Latest ibm data risk manager Vulnerabilities

CVE-2021-38915
IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.
IBM Data Risk Manager=2.0.6
IBM DRM<=2.0.6
IBM-6335281
IBM Data Risk Manager<=2.0.6
CVE-2020-4621
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. IBM X-Force ID: 184981.
IBM Data Risk Manager<=2.0.6
IBM Data Risk Manager<2.0.6.4
CVE-2020-4619
IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976.
IBM Data Risk Manager<=2.0.6
IBM Data Risk Manager<2.0.6.4
CVE-2020-4620
IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP requ...
IBM Data Risk Manager<=2.0.6
IBM Data Risk Manager<2.0.6.4
CVE-2020-4622
IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external compon...
IBM Data Risk Manager<=2.0.6
IBM Data Risk Manager<2.0.6.4
CVE-2020-4612
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. IBM X-Force ID: 184924.
IBM Data Risk Manager<=2.0.6
IBM Data Risk Manager<2.0.6.4
CVE-2020-4613
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184925.
IBM Data Risk Manager<=2.0.6
IBM Data Risk Manager<2.0.6.4
CVE-2020-4616
IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 184929.
IBM Data Risk Manager<2.0.6.4
IBM Data Risk Manager<=2.0.6
CVE-2020-4618
IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to improper input validation. IBM X-Force ID: 184937.
IBM Data Risk Manager<2.0.6.4
IBM Data Risk Manager<=2.0.6
CVE-2020-4617
IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trus...
IBM Data Risk Manager<2.0.6.4
IBM Data Risk Manager<=2.0.6
CVE-2020-4614
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 184927.
IBM Data Risk Manager<2.0.6.4
IBM Data Risk Manager<=2.0.6
CVE-2020-4611
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922.
IBM Data Risk Manager<=2.0.6
IBM Data Risk Manager<2.0.6.4
CVE-2020-4615
IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote...
IBM Data Risk Manager<2.0.6.4
IBM Data Risk Manager<=2.0.6
CVE-2020-15025
NTP is vulnerable to a denial of service, caused by a memory leak when a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file in ntpd. By sending specially-crafted packets, a rem...
IBM Data Risk Manager<=2.0.6
NTP ntp>=4.3.97<4.3.101
NTP ntp=4.2.8-p11
NTP ntp=4.2.8-p12
NTP ntp=4.2.8-p13
NTP ntp=4.2.8-p14
and 27 more
CVE-2020-14195
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing. The highest threat from this vul...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 311 more
CVE-2020-13871
SQLite is vulnerable to a denial of service, caused by a use-after-free in resetAccumulator in select.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to c...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.32.2
Fedoraproject Fedora=33
Debian Debian Linux=9.0
Oracle Communications Messaging Server=8.1
Oracle Communications Network Charging And Control=6.0.1
and 9 more
CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; a...
redhat/tomcat6<0:6.0.24-115.el6_10
redhat/tomcat<0:7.0.76-12.el7_8
redhat/tomcat7<0:7.0.70-40.ep7.el6
redhat/tomcat8<0:8.0.36-44.ep7.el6
redhat/tomcat-native<0:1.2.23-22.redhat_22.ep7.el6
redhat/tomcat7<0:7.0.70-40.ep7.el7
and 99 more
CVE-2020-14060
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data co...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 30 more
CVE-2020-14062
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 309 more
CVE-2020-14061
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 311 more
CVE-2020-12888
Linux Kernel is vulnerable to a denial of service, caused by improper handling of attempts to access disabled memory space by the VFIO PCI driver. By sending a specially-crafted request, a local attac...
redhat/kernel-rt<0:3.10.0-1127.13.1.rt56.1110.el7
redhat/kernel<0:3.10.0-1127.13.1.el7
redhat/kernel-alt<0:4.14.0-115.26.1.el7a
redhat/kernel<0:3.10.0-327.89.1.el7
redhat/kernel<0:3.10.0-514.78.1.el7
redhat/kernel<0:3.10.0-693.71.2.el7
and 183 more
CVE-2020-4427
IBM Data Risk Manager Security Bypass Vulnerability
IBM Data Risk Manager=2.0.1
IBM Data Risk Manager=2.0.2
IBM Data Risk Manager=2.0.3
IBM Data Risk Manager=2.0.4
IBM Data Risk Manager=2.0.5
IBM Data Risk Manager=2.0.6
and 1 more
CVE-2020-4430
IBM Data Risk Manager Directory Traversal Vulnerability
IBM Data Risk Manager=2.0.1
IBM Data Risk Manager=2.0.2
IBM Data Risk Manager=2.0.3
IBM Data Risk Manager=2.0.4
IBM Data Risk Manager=2.0.5
IBM Data Risk Manager=2.0.6
and 1 more
CVE-2020-4429
IBM Data Risk Manager=2.0.1
IBM Data Risk Manager=2.0.2
IBM Data Risk Manager=2.0.3
IBM Data Risk Manager=2.0.4
IBM Data Risk Manager=2.0.5
IBM Data Risk Manager=2.0.6
CVE-2020-4428
IBM Data Risk Manager Remote Code Execution Vulnerability
IBM Data Risk Manager=2.0.1
IBM Data Risk Manager=2.0.2
IBM Data Risk Manager=2.0.3
IBM Data Risk Manager=2.0.4
IBM Data Risk Manager=2.0.5
IBM Data Risk Manager=2.0.6
and 1 more
CVE-2020-11620
A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as...
redhat/rh-maven35-jackson-databind<0:2.7.6-2.10.el7
IBM Data Risk Manager<=2.0.6
redhat/jackson-databind<2.9.10.4
maven/com.fasterxml.jackson.core:jackson-databind>=2.9.0<=2.9.10.3
FasterXML jackson-databind>=2.9.0<2.9.10.4
Debian Debian Linux=8.0
and 29 more
CVE-2020-11619
A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 325 more
CVE-2020-11113
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data co...
redhat/qpid-cpp<0:1.36.0-31.el6_10a
redhat/qpid-proton<0:0.32.0-1.el6_10
redhat/qpid-cpp<0:1.36.0-31.el7a
redhat/qpid-proton<0:0.32.0-2.el7
redhat/nodejs-rhea<0:1.0.24-1.el8
redhat/qpid-proton<0:0.32.0-2.el8
and 59 more
CVE-2020-11112
FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.commons.proxy.provider.remoting.RmiProvider (aka apa...
redhat/Jackson-databind<2.9.10.4
redhat/rh-maven35-jackson-databind<0:2.7.6-2.9.el7
IBM Data Risk Manager<=2.0.6
FasterXML jackson-databind>=2.9.0<2.9.10.4
Debian Debian Linux=8.0
Netapp Steelstore Cloud Integrated Storage
and 51 more
CVE-2020-11111
FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.activemq.* (aka activemq-jms, activemq-core, activem...
redhat/Jackson-databind<2.9.10.4
redhat/rh-maven35-jackson-databind<0:2.7.6-2.9.el7
IBM Data Risk Manager<=2.0.6
FasterXML jackson-databind>=2.9.0<2.9.10.4
Debian Debian Linux=8.0
Netapp Steelstore Cloud Integrated Storage
and 39 more
CVE-2020-10968
A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 345 more
CVE-2020-10673
FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.4
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.4
redhat/Jackson-databind<2.9.10.4
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
and 161 more
CVE-2020-10672
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this...
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el6ea
and 159 more
CVE-2020-10969
FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in javax.swing.JEditorPane. By sending specially-crafted input, an...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 345 more
CVE-2020-10531
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() func...
redhat/chromium-browser<80.0.3987.122
redhat/node<14.3.0
redhat/node<12.17.0
redhat/node<10.21.0
ubuntu/chromium-browser<80.0.3987.149-0ubuntu0.18.04.1
ubuntu/chromium-browser<80.0.3987.122
and 50 more
CVE-2019-17569
Apache Tomcat is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attacker could exploit this vuln...
redhat/jws5-tomcat<0:9.0.30-3.redhat_4.1.el6
redhat/jws5-tomcat-native<0:1.2.23-4.redhat_4.el6
redhat/jws5-tomcat<0:9.0.30-3.redhat_4.1.el7
redhat/jws5-tomcat-native<0:1.2.23-4.redhat_4.el7
redhat/jws5-tomcat<0:9.0.30-3.redhat_4.1.el8
redhat/jws5-tomcat-native<0:1.2.23-4.redhat_4.el8
and 30 more
CVE-2020-1720
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to p...
redhat/rh-postgresql10-postgresql<0:10.12-2.el7
redhat/rh-postgresql96-postgresql<0:9.6.19-1.el7
redhat/rh-postgresql12-postgresql<0:12.4-1.el7
IBM Data Risk Manager<=2.0.6
redhat/PostgreSQL<12.2
redhat/PostgreSQL<11.7
and 9 more
CVE-2019-18634
Apple macOS Catalina is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the privileged sudo process. By sending an overly long string to the stdin of getln() in tget...
Sudo Project Sudo>=1.7.1<1.8.26
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
redhat/sudo<1.8.31
IBM Data Risk Manager<=2.0.6
and 5 more
CVE-2020-5398
A flaw was found in springframework in versions prior to 5.0.16, 5.1.13, and 5.2.3. A reflected file download (RFD) attack is possible when a "Content-Disposition" header is set in response to where t...
IBM Data Risk Manager<=2.0.6
redhat/springframework<5.2.3
redhat/springframework<5.1.13
redhat/springframework<5.0.16
maven/org.springframework:spring-webflux>=5.0.0.RELEASE<5.0.16.RELEASE
maven/org.springframework:spring-webflux>=5.1.0.RELEASE<5.1.13.RELEASE
and 67 more
CVE-2019-19959
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.10
ubuntu/sqlite3<3.22.0-1ubuntu0.3
and 4 more
CVE-2019-20218
An unspecified error in selectExpander in select.c in SQLite has an unknown impact and attack vector.
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Debian Debian Linux=9.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.10
and 7 more
CVE-2019-19948
ImageMagick is vulnerable to a heap-based buffer overflow, caused by a flaw in the WriteSGIImage function in coders/sgi.c. By persuading a victim to open a specially-crafted file, a remote attacker co...
IBM Data Risk Manager<=2.0.6
ImageMagick ImageMagick=7.0.8-43-q16
Canonical Ubuntu Linux=20.04
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 4 more
CVE-2019-19949
ImageMagick is vulnerable to a heap-based buffer overflow, caused by a flaw in the WritePNGImage function in coders/png.c. By persuading a victim to open a specially-crafted file, a remote attacker co...
IBM Data Risk Manager<=2.0.6
redhat/ImageMagick 6.9.10<43
redhat/ImageMagick 7.0.8<43
ImageMagick ImageMagick>=6.9.9-33<6.9.10-43
ImageMagick ImageMagick>=7.0.7-23<7.0.8-43
Debian Debian Linux=8.0
and 5 more
CVE-2019-19923
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or inco...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Siemens Sinec Infrastructure Network Services<1.0.1.1
Oracle Mysql Workbench<=8.0.19
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 16 more
CVE-2019-19925
SQLite is vulnerable to a denial of service, caused by the mishandling of a NULL pathname in the zipfileUpdate function in ext/misc/zipfile.c. By sending a specially-crafted request, a remote attacker...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Siemens Sinec Infrastructure Network Services<1.0.1.1
Oracle Mysql Workbench<=8.0.19
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 16 more
CVE-2019-19924
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Siemens Sinec Infrastructure Network Services<1.0.1.1
Apache Bookkeeper=4.12.1
Oracle Mysql Workbench<=8.0.19
Netapp Cloud Backup
and 4 more
CVE-2019-19926
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Siemens Sinec Infrastructure Network Services<1.0.1.1
Oracle Mysql Workbench<=8.0.19
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 17 more
CVE-2019-19880
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Netapp Cloud Backup
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Suse Package Hub
and 14 more
CVE-2019-17563
Apache Tomcat could allow a local attacker to hijack a user&#39;s session. By using the FORM authentication function, an attacker could exploit this vulnerability to gain access to another user&#39;s ...
redhat/tomcat<0:7.0.76-15.el7
redhat/tomcat<0:7.0.76-11.el7_6
redhat/tomcat<0:7.0.76-12.el7_7
redhat/tomcat7<0:7.0.70-38.ep7.el6
redhat/tomcat8<0:8.0.36-42.ep7.el6
redhat/tomcat-native<0:1.2.23-21.redhat_21.ep7.el6
and 30 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203