Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM518BCBC260E4BD9D09B688D22A87BFC320EA93712A401CE102FAFCF99C9BF46F
HistoryAug 29, 2018 - 3:04 p.m.

Security Bulletin: A vulnerability in Apache Derby could affect IBM Performance Management products (CVE-2018-1313)

2018-08-2915:04:57
www.ibm.com
11

0.001 Low

EPSS

Percentile

48.9%

JSON

Summary

Apache Derby could allow a remote attacker to bypass security restrictions, caused by improper validation of network packets received. By sending a specially-crafted network packet, an attacker could exploit this vulnerability to boot a database whose location and contents are under the user’s control.

Vulnerability Details

CVEID:CVE-2018-1313
**DESCRIPTION:*Apache Derby could allow a remote attacker to bypass security restrictions, caused by improper validation of network packets received. By sending a specially-crafted network packet, an attacker could exploit this vulnerability to boot a database whose location and contents are under the user’s control.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142898&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

IBM Monitoring 8.1.3
IBM Application Diagnostics 8.1.3
IBM Application Performance Management 8.1.3
IBM Application Performance Management Advanced 8.1.3
IBM Cloud Application Performance Management Base Private 8.1.4
IBM Cloud Application Performance Management Advanced Private 8.1.4

Remediation/Fixes

Remediation/Fixes Product VRMF Remediation
IBM Cloud Application Performance Management Base Private
IBM Cloud Application Performance Management Advanced Private 8.1.4 The vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0006 server patch to the system where the Cloud APM server is installed: https://www.ibm.com/support/docview.wss?rs=0&uid=isg400004027
IBM Monitoring
IBM Application Diagnostics
IBM Application Performance Management
IBM Application Performance Management Advanced 8.1.3 The vulnerability can be remediated by applying the following 8.1.3.0-IBM-IPM-SERVER-IF0013 server patch to the system where the APM server is installed: http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400004068

Workarounds and Mitigations

None

Related

cvelist 2
ibm 12
nvd 2
osv 1
prion 2
redhatcve 2
veracode 1
github 1
debiancve 2
ubuntucve 2
cve 2
alpinelinux 1
f5 2
nessus 1
oracle 2
cvelist
cvelist
CVE-2018-1313
2018-05-05 00:00:00
CVE-2018-2938
2018-07-18 13:00:00
ibm
ibm
Security Bulletin: Apache Derby security vulnerabilities in IBM System Dashboard for Enterprise Content Manager (affected, not vulnerable)
2022-07-26 23:35:58
Security Bulletin: Apache Derby as used by IBM QRadar SIEM is vulnerable to Improper Input Validation (CVE-2018-1313)
2020-10-13 19:34:56
Security Bulletin: Vulnerability in Apache Derby affect IBM Operations Analytics - Log Analysis (CVE-2018-1313)
2022-11-02 16:45:20
nvd
nvd
CVE-2018-1313
2018-05-07 13:29:00
CVE-2018-2938
2018-07-18 13:29:02
osv
osv
Improper Access Control in Apache Derby
2022-05-13 01:02:18
prion
prion
Design/Logic Flaw
2018-05-07 13:29:00
Design/Logic Flaw
2018-07-18 13:29:00
redhatcve
redhatcve
CVE-2018-1313
2018-05-07 14:19:10
CVE-2018-2938
2018-07-17 21:18:44
veracode
veracode
Insecure Defaults
2018-05-08 05:55:18
github
github
Improper Access Control in Apache Derby
2022-05-13 01:02:18
debiancve
debiancve
CVE-2018-1313
2018-05-07 13:29:00
CVE-2018-2938
2018-07-18 13:29:02
ubuntucve
ubuntucve
CVE-2018-1313
2018-05-07 00:00:00
CVE-2018-2938
2018-07-18 00:00:00
cve
cve
CVE-2018-1313
2018-05-07 13:29:00
CVE-2018-2938
2018-07-18 13:29:02
alpinelinux
alpinelinux
CVE-2018-2938
2018-07-18 13:29:02
f5
f5
K000134636 : Java vulnerabilities CVE-2018-2942 and CVE-2018-2938
2023-05-17 00:00:00
K11522001 : Apache vulnerabilities CVE-2018-1313, CVE-2018-1338, CVE-2018-1339, CVE-2018-1335, and CVE-2018-8003
2018-07-17 00:00:00
nessus
nessus
Oracle WebLogic Server Multiple Vulnerabilities (January 2019 CPU)
2019-01-17 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
CPU July 2018
2018-07-17 00:00:00

0.001 Low

EPSS

Percentile

48.9%

JSON
Related for 518BCBC260E4BD9D09B688D22A87BFC320EA93712A401CE102FAFCF99C9BF46F
cvelist2ibm12nvd2osv1prion2redhatcve2veracode1github1debiancve2ubuntucve2cve2alpinelinux1f52nessus1oracle2