a JDBC Deserialisation attack.
Summary Apache Jena SDB is used internally by IBM Jazz Reporting Service CVE-2022-45136. Vulnerability Details CVEID:CVE-2022-45136 DESCRIPTION: Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the...
Deserialization Of Untrusted Data
jena-sdb is vulnerable to deserialization of untrusted data. The vulnerability exists when the attacker is able to control the JDBC url or cause the underlying database server to return malicious data, leading to remote code execution when connected to a malicious database...
fr.inria.wimmics:kgimport (=3.3.3), net.sansa-stack:sansa-ml-spark_2.11 (=0.7.1) +61 more potentially affected by CVE-2022-45136 via org.apache.jena:jena-sdb (>=1.4.0 <=3.17.0)
org.apache.jena:jena-sdb MAVEN version =1.4.0, =0.6.0, =0.6.0, =3.1.3, =3.11.0-1, =2.13.0-2, =2.13.0-2, =2.13.0-2, =3.12.0-1, =2.13.0-2, =2.13.0-2, =3.13.1-1 and more Source cves: CVE-2022-45136 Source advisory: OSV:GHSA-G2QW-6VRR-V6PQ...
CVE-2022-45136
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
DEBIAN-CVE-2022-45136
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
CVE-2022-45136
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
UBUNTU-CVE-2022-45136
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
Design/Logic Flaw
UNSUPPORTED WHEN ASSIGNED Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this...
CVE-2022-45136 Apache Jena SDB allows arbitrary deserialisation via JDBC
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
PT-2022-27413 · Apache +1 · Apache Jena Tdb 2 +2
Name of the Vulnerable Software and Affected Versions: Apache Jena SDB versions 3.17.0 and earlier Description: The issue allows for a JDBC Deserialisation attack if the attacker can control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver ...
CVE-2022-45136
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...