Product:

Pureapplication_system

(Ibm)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 10
Date Id Summary Products Score Patch Annotated
2014-09-25 CVE-2014-7169 GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment... Mac_os_x, Eos, Ubuntu_linux, Security_gateway, Netscaler_sdx_firmware, Debian_linux, Arx_firmware, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_edge_gateway, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_protocol_security_module, Big\-Ip_wan_optimization_manager, Big\-Ip_webaccelerator, Big\-Iq_cloud, Big\-Iq_device, Big\-Iq_security, Enterprise_manager, Traffix_signaling_delivery_controller, Bash, Flex_system_v7000_firmware, Infosphere_guardium_database_activity_monitoring, Pureapplication_system, Qradar_risk_manager, Qradar_security_information_and_event_manager, Qradar_vulnerability_manager, San_volume_controller_firmware, Security_access_manager_for_mobile_8\.0_firmware, Security_access_manager_for_web_7\.0_firmware, Security_access_manager_for_web_8\.0_firmware, Smartcloud_entry_appliance, Smartcloud_provisioning, Software_defined_network_for_virtual_environments, Starter_kit_for_cloud, Stn6500_firmware, Stn6800_firmware, Stn7800_firmware, Storwize_v3500_firmware, Storwize_v3700_firmware, Storwize_v5000_firmware, Storwize_v7000_firmware, Workload_deployer, Mageia, Open_enterprise_server, Zenworks_configuration_management, Opensuse, Linux, Qts, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_from_rhui, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage_server_for_on\-Premise, Virtualization, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Studio_onsite, Esx, Vcenter_server_appliance 9.8
2014-09-24 CVE-2014-6271 GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka... Mac_os_x, Eos, Ubuntu_linux, Security_gateway, Netscaler_sdx_firmware, Debian_linux, Arx_firmware, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_edge_gateway, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_protocol_security_module, Big\-Ip_wan_optimization_manager, Big\-Ip_webaccelerator, Big\-Iq_cloud, Big\-Iq_device, Big\-Iq_security, Enterprise_manager, Traffix_signaling_delivery_controller, Bash, Flex_system_v7000_firmware, Infosphere_guardium_database_activity_monitoring, Pureapplication_system, Qradar_risk_manager, Qradar_security_information_and_event_manager, Qradar_vulnerability_manager, San_volume_controller_firmware, Security_access_manager_for_mobile_8\.0_firmware, Security_access_manager_for_web_7\.0_firmware, Security_access_manager_for_web_8\.0_firmware, Smartcloud_entry_appliance, Smartcloud_provisioning, Software_defined_network_for_virtual_environments, Starter_kit_for_cloud, Stn6500_firmware, Stn6800_firmware, Stn7800_firmware, Storwize_v3500_firmware, Storwize_v3700_firmware, Storwize_v5000_firmware, Storwize_v7000_firmware, Workload_deployer, Mageia, Open_enterprise_server, Zenworks_configuration_management, Opensuse, Linux, Qts, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_from_rhui, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage_server_for_on\-Premise, Virtualization, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Studio_onsite, Esx, Vcenter_server_appliance 9.8
2015-01-28 CVE-2015-0235 Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Mac_os_x, Debian_linux, Glibc, Pureapplication_system, Security_access_manager_for_enterprise_single_sign\-On, Communications_application_session_controller, Communications_eagle_application_processor, Communications_eagle_lnp_application_processor, Communications_lsms, Communications_policy_management, Communications_session_border_controller, Communications_user_data_repository, Communications_webrtc_session_controller, Exalogic_infrastructure, Linux, Vm_virtualbox, Php, Virtualization N/A
2019-06-26 CVE-2019-4225 IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242. Pureapplication_system 4.4
2019-06-26 CVE-2019-4224 IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240. Pureapplication_system 8.8
2019-06-26 CVE-2019-4234 IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416. Pureapplication_system 4.3
2019-06-26 CVE-2019-4235 IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417. Pureapplication_system 7.5
2019-06-26 CVE-2019-4241 IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467. Pureapplication_system 7.8
2015-01-10 CVE-2014-6158 Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component. Pureapplication_system, Workload_deployer N/A
2014-06-14 CVE-2014-0960 IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine. Pureapplication_system N/A