PT-2024-10170 · Databricks · Databricks Jdbc Driver

Name of the Vulnerable Software and Affected Versions: Databricks JDBC Driver versions prior to 2.6.40 Description: The issue is related to the improper handling of the krbJAASFile parameter, allowing a remote attacker to execute arbitrary code by triggering a JNDI injection via a JDBC URL...

Security Bulletin: CVE-2022-22327 Urbancode Deploy Web-Agent communication uses system default TLS protocol instead of application configured value.

Summary Urbancode Deploy may use the system default TLS protocol instead of the application value when install.server.ssl.enabledProtocols is set to a non-default value. Vulnerability Details CVEID: CVE-2022-22327 DESCRIPTION: IBM UrbanCode Deploy UCD uses weaker than expected cryptographic...

CVE-2020-11450

Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been...

Design/Logic Flaw

Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been...

CVE-2020-11450

MicroStrategy Web 10.4 is affected by an information disclosure vulnerability where JVM configuration, CPU architecture, installation folder, and other environment details are exposed via /MicroStrategyWS/happyaxis.jsp. The issue enables an attacker to learn about the application environment, whi...