PMI V8xx (266807, 266812, 266815) Security Vulnerabilities

CVE-2023-43040

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: ...

CVE-2023-43040

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: ...

CVE-2023-43040 IBM Spectrum Fusion HCI improper access control

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: ...

Security Bulletin: IBM Storage Fusion HCI is vulnerable to unauthorized access due to a flaw in Ceph RGW.

Summary Ceph is used by IBM Storage Fusion HCI if IBM Storage Fusion HCI is configured with the Data Foundation service. CVE-2023-43040. Vulnerability Details ** CVEID: CVE-2023-43040 DESCRIPTION: **IBM Spectrum Fusion HCI could allow an attacker to perform unauthorized actions in RGW for Ceph...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2019-13224 DESCRIPTION: **oniguruma is vulnerable to a denial of service,...

Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.0 Vulnerability Details ** CVEID: CVE-2023-6481 DESCRIPTION: **QOS.ch Sarl Logback is vulnerable to a denial of service, caused by a serialization flaw in the logback receiver component. By sending a specially...

Security Bulletin: Vulnerabilities in Linux Kernel and Apache Axis can affect IBM Storage Protect Plus

Summary IBM Storage Protect Plus can be affected by vulnerabilities in Linux kernel and Apache Axis. Vulnerabilities include obtaining sensitive information, gaining elevated privileges, executing arbitrary commands, denial of service, and bypassing security restrictions, as described by the CVEs.....

Security Bulletin: Vulnerability in Linux Kernel might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by a vulnerability in Linux Kernel. A locally authenticated attacker could exploit this vulnerability to gain elevated privileges on the system as described by the CVEs in the "Vulnerability Details" section. [CVE-2023-2163] This bulletin...

Improper Access Control

ceph is vulnerable to Improper Access Control. An attacker could exploit this vulnerability to upload malicious files to any bucket accessible by the specified access key. This could allow the attacker to compromise the data stored in the bucket, or to launch further attacks against the...

CVE-2023-43040

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807. Bugs https://tracker.ceph.com/issues/63004...

CVE-2022-40977

A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or...

CVE-2022-39387

XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the...

Design/Logic Flaw

XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the...

CVE-2022-39387

XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the...

XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider

Impact Even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider by providing its details through request parameters. One can then bypass the XWiki authentication altogether by specifying its own provider through the...

XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider

Impact Even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider by providing its details through request parameters. One can then bypass the XWiki authentication altogether by specifying its own provider through the...

cms2.revize.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1016942 Security Researcher Gh05tPT Helped patch 6901 vulnerabilities Received 10 Coordinated Disclosure badges Received 48 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting cms2.revize.com website...

daddysfucks.com XSS vulnerability

Vulnerable URL: http://www.daddysfucks.com/index.html?id=">&ref;=http://www.porninspector.com/reviews/?&start;=140 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 14.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 17284694 VIP...

wildmomsandboys.com XSS vulnerability

Vulnerable URL: http://www.wildmomsandboys.com/index.html?id=">&ref;=http://www.porninspector.com/reviews/?&start;=140 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 14.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown...

cutegirlsrampage.com XSS vulnerability

Vulnerable URL: http://www.cutegirlsrampage.com/index.html?id=%22%3E%3Cimg%20src=x%20onerror=prompt(/OPENBUGBOUNTY/);%3E\&ref;=http://www.porninspector.com/reviews/?&start;=140 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 14.10.2017 Vulnerability type:| XSS...