A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Critical Vulnerabilities in multiple IBM vulnerabilities (CVE-2024-1597, CVE-2022-46337)

Critical Vulnerabilities in multiple IBM vulnerabilities (CVE-2024-1597, CVE-2022-46337)

Advisory No: TZCERT/SA/2024/07/10-1

Date of First Release: 10th July 2024

Source: IBM

Software Affected:  PostgreSQL JDBC Driver, Apache Derby

Overview:

Multiple IBM products depending on  PostgreSQL JDBC Driver, and Apache Derby are vulnerable to critical vulnerabilities. Attackers can exploit the vulnerabilities to dump critical data or execute arbitrary code.

Description:

Multiple IBM products running on  PostgreSQL JDBC Driver, and are affected by critical vulnerabilities with CVSS base scores of 10 and 9.1 and tracked as CVE-2024-1597, and CVE-2022-46337 respectively. The vulnerabilities exist in PostgreSQL JDBC Driver that uses the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value, and in Apache Derby plugin caused by a LDAP injection vulnerability in authenticator. The attackers can send specially crafted request to execute arbitrary code on the vulnerable system.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Solution:

IBM has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://exchange.xforce.ibmcloud.com/vulnerabilities/283693
  2. https://exchange.xforce.ibmcloud.com/vulnerabilities/271915

Check Also

Remote Code Execution Vulnerabilities in SolarWinds Access Rights Manager (ARM) (CVE-2024-23469, CVE-2024-23467, CVE-2024-23471)

Advisory No: TZCERT/SA/2024/07/19-3 Date of First Release: 19th July 2024 Source: SolarWinds Software Affected: SolarWinds …