High Severity

IBM Security Bulletin: Cloudant Local Apache CouchDB CVE-2018-17188: Remote Privilege Escalations

Share this post:

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users.

CVE(s): CVE-2018-17188

Affected product(s) and affected version(s):
All versions of Apache CouchDB prior to 2.3.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10875784
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/154346

More stories

IBM Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities

Apr 25, 2019 9:02 am EDT | High Severity

IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. CVE(s): CVE-2018-11759, CVE-2017-12613, CVE-2017-15710, CVE-2017-15715, CVE-2018-1301 Affected product(s) and affected version(s): Affected IBM Security SiteProtector System Affected Versions IBM Security SiteProtector System 3.1.1 IBM Security SiteProtector System 3.0.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10880665X-Force ...read more


IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in GNU C Library (CVE-2017-15804 CVE-2017-15670 CVE-2015-5180)

Apr 25, 2019 9:01 am EDT | High Severity

IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerabilities in GNU C Library. CVE(s): CVE-2017-15804, CVE-2017-15670, CVE-2015-5180 Affected product(s) and affected version(s): Product Affected Version IBM Dynamic System Analysis (DSA) Preboot 9.6 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10870808X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133996X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133915X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/130620 ...read more


IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in xorg-x11

Apr 25, 2019 9:01 am EDT | High Severity

IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerabilities in xorg-x11. CVE(s): CVE-2015-9262, CVE-2018-14665, CVE-2018-14600, CVE-2018-14599, CVE-2018-14598 Affected product(s) and affected version(s): Product Affected Version IBM Dynamic System Analysis (DSA) Preboot 9.6 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10874890X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148854X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151991X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148663X-Force Database: ...read more