Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2019-4134: Security Bulletin: IBM Planning Analytics Administration is affected by a vulnerability

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281.

CVE
#xss#vulnerability#web#java#ibm
CVE-2019-4088: Security Bulletin: Stack-based buffer overflow and elevation of privileges vulnerabilities in IBM Spectrum Protect Server and Storage Agents (CVE-2019-4087, CVE-2019-4088)

IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511.

CVE-2019-4129: Security Bulletin: Information Disclosure in IBM Spectrum Protect Operations Center (CVE-2019-4129)

IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture. IBM X-Force ID: 158279.

CVE-2019-13147: NULL pointer dereference bug in ulaw2linear_buf, in G711.cpp · Issue #54 · mpruett/audiofile

In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.

CVE-2019-4154: IBM DB2 for Linux, UNIX and Windows buffer overflow CVE-2019-4154 Vulnerability Report

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519.

CVE-2019-4102: Security Bulletin: IBM® Db2® does not explicitly forbid a weaker than expected 3DES cipher when configured to use SSL (CVE-2019-4102).

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092.

CVE-2019-4322: Security Bulletin: Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation (CVE-2019-4322).

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202.

CVE-2019-4410: Security Bulletin: A cross-site scripting vulnerability occurs in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4410)

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162657.

CVE-2019-4386: Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2019-4386).

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714.

CVE-2019-4298: IBM Robotic Process Automation privilege escalation CVE-2019-4298 Vulnerability Report

IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764.