Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM31EFB1D6018251ECAF3C2690A457AEECD555CDBE9B29FD4E92178FBD1D574317
HistoryOct 13, 2020 - 7:34 p.m.

Security Bulletin: Apache Derby as used by IBM QRadar SIEM is vulnerable to Improper Input Validation (CVE-2018-1313)

2020-10-1319:34:56
www.ibm.com
10

0.001 Low

EPSS

Percentile

48.7%

JSON

Summary

Apache Derby as used by IBM QRadar SIEM is vulnerable to Improper Input Validation.

Vulnerability Details

CVEID:CVE-2018-1313
**DESCRIPTION:**Apache Derby could allow a remote attacker to bypass security restrictions, caused by improper validation of network packets received. By sending a specially-crafted network packet, an attacker could exploit this vulnerability to boot a database whose location and contents are under the user’s control.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/142898 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

IBM QRadar SIEM 7.4.0 - 7.4.1 GA

IBM QRadar SIEM 7.3.0 - 7.3.3 Patch 4

Remediation/Fixes

QRadar / QRM / QVM / QRIF / QNI 7.4.1 Patch 1

QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 5

Workarounds and Mitigations

None

Related

ibm 12
nvd 2
cvelist 2
osv 1
veracode 1
github 1
debiancve 2
prion 2
redhatcve 2
ubuntucve 2
cve 2
alpinelinux 1
f5 2
nessus 1
oracle 2
ibm
ibm
Security Bulletin: Apache Derby security vulnerabilities in IBM System Dashboard for Enterprise Content Manager (affected, not vulnerable)
2022-07-26 23:35:58
Security Bulletin: A vulnerability in Apache Derby could affect IBM Performance Management products (CVE-2018-1313)
2018-08-29 15:04:57
Security Bulletin: ITCAM for Transactions affected by the Security vulnerability CVE-2018-1313 found in derbyclient-10.10.2.0.jar and its perivious versions
2023-08-30 11:06:15
nvd
nvd
CVE-2018-1313
2018-05-07 13:29:00
CVE-2018-2938
2018-07-18 13:29:02
cvelist
cvelist
CVE-2018-1313
2018-05-05 00:00:00
CVE-2018-2938
2018-07-18 13:00:00
osv
osv
Improper Access Control in Apache Derby
2022-05-13 01:02:18
veracode
veracode
Insecure Defaults
2018-05-08 05:55:18
github
github
Improper Access Control in Apache Derby
2022-05-13 01:02:18
debiancve
debiancve
CVE-2018-1313
2018-05-07 13:29:00
CVE-2018-2938
2018-07-18 13:29:02
prion
prion
Design/Logic Flaw
2018-05-07 13:29:00
Design/Logic Flaw
2018-07-18 13:29:00
redhatcve
redhatcve
CVE-2018-1313
2018-05-07 14:19:10
CVE-2018-2938
2018-07-17 21:18:44
ubuntucve
ubuntucve
CVE-2018-1313
2018-05-07 00:00:00
CVE-2018-2938
2018-07-18 00:00:00
cve
cve
CVE-2018-1313
2018-05-07 13:29:00
CVE-2018-2938
2018-07-18 13:29:02
alpinelinux
alpinelinux
CVE-2018-2938
2018-07-18 13:29:02
f5
f5
K000134636 : Java vulnerabilities CVE-2018-2942 and CVE-2018-2938
2023-05-17 00:00:00
K11522001 : Apache vulnerabilities CVE-2018-1313, CVE-2018-1338, CVE-2018-1339, CVE-2018-1335, and CVE-2018-8003
2018-07-17 00:00:00
nessus
nessus
Oracle WebLogic Server Multiple Vulnerabilities (January 2019 CPU)
2019-01-17 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
CPU July 2018
2018-07-17 00:00:00

0.001 Low

EPSS

Percentile

48.7%

JSON
Related for 31EFB1D6018251ECAF3C2690A457AEECD555CDBE9B29FD4E92178FBD1D574317
ibm12nvd2cvelist2osv1veracode1github1debiancve2prion2redhatcve2ubuntucve2cve2alpinelinux1f52nessus1oracle2