Security Bulletin: IBM i has released PTFs in response to the vulnerabilities known as Spectre and Meltdown.

Summary IBM has released the following IBM i PTFs in response to CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 and CVE-2018-3639. This security bulletin has been updated, on October 16, 2018, as additional IBM i PTFs are now available to mitigate the Spectre and Meltdown vulnerabilities...

Security Bulletin: IBM Managed System Services for i and IBM System Management for i are vulnerable to a local user gaining elevated privilege due to unqualified library calls [CVE-2024-38330].

Summary IBM Managed System Services for i and IBM System Management for i are vulnerable to a local user gaining elevated privilege due to programs making unqualified library calls as described in the vulnerability details section. This bulletin identifies the steps to take to address the...

Security Bulletin: IBM i is vulnerable to a privilege escalation due to the ability to configure a physical file trigger in Db2 for IBM i. [CVE-2024-27275]

Summary IBM i is vulnerable to a privilege escalation due to a user without privilege being able to configure a physical file trigger in Db2 for IBM i as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...

Security Bulletin: IBM i is vulnerable to a local privilege escalation due to an unqualified library call in IBM Performance Tools for i [CVE-2024-27264].

Summary IBM i is vulnerable to a user gaining elevated privilege due to a program being called without library qualification in IBM Performance Tools for i as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in th...

Security Bulletin: IBM Rational Development Studio for i is vulnerable to a local privilege escalation due to an unqualified library call in compiler infrastructure [CVE-2024-25050]

Summary IBM i product IBM Rational Development Studio for i is vulnerable to a user gaining elevated privilege due to a CL command being called without library qualification in compiler infrastructure as described in the vulnerability details section. This bulletin identifies the steps to take to...

Security Bulletin: IBM i is vulnerable to a local privilege escalation due to an unqualified library call in networking and compiler infrastructure [CVE-2024-25050]

Summary IBM i is vulnerable to a user gaining elevated privilege due to a CL command being called without library qualification in networking and compiler infrastructure as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as...

Security Bulletin: IBM i is vulnerable to a local privilege escalation due to flaws in Management Central (CVE-2023-40685, CVE-2023-40686).

Summary IBM i is vulnerable to a local privilege escalation due to flaws in a Management Central as described in the vulnerability details section. The vulnerabilities exist even when Management Central is not being used for systems management tasks. IBM i has addressed the vulnerabilities with...

Security Bulletin: IBM Db2 Mirror for i is vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928)

Summary IBM Db2 Mirror for i setup and GUI use the IBM Toolbox for Java to access IBM i interfaces. IBM Toolbox for Java could allow sensitive information stored as Java strings to be obtained by an attacker as described in the vulnerability details section. IBM Db2 Mirror for i has addressed the...

Security Bulletin: IBM Administration Runtime Expert for i is vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928)

Summary IBM Administration Runtime Expert for i uses the IBM Toolbox for Java to access IBM i interfaces. IBM Toolbox for Java could allow sensitive information stored as Java strings to be obtained by an attacker as described in the vulnerability details section. IBM Administration Runtime Exper...

Security Bulletin: IBM Db2 Web Query for i is vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928)

Summary Db2 Web Query uses the IBM Toolbox for Java to access IBM i interfaces. IBM Toolbox for Java could allow sensitive information stored as Java strings to be obtained by an attacker as described in the vulnerability details section. Db2 Web Query has addressed the vulnerability with a fix a...

Security Bulletin: IBM Db2 Web Query for i is vulnerable to arbitrary code execution due to Apache Commons Text [CVE-2022-42889]

Summary Db2 Web Query is vulnerable to arbitrary code execution due to Apache Commons Text CVE-2022-42889. Apache Commons Text is used by IBM Db2 Web Query for i for string functionality. The fix includes Apache Commons Text 1.10.0. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache...

Security Bulletin: IBM Content Manager OnDemand for IBM i is affected by a vulnerability CVE-2018-25032

Summary There is vulnerability in Zlib used by IBM Content Manager OnDemand for IBM i. IBM Content Manager OnDemand for IBM i has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory corruption in the...

SUSE: Security Advisory (SUSE-SU-2022:1157-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: A vulnerability in Apache Log4j affects IBM Db2 Web Query for i (CVE-2021-45105)

Summary There is a vulnerability in Apache Log4j as described in the vulnerability details section. Apache Log4j v2.16 is used by Db2 Web Query for i for generating logs and diagnostic traces in some of its components. IBM has addressed the vulnerability in Db2 Web Query for i. Vulnerability...

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are affected by CVE-2021-2369 and CVE-2021-2432

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i as described in the vulnerability details section. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-2369 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i

Summary Apache HTTP Server on IBM i is vulnerabile to the issues described in the vulnerability details section. IBM i has addressed the vulnerabilities in the Apache HTTP Server implementation as described in the remediation/fixes section. Vulnerability Details CVEID: CVE-2021-31618 DESCRIPTION:...

Security Bulletin: Vulnerability CVE-2020-4788 in the IBM Power9 processor affects IBM i

Summary The IBM Power9 processor is used on IBM i. IBM i has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-4788 DESCRIPTION: IBM Power9 processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. CVSS Bas...

demo.koha-ptfs.eu Open Redirect vulnerability

Vulnerable URL: https://demo.koha-ptfs.eu/cgi-bin/koha/tracklinks.pl?uri=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 06.11.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

Rebus:list (list.php, list_id param) - SQL Injection Vulnerability

No description provided by source. Exploit Title: Rebus:list SQL Injection Vulnerability Date: 3/18/2013 Vendor Homepage: http://www.ptfs-europe.com/products/rebus/rebuslist/ Author: Robert Cooper robert.cooper at areyousecure.net Tested on: Linux/Windows 7 Vulnerable Parameters: listid= Google...

[SA16751] OS/400 osp-cert Certificate Handling Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...