Security Bulletin: IBM Integration Bus is vulnerable to a remote attacker due to Apache Tomcat

Summary IBM Integration Bus is vulnerable to a remote attacker due to Apache Tomcat CVE-2023-41080. Vulnerability Details CVEID:CVE-2023-41080 DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the FORM authentication...

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 used by IBM Security Verify Governance, Identity Manager virtual appliance component

Summary Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Security Verify...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2022-22389)

Summary IBM® Db2® is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. Vulnerability Details CVEID: CVE-2022-22389 DESCRIPTION: IBM Db2 is vulnerable to a denial of service as the server may terminate...

Security Bulletin: Buffer overflow in IBM® Db2® tool db2licm (CVE-2018-1710).

Summary The Db2 tool db2licm is vulnerable to a buffer overflow. Vulnerability Details CVEID: CVE-2018-1710 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code executio...

Security Bulletin: IBM® Db2® could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. (CVE-2020-4739)

Summary IBM Db2 on Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability ...

Default credentials

Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing CATPart files. This could result in an out-of-bounds write past the end of an allocated structure. An...

CVE-2021-27488

Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing CATPart files. This could result in an out-of-bounds write past the end of an allocated structure. An...

CVE-2021-27496

CVE-2021-27496 affects Datakit CrossCADWare libraries embedded in Luxion KeyShot (v10.1 and earlier). Modules CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, and Jt3dReadPsr fail to validate data when parsing PRT files, causing untrusted pointer dereference and potential code execution i...

CVE-2021-27494

CVE-2021-27494 affects Datakit CrossCADWare libraries (CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr) bundled in Luxion KeyShot (Versions 10.1 and earlier). The vulnerability is an out-of-bounds stack/write caused by inadequate validation when parsing STP files, which can a...

Security Bulletin: IBM® Db2® db2fm is vulnerable to a buffer overflow (CVE-2020-5025)

Summary IBM Db2 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. Vulnerability Details CVEID: CVE-2020-5025 DESCRIPTION: IBM DB2 db2fm is vulnerable to a buffer overflow,...

Authentication flaw

HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources...

CVE-2020-14246

HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials...

CVE-2020-14245

CVE-2020-14245 affects HCL OneTest UI (versions 9.5, 10.0, 10.1) and is described as not performing authentication for functionality that requires a provable user identity or that can consume significant resources. The CVE is cited with a high-severity network-access risk (NVD CVSSv2: 7.5, partia...

CVE-2020-6290

SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID...

CVE-2020-6289

CVE-2020-6289 concerns SAP Disclosure Management 10.1, where CSRF protections are insufficient. The vulnerability allows an attacker to trick a user into visiting a malicious site, potentially enabling malicious actions via the user’s authenticated session. Root cause: insufficient protection aga...

Security Bulletin: IBM® Db2® is vulnerable to privilege escalation (CVE-2019-4587)

Summary Db2 could allow a local authenticated attacker to gain elevated privileges on the system, caused by an unquoted search path in sshdworker.exe. By inserting arbitrary file in the path, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges...

Security Bulletin: IBM® Db2® is vulnerable to information disclosure (CVE-2019-4524)

Summary Db2 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users, after running LOAD or UPDATE ALERT CFG through the ADMINCMD stored procedure. Vulnerability Details CVEID: CVE-2019-4524 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes...

Security Bulletin: Under specialized conditions, IBM® Db2® is vulnerable to denial of service (CVE-2019-4101).

Summary Db2 is vulnerable to a denial of service. Users that have both EXECUTE on PDGETDIAGHIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. Vulnerability Details CVEID: CVE-2019-4101 DESCRIPTION: DB2 for Linux, UNIX and Windows includes DB2 Connect...

Security Bulletin: IBM® Db2® is vulnerable to privilege escalation to root via malicious use of fenced user (CVE-2019-4057).

Summary When a DB2 instance is created a "fenced" user is specified to run external stored procedures/user defined functions. Db2 could allow malicious user with access to the Db2 instance owner account to leverage a fenced execution process to execute arbitrary code as root. This vulnerability...

Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow leading to privilege escalation (CVE-2018-1897).

Summary Db2 is vulnerable to a buffer overflow leading to privilege escalation. Vulnerability Details CVEID: CVE-2018-1897 DESCRIPTION: IBM Db2 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code CVSS...