337 matches found
CVE-2025-1471
In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized...
CVE-2025-1471 Eclipse OMR: Buffer overflow vulnerability
In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized...
CVE-2025-1471 Eclipse OMR: Buffer overflow vulnerability
In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized...
CVE-2025-1471
CVE-2025-1471 concerns Eclipse OMR: z/OS atoe print functions using a constant-length buffer from versions 0.2.0–0.4.0, enabling a buffer overflow if input exceeds the buffer. Beginning with 0.5.0, conversion buffers are sized and checked to prevent overflow. Connected sources confirm this CVE ac...
CVE-2025-1470
CVE-2025-1470 affects Eclipse OMR: prior to version 0.5.0, internal OMR port library and z/OS atoe function consumers did not properly check NULL pointers or allocation failures, risking NULL pointer dereferences. Beginning with 0.5.0, OMR consumers handle NULL return values and memory allocation...
Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264
Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264 Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could...
IBM Db2 Denial of Service Vulnerability (CNVD-2025-01784)
IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...
IBM Db2 安全漏洞
IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that originates from improper memory allocation...
Security Bulletin: IBM Data Virtualization Manager for z/OS has a remote code execution (RCE) vulnerability
Summary IBM Data Virtualization Manager for z/OS has a remote code execution RCE vulnerability. Vulnerability Details CVEID:CVE-2024-52899 DESCRIPTION: IBM Data Virtualization Manager for z/OS could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...
CVE-2024-52899
IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...
CVE-2024-52899
IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...
CVE-2024-52899
IBM Data Virtualization Manager for z/OS is affected in v1.1 and v1.2 by a code-execution vulnerability where an authenticated user can inject malicious JDBC URL parameters to execute server code. Root cause: improper filtering of elements that form code segments (CRLF injection). Impact: remote ...
PT-2024-35477 · Ibm · Ibm Data Virtualization Manager For Z/Os
Name of the Vulnerable Software and Affected Versions: IBM Data Virtualization Manager for z/OS versions 1.1 through 1.2 Description: The issue allows an authenticated user to inject malicious JDBC URL parameters and execute code on the server. Recommendations: For versions 1.1 and 1.2, consider...
Security Bulletin: IBM Data Virtualization Manager for z/OS has a remote code execution (RCE) vulnerability
Summary IBM Data Virtualization Manager for z/OS has a remote code execution RCE vulnerability in the JDBC component with fix pack dvm-jdbc-3.1.202406111013. Vulnerability Details CVEID: NA Description: Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during...
Security Bulletin: IBM App Connect Enterprise toolkit is vulnerable to a local authenticated attacker due to the OKHttp component. (CVE-2023-0833).
Summary IBM App Connect Enterprise toolkit is vulnerable to a local authenticated attacker due to the OKHttp component. CVE-2023-0833. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-0833 DESCRIPTION: Red Hat AMQ-Streams could allow ...
Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.
Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2rBuffer overflow in GC when using the -Xgc:concurrentScavenge option on IBM Z. Vulnerability Details Refer to the security bulletins listed in...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities in IBM Java SDK, Java Technology Edition
Summary There are multiple vulnerabilities in IBM Java SDK, Java Technology Edition used by IBM App Connect Enterprise and IBM Integration Bus for z/OS. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecifie...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a denial of service due to Apache Tomcat (CVE-2024-34750)
Summary IBM Integration Bus for z/OS is vulnerable to a denial of service due to Apache Tomcat CVE-2024-34750. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-34750 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, cause...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a remote attack due to Apache Maven (CVE-2021-26291)
Summary UPDATE 21 AUGUST 2024: This fix has been updated. Please download and install the fix dated 21 August 2024. The IBM Integration Bus for z/OS toolkit is vulnerable to a remote attack due to Apache Maven. This bulletin identifies the steps to take to address the vulnerability. Vulnerability...
Approach to mainframe penetration testing on z/OS
Information technology is developing at a rapid pace, with completely new areas emerging, such as DevOps and DevSecOps – and were striving to keep up. However, in some projects, you may encounter systems built on rather outdated principles. Such systems must be approached with care, since a singl...