Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-26546: $the_title - $company_name

European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission.

CVE
#sql#web#mac#windows#linux#oracle#auth#postgres

Cloud, Desktop or Server - which version of IUCLID is best for me?

IUCLID 6 is available in three different versions. These provide the same main functionalities, but are designed to cater to different sets of user requirements.

IUCLID 6 ECHA Cloud services
A IUCLID Cloud service is provided by the European Chemicals Agency (ECHA) for preparing dossiers under REACH and CLP; and notifications for Poison Centres and SCIP. Companies and their consultants are encouraged to use the cloud service as it means they no longer have to install IUCLID locally on a computer, but will have direct access to the latest version in a web browser – anytime, anywhere. The service comes with up to 5 GB of data storage, fully managed backups and dedicated helpdesk support, at no charge. Go to ECHA Cloud Services.

IUCLID 6 Desktop
In IUCLID 6 Desktop, IUCLID 6 runs on a single machine. One user accesses one database, with no network connection necessary. There can be more than one user account for the installation, but only one user uses the installation at a time. The database is integrated into the IUCLID 6 application. There is no need to install database software separately. The installation process, maintenance and upgrades are designed to be as simple as possible. This is aimed at SMEs, and those who simply want to try out the software.

IUCLID 6 Server
In IUCLID 6 Server, IUCLID 6 runs in an application server. A user connects to the application over a network using a client program that can be run on any machine that has network access to the server. Many users can access the same instance of the application and therefore the database, at the same time. Access to documents can be restricted per document, per user, and per groups of users. The database software can be installed separately from the IUCLID 6 application server and client(s). This type of installation is intended for use by larger companies and organisations.

IUCLID 6 Server is marked out from IUCLID 6 Desktop visually by having a grey ring around the orange icon.

IUCLID 6 installer and updater - which one should I download?

In case you already have IUCLID 6 and want to upgrade to the latest version available, please download the IUCLID 6 updater.

If you do not have IUCLID 6 yet, please download the IUCLID 6 Desktop version installer or the IUCLID 6 Server installation package.

The latest version of IUCLID 6 published for all users on this website is 6.27.7. The ECHA Cloud services users have access to version 6.27.6.

Release notes

The main improvements and bug fixes included in the IUCLID versions available for download on this website, or accessible via the ECHA Cloud services, are listed in the release notes.

Available downloads

In connection with your IUCLID 6 download, you might want to consult the following links: IUCLID 6 manuals | FAQ | IUCLID 6 webinars | checksums for downloads

  • IUCLID 6 Desktop installer: this download provides all you need to run the IUCLID 6 as a desktop application. If you need a 32-bit compatible installer, please contact the ECHA Helpdesk.

Windows 64-bit (640 MB) | macOS (669 MB)

  • IUCLID 6 Server: this download contains all necessary software to run the IUCLID 6 Server version that can be installed in a multi-user environment using client-server architecture, including its application server.

Windows and Linux (469 MB)

  • IUCLID 6 updater: this download provides all you need to update your existing IUCLID 6 application (the same updaters can be used for IUCLID 6 Desktop or Server). If you need a 32-bit compatible updater, please contact the ECHA Helpdesk.

Windows 64-bit and Linux (792 MB) | macOS (811 MB)

Data extraction and search tools for IUCLID

In addition to the IUCLID software itself, additional tools can be downloaded to be used in connection with a IUCLID installation. These tools extend the IUCLID features that are provided by default:

  • Text Analytics: this is a powerful search engine for IUCLID data, and attachments within IUCLID documents.
  • Data Extractor: this tool helps you to extract information from dossiers stored in your IUCLID database.
  • Data Uploader Knime plug-in: this tool helps transform sources of chemical information to the IUCLID format.

Data transfer tool

  • A standalone command line tool is available for moving existing IUCLID installations to a different database. This tool is primarily meant to support the transfer of existing IUCLID databases from Derby or Oracle to PostgreSQL, supported since April 2022. You can download the tool from this page.

Patches and test versions

  • Patches made available by the IUCLID Helpdesk and test versions can be downloaded from this page. Please pay attention to the usage restrictions that apply.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907