Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2019-4088: Security Bulletin: Stack-based buffer overflow and elevation of privileges vulnerabilities in IBM Spectrum Protect Server and Storage Agents (CVE-2019-4087, CVE-2019-4088)

IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511.

CVE
Open in Source
#vulnerability#windows#linux#buffer_overflow#ibm
CVE-2019-4129: Security Bulletin: Information Disclosure in IBM Spectrum Protect Operations Center (CVE-2019-4129)

IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture. IBM X-Force ID: 158279.

CVE-2019-4134: Security Bulletin: IBM Planning Analytics Administration is affected by a vulnerability

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281.

CVE-2019-13147: NULL pointer dereference bug in ulaw2linear_buf, in G711.cpp · Issue #54 · mpruett/audiofile

In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.

CVE-2019-4237: Security Bulletin: IBM InfoSphere Information Server is affected by a Cross-Frame Scripting vulnerability.

A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419.

CVE-2019-4297: IBM Robotic Process Automation LDAP injection CVE-2019-4297 Vulnerability Report

IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM X-Force ID: 160761.

CVE-2019-4357: Security Bulletin: Privilege escalation and code injection vulnerabilities in IBM Spectrum Protect Plus application protection (CVE-2019-4383, CVE-2019-4357)

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667,

CVE-2019-4298: IBM Robotic Process Automation privilege escalation CVE-2019-4298 Vulnerability Report

IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764.

CVE-2019-4299: IBM Robotic Process Automation information disclosure CVE-2019-4299 Vulnerability Report

IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.

CVE-2019-4057: Security Bulletin: IBM® Db2® is vulnerable to privilege escalation to root via malicious use of fenced user (CVE-2019-4057).

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567.