Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-8244 (GCVE-0-2020-8244)
Vulnerability from cvelistv5
Published
2020-08-30 13:43
Modified
2024-08-04 09:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-126 - Buffer Over-read ()
Summary
A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.
References
| URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/966347"
},
{
"name": "[debian-lts-announce] 20210630 [SECURITY] [DLA 2698-1] node-bl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 4.0.3, 3.0.1, 2.2.1, and 1.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer over-read vulnerability exists in bl \u003c4.0.3, \u003c3.0.1, \u003c2.2.1, and \u003c1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "Buffer Over-read (CWE-126)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-01T02:06:10",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/966347"
},
{
"name": "[debian-lts-announce] 20210630 [SECURITY] [DLA 2698-1] node-bl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bl",
"version": {
"version_data": [
{
"version_value": "Fixed in 4.0.3, 3.0.1, 2.2.1, and 1.2.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer over-read vulnerability exists in bl \u003c4.0.3, \u003c3.0.1, \u003c2.2.1, and \u003c1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read (CWE-126)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/966347",
"refsource": "MISC",
"url": "https://hackerone.com/reports/966347"
},
{
"name": "[debian-lts-announce] 20210630 [SECURITY] [DLA 2698-1] node-bl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8244",
"datePublished": "2020-08-30T13:43:55",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:28.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-8244\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2020-08-30T15:15:12.167\",\"lastModified\":\"2024-11-21T05:38:34.760\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer over-read vulnerability exists in bl \u003c4.0.3, \u003c3.0.1, \u003c2.2.1, and \u003c1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de lectura excesiva del b\u00fafer en bl versiones anteriores a 4.0.3, versiones anteriores a 3.0.1, versiones anteriores a 2.2.1 versiones anteriores a 1.2.3 que podr\u00eda permitir a un atacante suministrar informaci\u00f3n del usuario (incluso escrita) que si termina en el argumento de consume() y puede volverse negativa, el estado de BufferList puede estar corrupto, enga\u00f1\u00e1ndolo para que exponga la memoria no inicializada por medio de llamadas regulares de .slice()\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-126\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bufferlist_project:bufferlist:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.2.3\",\"matchCriteriaId\":\"BE477499-8C07-4A21-80ED-522252634656\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bufferlist_project:bufferlist:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.2.1\",\"matchCriteriaId\":\"3BAC5D84-F507-43F3-8F02-30B19CAB6CB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bufferlist_project:bufferlist:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.1\",\"matchCriteriaId\":\"F970C0FA-2479-4F5B-BF15-010C22CE5DB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bufferlist_project:bufferlist:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.0.3\",\"matchCriteriaId\":\"6609D49F-7700-4262-AAF3-1470A1CEB9E0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"https://hackerone.com/reports/966347\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/966347\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
}
}
WID-SEC-W-2023-1599
Vulnerability from csaf_certbund
Published
2021-01-13 23:00
Modified
2023-06-29 22:00
Summary
IBM Security Guardium: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Security Guardium ist eine Lösung für die Überwachung und Auditierung des Datenzugriffs.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Security Guardium ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Security Guardium ist eine L\u00f6sung f\u00fcr die \u00dcberwachung und Auditierung des Datenzugriffs.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Security Guardium ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1599 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-1599.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1599 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1599"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7008449 vom 2023-06-29",
"url": "https://www.ibm.com/support/pages/node/7008449"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6403463 vom 2021-01-13",
"url": "https://www.ibm.com/support/pages/node/6403463"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:0521 vom 2021-02-15",
"url": "https://access.redhat.com/errata/RHSA-2021:0521"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:0548 vom 2021-02-16",
"url": "https://access.redhat.com/errata/RHSA-2021:0548"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4758-1 vom 2021-03-09",
"url": "https://ubuntu.com/security/notices/USN-4758-1"
}
],
"source_lang": "en-US",
"title": "IBM Security Guardium: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-06-29T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:53:55.140+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1599",
"initial_release_date": "2021-01-13T23:00:00.000+00:00",
"revision_history": [
{
"date": "2021-01-13T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2021-02-15T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-02-16T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-03-08T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-06-29T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM DB2",
"product": {
"name": "IBM DB2",
"product_id": "5104",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:-"
}
}
},
{
"category": "product_name",
"name": "IBM Security Guardium Insights 2.0.2",
"product": {
"name": "IBM Security Guardium Insights 2.0.2",
"product_id": "316562",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:10.0"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14039",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-14039"
},
{
"cve": "CVE-2020-14145",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-14145"
},
{
"cve": "CVE-2020-15168",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-15168"
},
{
"cve": "CVE-2020-15586",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-15586"
},
{
"cve": "CVE-2020-15778",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-15778"
},
{
"cve": "CVE-2020-16845",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-16845"
},
{
"cve": "CVE-2020-24553",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-24553"
},
{
"cve": "CVE-2020-4166",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4166"
},
{
"cve": "CVE-2020-4594",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4594"
},
{
"cve": "CVE-2020-4595",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4595"
},
{
"cve": "CVE-2020-4596",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4596"
},
{
"cve": "CVE-2020-4597",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4597"
},
{
"cve": "CVE-2020-4599",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4599"
},
{
"cve": "CVE-2020-4600",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4600"
},
{
"cve": "CVE-2020-4602",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4602"
},
{
"cve": "CVE-2020-4604",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4604"
},
{
"cve": "CVE-2020-7608",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-7608"
},
{
"cve": "CVE-2020-8244",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-8244"
}
]
}
wid-sec-w-2023-1599
Vulnerability from csaf_certbund
Published
2021-01-13 23:00
Modified
2023-06-29 22:00
Summary
IBM Security Guardium: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Security Guardium ist eine Lösung für die Überwachung und Auditierung des Datenzugriffs.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Security Guardium ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Security Guardium ist eine L\u00f6sung f\u00fcr die \u00dcberwachung und Auditierung des Datenzugriffs.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Security Guardium ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1599 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-1599.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1599 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1599"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7008449 vom 2023-06-29",
"url": "https://www.ibm.com/support/pages/node/7008449"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6403463 vom 2021-01-13",
"url": "https://www.ibm.com/support/pages/node/6403463"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:0521 vom 2021-02-15",
"url": "https://access.redhat.com/errata/RHSA-2021:0521"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:0548 vom 2021-02-16",
"url": "https://access.redhat.com/errata/RHSA-2021:0548"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4758-1 vom 2021-03-09",
"url": "https://ubuntu.com/security/notices/USN-4758-1"
}
],
"source_lang": "en-US",
"title": "IBM Security Guardium: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-06-29T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:53:55.140+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1599",
"initial_release_date": "2021-01-13T23:00:00.000+00:00",
"revision_history": [
{
"date": "2021-01-13T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2021-02-15T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-02-16T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-03-08T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-06-29T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM DB2",
"product": {
"name": "IBM DB2",
"product_id": "5104",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:-"
}
}
},
{
"category": "product_name",
"name": "IBM Security Guardium Insights 2.0.2",
"product": {
"name": "IBM Security Guardium Insights 2.0.2",
"product_id": "316562",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:10.0"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14039",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-14039"
},
{
"cve": "CVE-2020-14145",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-14145"
},
{
"cve": "CVE-2020-15168",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-15168"
},
{
"cve": "CVE-2020-15586",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-15586"
},
{
"cve": "CVE-2020-15778",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-15778"
},
{
"cve": "CVE-2020-16845",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-16845"
},
{
"cve": "CVE-2020-24553",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-24553"
},
{
"cve": "CVE-2020-4166",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4166"
},
{
"cve": "CVE-2020-4594",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4594"
},
{
"cve": "CVE-2020-4595",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4595"
},
{
"cve": "CVE-2020-4596",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4596"
},
{
"cve": "CVE-2020-4597",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4597"
},
{
"cve": "CVE-2020-4599",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4599"
},
{
"cve": "CVE-2020-4600",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4600"
},
{
"cve": "CVE-2020-4602",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4602"
},
{
"cve": "CVE-2020-4604",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4604"
},
{
"cve": "CVE-2020-7608",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-7608"
},
{
"cve": "CVE-2020-8244",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-8244"
}
]
}
CERTFR-2024-AVI-0145
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions 1.10.x.x antérieures à 1.10.18.0 | ||
| IBM | N/A | IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions antérieures à v4.8.2 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 IF05 | ||
| IBM | QRadar | IBM QRadar Use Case Manager App versions antérieures à 3.9.0 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20 | ||
| IBM | WebSphere | IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.1.x.x antérieures à 6.1.0.23 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.3.x.x antérieures à 6.3.0.6 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.2.x.x antérieures à 6.2.0.22 | ||
| IBM | Db2 | IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2 | ||
| IBM | Cloud Pak | IBM Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.18.0 | ||
| IBM | Spectrum | IBM Spectrum Scale versions 5.1.x.x antérieures à 5.1.2.15 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20 | ||
| IBM | QRadar WinCollect Agent | IBM QRadar WinCollect Agent versions 10.0.x antérieures à 10.1.9 | ||
| IBM | Spectrum | IBM Spectrum Scale versions 5.1.3.x antérieures à 5.1.9.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de s\u00e9curit\u00e9 Fixpack cumulatif Db2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.18.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions ant\u00e9rieures \u00e0 v4.8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7 IF05",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 3.9.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Web Services versions 6.1.x.x ant\u00e9rieures \u00e0 6.1.0.23",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Web Services versions 6.3.x.x ant\u00e9rieures \u00e0 6.3.0.6",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Web Services versions 6.2.x.x ant\u00e9rieures \u00e0 6.2.0.22",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de s\u00e9curit\u00e9 Fixpack cumulatif Db2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.18.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Scale versions 5.1.x.x ant\u00e9rieures \u00e0 5.1.2.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar WinCollect Agent versions 10.0.x ant\u00e9rieures \u00e0 10.1.9",
"product": {
"name": "QRadar WinCollect Agent",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Scale versions 5.1.3.x ant\u00e9rieures \u00e0 5.1.9.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2015-8392",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
},
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8383",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2015-8381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2021-22947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2022-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2021-22923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
},
{
"name": "CVE-2021-22922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"name": "CVE-2021-41190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41190"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2022-29244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29244"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2020-8244",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8244"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2022-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2023-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4128"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"name": "CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"name": "CVE-2023-30991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30991"
},
{
"name": "CVE-2022-48339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48339"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-39976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39976"
},
{
"name": "CVE-2023-38325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-32002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32002"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
},
{
"name": "CVE-2020-15586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15586"
},
{
"name": "CVE-2020-28362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
},
{
"name": "CVE-2020-14039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14039"
},
{
"name": "CVE-2020-16845",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16845"
},
{
"name": "CVE-2021-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
},
{
"name": "CVE-2020-24553",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24553"
},
{
"name": "CVE-2020-28366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28366"
},
{
"name": "CVE-2020-28367",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28367"
},
{
"name": "CVE-2023-34054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34054"
},
{
"name": "CVE-2023-34053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34053"
},
{
"name": "CVE-2023-34055",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
},
{
"name": "CVE-2023-46589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2002-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0059"
},
{
"name": "CVE-2023-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38003"
},
{
"name": "CVE-2023-32731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2015-8393",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8393"
},
{
"name": "CVE-2020-19909",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19909"
},
{
"name": "CVE-2023-30987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30987"
},
{
"name": "CVE-2023-38719",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38719"
},
{
"name": "CVE-2023-40374",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40374"
},
{
"name": "CVE-2023-38728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38728"
},
{
"name": "CVE-2023-38720",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38720"
},
{
"name": "CVE-2023-38740",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38740"
},
{
"name": "CVE-2023-40372",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40372"
},
{
"name": "CVE-2023-40373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40373"
},
{
"name": "CVE-2023-47145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47145"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2023-46308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46308"
},
{
"name": "CVE-2023-32006",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32006"
},
{
"name": "CVE-2023-32559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32559"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-23541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23541"
},
{
"name": "CVE-2022-36046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36046"
},
{
"name": "CVE-2023-40692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40692"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2023-38727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38727"
},
{
"name": "CVE-2023-45142",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45142"
},
{
"name": "CVE-2022-48337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48337"
},
{
"name": "CVE-2023-47627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47627"
},
{
"name": "CVE-2023-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47701"
},
{
"name": "CVE-2023-49081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49081"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2023-29258",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29258"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2024-22190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22190"
},
{
"name": "CVE-2023-4586",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4586"
},
{
"name": "CVE-2023-43020",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43020"
},
{
"name": "CVE-2023-37276",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37276"
},
{
"name": "CVE-2023-47152",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47152"
},
{
"name": "CVE-2023-49082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49082"
},
{
"name": "CVE-2023-46219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
},
{
"name": "CVE-2023-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47141"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"name": "CVE-2023-46167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46167"
},
{
"name": "CVE-2023-27859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27859"
},
{
"name": "CVE-2023-47158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47158"
},
{
"name": "CVE-2023-36665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36665"
},
{
"name": "CVE-2022-23529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23529"
},
{
"name": "CVE-2023-40687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40687"
},
{
"name": "CVE-2022-23539",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23539"
},
{
"name": "CVE-2023-6681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6681"
},
{
"name": "CVE-2022-23540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23540"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-50308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50308"
},
{
"name": "CVE-2023-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2023-45193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45193"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2020-29510",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29510"
},
{
"name": "CVE-2023-47746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47746"
},
{
"name": "CVE-2023-34062",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34062"
},
{
"name": "CVE-2023-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47747"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-46158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46158"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
}
],
"initial_release_date": "2024-02-16T00:00:00",
"last_revision_date": "2024-02-16T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0145",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117872 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117872"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7118592 du 16 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7118592"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117873 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117873"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7118289 du 15 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7118289"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7118351 du 15 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7118351"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117821 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117821"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117883 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117883"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117881 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117881"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117884 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117884"
}
]
}
CERTFR-2023-AVI-0337
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un déni de service à distance, une injection de code indirecte à distance (XSS), un contournement de la politique de sécurité et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | IBM Db2 Graph versions antérieures à 1.0.0.1562-s390x | ||
| IBM | Db2 | IBM Db2 Graph versions antérieures à 1.0.0.1562-ppcle | ||
| IBM | Db2 | IBM Db2 versions 11.5.x antérieures à 11.5.7 sans le dernier correctif de sécurité | ||
| IBM | Db2 | IBM Db2 versions 10.5.x antérieures à 10.5 FP11 sans le dernier correctif de sécurité | ||
| IBM | Db2 | IBM Db2 Graph versions antérieures à 1.0.0.1598-s390x | ||
| IBM | Db2 | IBM Db2 Graph versions antérieures à 1.0.0.1598-amd64 | ||
| IBM | Db2 | IBM Db2 versions 11.5.x antérieures à 11.5.8 sans le dernier correctif de sécurité | ||
| IBM | Db2 | IBM Db2 Graph versions antérieures à 1.0.0.1598-ppcle | ||
| IBM | Db2 | IBM Db2 Graph versions antérieures à latest-s390x | ||
| IBM | Db2 | IBM Db2 Graph versions antérieures à latest-amd64 | ||
| IBM | Db2 | IBM Db2 versions 11.1.x antérieures à 11.1.4 FP7 sans le dernier correctif de sécurité | ||
| IBM | Db2 | IBM Db2 Graph versions antérieures à latest-ppcle | ||
| IBM | Db2 | IBM Db2 Graph versions antérieures à 1.0.0.1562-amd64 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 1.0.0.1562-s390x",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 1.0.0.1562-ppcle",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.7 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 10.5.x ant\u00e9rieures \u00e0 10.5 FP11 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 1.0.0.1598-s390x",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 1.0.0.1598-amd64",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.8 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 1.0.0.1598-ppcle",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 latest-s390x",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 latest-amd64",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 11.1.x ant\u00e9rieures \u00e0 11.1.4 FP7 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 latest-ppcle",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 1.0.0.1562-amd64",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-33980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33980"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2023-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
},
{
"name": "CVE-2023-29257",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29257"
},
{
"name": "CVE-2023-26021",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26021"
},
{
"name": "CVE-2022-37865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37865"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2022-37866",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37866"
},
{
"name": "CVE-2020-8244",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8244"
},
{
"name": "CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"name": "CVE-2022-41915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41915"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2023-29255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29255"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
}
],
"initial_release_date": "2023-04-25T00:00:00",
"last_revision_date": "2023-04-25T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0337",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-25T00:00:00.000000"
},
{
"description": "Ajout de r\u00e9f\u00e9rence CVE",
"revision_date": "2023-04-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un d\u00e9ni de service \u00e0\ndistance, une injection de code indirecte \u00e0 distance (XSS), un\ncontournement de la politique de s\u00e9curit\u00e9 et une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6985691 du 24 avril 2023",
"url": "https://www.ibm.com/support/pages/node/6985691"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6985689 du 24 avril 2023",
"url": "https://www.ibm.com/support/pages/node/6985689"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6985687 du 24 avril 2023",
"url": "https://www.ibm.com/support/pages/node/6985687"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6985681 du 24 avril 2023",
"url": "https://www.ibm.com/support/pages/node/6985681"
}
]
}
CERTFR-2023-AVI-0504
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | IBM Spectrum Protect Backup-Archive Client versions 8.1.x antérieures à 8.1.19.0 | ||
| IBM | Db2 | Db2 Graph versions 1.0.0.592 à 1.0.0.1690 sans le dernier correctif de sécurité | ||
| IBM | N/A | IBM Db2 on Cloud Pak for Data et Db2 Warehouse on Cloud Pak for Data versions antérieures à 4.7 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Protect Backup-Archive Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.19.0",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Graph versions 1.0.0.592 \u00e0 1.0.0.1690 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 on Cloud Pak for Data et Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.7",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-43927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43927"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2022-33980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33980"
},
{
"name": "CVE-2023-27555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27555"
},
{
"name": "CVE-2023-25165",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25165"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2019-18634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
},
{
"name": "CVE-2023-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
},
{
"name": "CVE-2023-28956",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28956"
},
{
"name": "CVE-2023-29257",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29257"
},
{
"name": "CVE-2019-19232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19232"
},
{
"name": "CVE-2023-26021",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26021"
},
{
"name": "CVE-2022-37865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37865"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2019-10743",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10743"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2022-37866",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37866"
},
{
"name": "CVE-2020-8244",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8244"
},
{
"name": "CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2014-3577",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
},
{
"name": "CVE-2022-41915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41915"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2023-25930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25930"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2023-29255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29255"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2022-43930",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43930"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2023-27559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27559"
},
{
"name": "CVE-2022-43929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43929"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2019-19234",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19234"
},
{
"name": "CVE-2023-26022",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26022"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
}
],
"initial_release_date": "2023-06-30T00:00:00",
"last_revision_date": "2023-06-30T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0504",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7008449 du 29 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7008449"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6998815 du 28 juin 2023",
"url": "https://www.ibm.com/support/pages/node/6998815"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7005519 du 26 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7005519"
}
]
}
gsd-2020-8244
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-8244",
"description": "A buffer over-read vulnerability exists in bl \u003c4.0.3, \u003c3.0.1, \u003c2.2.1, and \u003c1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.",
"id": "GSD-2020-8244",
"references": [
"https://ubuntu.com/security/CVE-2020-8244"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-8244"
],
"details": "A buffer over-read vulnerability exists in bl \u003c4.0.3, \u003c3.0.1, \u003c2.2.1, and \u003c1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.",
"id": "GSD-2020-8244",
"modified": "2023-12-13T01:21:53.846412Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bl",
"version": {
"version_data": [
{
"version_value": "Fixed in 4.0.3, 3.0.1, 2.2.1, and 1.2.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer over-read vulnerability exists in bl \u003c4.0.3, \u003c3.0.1, \u003c2.2.1, and \u003c1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read (CWE-126)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/966347",
"refsource": "MISC",
"url": "https://hackerone.com/reports/966347"
},
{
"name": "[debian-lts-announce] 20210630 [SECURITY] [DLA 2698-1] node-bl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.2.3||\u003e=2.0.0 \u003c2.2.1||\u003e=3.0.0 \u003c3.0.1||\u003e=4.0.0 \u003c4.0.3",
"affected_versions": "All versions before 1.2.3, all versions starting from 2.0.0 before 2.2.1, all versions starting from 3.0.0 before 3.0.1, all versions starting from 4.0.0 before 4.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-125",
"CWE-937"
],
"date": "2021-07-01",
"description": "A buffer over-read vulnerability exists in bl which could allow an attacker to supply user input (even typed) that if it ends up in `consume()` argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular `.slice()` calls.",
"fixed_versions": [
"1.2.3",
"2.2.1",
"3.0.1",
"4.0.3"
],
"identifier": "CVE-2020-8244",
"identifiers": [
"CVE-2020-8244"
],
"not_impacted": "All versions starting from 1.2.3 before 2.0.0, all versions starting from 2.2.1 before 3.0.0, all versions starting from 3.0.1 before 4.0.0, all versions starting from 4.0.3",
"package_slug": "npm/bl",
"pubdate": "2020-08-30",
"solution": "Upgrade to versions 1.2.3, 2.2.1, 3.0.1, 4.0.3 or above.",
"title": "Out-of-bounds Read",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8244"
],
"uuid": "5c803f2c-d546-484b-bb75-8d3dc9140e08"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:bufferlist_project:bufferlist:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bufferlist_project:bufferlist:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bufferlist_project:bufferlist:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "1.2.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bufferlist_project:bufferlist:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve-assignments@hackerone.com",
"ID": "CVE-2020-8244"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A buffer over-read vulnerability exists in bl \u003c4.0.3, \u003c3.0.1, \u003c2.2.1, and \u003c1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/966347",
"refsource": "MISC",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/966347"
},
{
"name": "[debian-lts-announce] 20210630 [SECURITY] [DLA 2698-1] node-bl security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
},
"lastModifiedDate": "2022-05-24T17:31Z",
"publishedDate": "2020-08-30T15:15Z"
}
}
}
fkie_cve-2020-8244
Vulnerability from fkie_nvd
Published
2020-08-30 15:15
Modified
2024-11-21 05:38
Severity ?
Summary
A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.
References
| URL | Tags | ||
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/966347 | Exploit, Patch, Third Party Advisory | |
| support@hackerone.com | https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/966347 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bufferlist_project | bufferlist | * | |
| bufferlist_project | bufferlist | * | |
| bufferlist_project | bufferlist | * | |
| bufferlist_project | bufferlist | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bufferlist_project:bufferlist:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "BE477499-8C07-4A21-80ED-522252634656",
"versionEndExcluding": "1.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bufferlist_project:bufferlist:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "3BAC5D84-F507-43F3-8F02-30B19CAB6CB5",
"versionEndExcluding": "2.2.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bufferlist_project:bufferlist:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "F970C0FA-2479-4F5B-BF15-010C22CE5DB6",
"versionEndExcluding": "3.0.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bufferlist_project:bufferlist:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "6609D49F-7700-4262-AAF3-1470A1CEB9E0",
"versionEndExcluding": "4.0.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer over-read vulnerability exists in bl \u003c4.0.3, \u003c3.0.1, \u003c2.2.1, and \u003c1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de lectura excesiva del b\u00fafer en bl versiones anteriores a 4.0.3, versiones anteriores a 3.0.1, versiones anteriores a 2.2.1 versiones anteriores a 1.2.3 que podr\u00eda permitir a un atacante suministrar informaci\u00f3n del usuario (incluso escrita) que si termina en el argumento de consume() y puede volverse negativa, el estado de BufferList puede estar corrupto, enga\u00f1\u00e1ndolo para que exponga la memoria no inicializada por medio de llamadas regulares de .slice()"
}
],
"id": "CVE-2020-8244",
"lastModified": "2024-11-21T05:38:34.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-30T15:15:12.167",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/966347"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/966347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-126"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-pp7h-53gx-mx7r
Vulnerability from github
Published
2020-09-02 15:26
Modified
2022-05-26 20:43
Severity ?
VLAI Severity ?
Summary
Remote Memory Exposure in bl
Details
A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "bl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "bl"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.2.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "bl"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.0"
]
},
{
"package": {
"ecosystem": "npm",
"name": "bl"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-8244"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": true,
"github_reviewed_at": "2020-09-02T15:26:05Z",
"nvd_published_at": "2020-08-30T15:15:00Z",
"severity": "MODERATE"
},
"details": "A buffer over-read vulnerability exists in bl \u003c4.0.3, \u003c3.0.1, \u003c2.2.1, and \u003c1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.",
"id": "GHSA-pp7h-53gx-mx7r",
"modified": "2022-05-26T20:43:51Z",
"published": "2020-09-02T15:26:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8244"
},
{
"type": "WEB",
"url": "https://github.com/rvagg/bl/commit/8a8c13c880e2bef519133ea43e0e9b78b5d0c91e"
},
{
"type": "WEB",
"url": "https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190"
},
{
"type": "WEB",
"url": "https://github.com/rvagg/bl/commit/dacc4ac7d5fcd6201bcf26fbd886951be9537466"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/966347"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Remote Memory Exposure in bl"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…