High Severity

IBM Security Bulletin: Cloudant Local Apache CouchDB CVE-2018-17188: Remote Privilege Escalations

Share this post:

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users.

CVE(s): CVE-2018-17188

Affected product(s) and affected version(s):
All versions of Apache CouchDB prior to 2.3.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10875784
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/154346

More stories

IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities (CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3863)

Jul 23, 2019 9:01 am EDT | High Severity

IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to address multiple security vulnerabilities. The libssh2 packages that implement the SSH2 protocol is affected by four vulnerabilities. CVE(s): CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3863 Affected product(s) and affected version(s):IBM Security Identity Governance and Intelligence (IGI) 5.2, 5.2.1, 5.2.2, 5.2.2.1, 5.2.3, 5.2.3.1, ...read more


IBM Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation

Jul 23, 2019 9:01 am EDT | High Severity

IBM Rational DOORS Next Generation® is affected by multiple vulnerabilities in the Oracle Outside In Technology® that is used as a component. CVE(s): CVE-2019-2610, CVE-2019-2609, CVE-2019-2608, CVE-2019-2705, CVE-2019-2612, CVE-2019-2611, CVE-2019-2613 Affected product(s) and affected version(s):Rational DOORS Next Generation 6.0.6 Rational DOORS Next Generation 6.0.6.1 Previous versions are not affected. Refer to the following reference URLs ...read more


IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Apr 2019 – Includes Oracle Apr 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time

Jul 22, 2019 9:01 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 ,version 8, that is used by IBM Tivoli Composite Application Manager for Transactions – Robotic Response Time. These issues were disclosed as part of the IBM Java SDK updates in April 2019. CVE(s): CVE-2019-10245, CVE-2019-2684, CVE-2019-2602, CVE-2019-2697, CVE-2019-2698, CVE-2019-2699 Affected product(s) and affected ...read more