Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.IBM_NETEZZA_ANALYTICS_SWG22012645.NASL
HistoryFeb 09, 2018 - 12:00 a.m.

IBM Netezza Analytics Open Source James Clark Expat Multiple Vulnerabilities (swg22012645)

2018-02-0900:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.005

Percentile

77.1%

JSON

The version of IBM Netezza Analytics installed on the remote Linux host is 1.2.1 - 3.2.1. It is, therefore, affected by multiple vulnerabilities in the Open Source James Clark Expat component.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(106714);
  script_version("1.5");
  script_cvs_date("Date: 2019/11/08");

  script_cve_id("CVE-2013-0340", "CVE-2013-0341");
  script_bugtraq_id(58233);

  script_name(english:"IBM Netezza Analytics Open Source James Clark Expat Multiple Vulnerabilities (swg22012645)");
  script_summary(english:"Checks the IBM Netezza Analytics version.");

  script_set_attribute(attribute:"synopsis", value:
"An enterprise data warehousing component installed on the remote
Linux host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of IBM Netezza Analytics installed on the remote Linux
host is 1.2.1 - 3.2.1. It is, therefore, affected by multiple
vulnerabilities in the Open Source James Clark Expat component.");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22012645");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM Netezza Analytics version 3.2.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0340");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/01/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:netezza");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"General");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ibm_netezza_platform_software_installed.nbin");
  script_require_keys("installed_sw/IBM Netezza Platform Software");

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("audit.inc");
include("install_func.inc");

app_name = "IBM Netezza Platform Software";

install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);

app_name = "IBM Netezza Analytics";
inza_ver = install["Netezza Analytics version"];

if (inza_ver == UNKNOWN_VER)
  audit(AUDIT_NOT_INST, app_name);

min = "1.2.1";
fix = "3.2.2";

if (ver_compare(ver:inza_ver, fix:min, strict:FALSE) < 0)
  audit(AUDIT_INST_VER_NOT_VULN, app_name, inza_ver);

if (ver_compare(ver:inza_ver, fix:fix, strict:FALSE) < 0)
{
  report +=
    '\n  Installed version : ' + inza_ver +
    '\n  Fixed version     : ' + fix +
    '\n';
  security_report_v4(port:0, extra:report, severity:SECURITY_WARNING);
}
else audit(AUDIT_INST_VER_NOT_VULN, "IBM Netezza Analytics", inza_ver);

Related

ibm 11
nvd 3
prion 3
cve 3
cvelist 3
debiancve 1
slackware 1
veracode 1
nessus 16
openvas 10
freebsd 4
cbl_mariner 1
ubuntucve 1
mageia 1
osv 2
gentoo 1
apple 6
androidsecurity 1
ics 1
avleonov 1
ibm
ibm
Security Bulletin:Vulnerabilities in Open Source James Clark Expat affect IBM Netezza Analytics
2019-10-18 03:10:29
Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise edition are affected by James Clark Expat Vulnerabilities
2018-06-17 22:33:38
Security Bulletin: IBM Prospect is affected by Expat XML Parser vulnerability (CVE-2013-0340)
2018-06-17 15:49:59
nvd
nvd
CVE-2013-0341
2013-09-26 14:16:22
CVE-2013-0340
2014-01-21 18:55:09
CVE-2021-40439
2021-10-07 16:15:09
prion
prion
Design/Logic Flaw
2013-09-26 14:16:00
Xxe
2014-01-21 18:55:00
Code injection
2021-10-07 16:15:00
cve
cve
CVE-2013-0341
2013-09-26 14:16:22
CVE-2013-0340
2014-01-21 18:55:09
CVE-2021-40439
2021-10-07 16:15:09
cvelist
cvelist
CVE-2013-0341
2013-09-26 10:00:00
CVE-2013-0340
2014-01-21 18:00:00
CVE-2021-40439 Billion Laughs
2021-10-07 15:50:12
debiancve
debiancve
CVE-2013-0340
2014-01-21 18:55:09
slackware
slackware
[slackware-security] expat
2021-05-23 19:55:46
veracode
veracode
XML External Entities (XXE)
2019-06-12 07:55:17
nessus
nessus
Slackware 14.0 / 14.1 / 14.2 / current : expat (SSA:2021-143-01)
2021-05-24 00:00:00
EulerOS Virtualization 2.9.1 : expat (EulerOS-SA-2021-2756)
2021-11-17 00:00:00
EulerOS Virtualization 2.9.0 : expat (EulerOS-SA-2021-2784)
2021-11-17 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2021-2756)
2021-11-17 00:00:00
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2021-2548)
2021-09-28 00:00:00
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2021-2524)
2021-09-28 00:00:00
freebsd
freebsd
Python -- multiple vulnerabilities
2021-08-30 00:00:00
Python -- multiple vulnerabilities
2021-08-30 00:00:00
texproc/expat2 -- billion laugh attack
2013-02-21 00:00:00
cbl_mariner
cbl_mariner
CVE-2013-0340 affecting package expat 2.2.6-4
2022-01-10 03:59:19
ubuntucve
ubuntucve
CVE-2013-0340
2014-01-21 00:00:00
mageia
mageia
Updated python3 packages fix security vulnerability
2021-09-23 07:49:29
osv
osv
expat-2.4.1-1.2 on GA media
2024-06-15 00:00:00
python38-3.8.12-1.2 on GA media
2024-06-15 00:00:00
gentoo
gentoo
Expat: Multiple vulnerabilities
2017-01-11 00:00:00
apple
apple
About the security content of Security Update 2021-005 Catalina
2021-09-13 00:00:00
About the security content of iOS 14.8 and iPadOS 14.8
2021-09-13 00:00:00
About the security content of watchOS 8
2021-09-20 00:00:00
androidsecurity
androidsecurity
Android 13 Security Release Notes
2022-07-25 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
avleonov
avleonov
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
2022-12-30 18:03:13

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.005

Percentile

77.1%

JSON
Related for IBM_NETEZZA_ANALYTICS_SWG22012645.NASL
ibm11nvd3prion3cve3cvelist3debiancve1slackware1veracode1nessus16openvas10freebsd4cbl_mariner1ubuntucve1mageia1osv2gentoo1apple6androidsecurity1ics1avleonov1