ASPECT®-Enterprise Security Vulnerabilities

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2023-50312

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-25026

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-22329

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

Security Bulletin: Information disclosure vulnerabilities affect IBM Business Automation Workflow - CVE-2024-28849, CVE-2024-21501

Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION: **Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the...

Security Bulletin: Vulnerability in jjwt may affect IBM Business Automation Workflow - CVE-2024-31033

Summary IBM Business Automation Workflow packages a vulnerable copy of jjwt. Vulnerability Details ** CVEID: CVE-2024-31033 DESCRIPTION: **An unspecified error with ignoring certain characters in jwtk JJWT (aka Java JWT) has an unknown impact and attack vector. CVSS Base score: 6.8 CVSS Temporal...

SASE Threat Report: 8 Key Findings for Enterprise Security

Threat actors are evolving, yet Cyber Threat Intelligence (CTI) remains confined to each isolated point solution. Organizations require a holistic analysis across external data, inbound and outbound threats and network activity. This will enable evaluating the true state of cybersecurity in the...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container (ACEcc) is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.18 (LTS) and 11.6.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities.....

(RHSA-2024:3546) Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) ruby: Buffer overread vulnerability in StringIO...

RHEL 7 : rpcbind (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. rpcbind: -h fails to control access to rpcbind (CVE-2012-3541) Note that Nessus has not tested for this issue but...

RHEL 8 : tmux (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. tmux: null pointer dereference in window_pane_set_event() in window.c (CVE-2022-47016) Note that Nessus has not...

RHEL 6 : qpid-cpp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. qpid-cpp: anonymous access to qpidd cannot be prevented (CVE-2015-0223) qpid-cpp: AMQP 0-10 protocol...

RHEL 7 : dbus (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. dbus: denial of service in file descriptor passing feature (CVE-2014-3532) dbus: denial of service when...

RHEL 6 : polkit (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass (CVE-2018-19788) ...

RHEL 6 : nss_compat_ossl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. nss_compat_ossl: incorrect multi-keyword mode cipherstring parsing (CVE-2015-3278) Note that Nessus has not tested...

RHEL 5 : perl-xml-libxml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl-XML-LibXML: Use-after-free by controlling the arguments to a replaceChild call (CVE-2017-10672) The...

RHEL 4 : xorg-x11 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. x11perfcomp has dot in its path (CVE-2011-2504) The LockServer function in os/utils.c in X.Org xserver...

RHEL 4 : groff (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. groff: improper handling of failed attempts to create temporary directories in eqn2graph/pic2graph/grap2graph...

RHEL 3 : ghostscript (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. ghostscript: glyph data access improper input validation (CVE-2010-4054) Note that Nessus has not tested for this...

RHEL 6 : batik (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. batik: XML external entity processing vulnerability (CVE-2017-5662) batik: information disclosure when...

RHEL 6 : xerces-c (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. xerces-c: Use-after-free in heap on specially crafted XML input (CVE-2016-2099) internal/XMLReader.cpp...

RHEL 7 : gnutls (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gnutls: certificate algorithm consistency checking issue (CVE-2015-0294) gnutls: use-after-free flaw in...

RHEL 4 : qt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. QT: BMP image handler crash (CVE-2015-0295) Note that Nessus has not tested for this issue but has instead relied on...

RHEL 7 : mysql-connector-java (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258) ...

RHEL 5 : php53 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php: buffer overflow in phar_set_inode() (CVE-2015-3329) php: memory corruption in phar_parse_tarfile...

RHEL 6 : coreutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. coreutils: memory corruption flaw in parse_datetime() (CVE-2014-9471) coreutils: Non-privileged session...

RHEL 7 : libdwarf (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libdwarf: heap-based buffer over-read in dwarf_formsdata() (CVE-2017-9055) Use-after-free vulnerability...

RHEL 7 : httpd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. firefox: Possible integer overflow to fix inside XML_Parse in Expat (CVE-2016-9063) mod_lua.c in the...

RHEL 6 : tcpdump (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tcpdump: multiple overflow issues in protocol decoding (CVE-2017-5486) Integer underflow in the...

RHEL 7 : rhev-guest-tools (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. rhevm: rhev agent service unquoted search path (CVE-2013-2151) Note that Nessus has not tested for this issue but...

RHEL 5 : libxp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. libXp: Integer overflow leading to heap-based buffer overflow (CVE-2013-2062) Note that Nessus has not tested for...

RHEL 5 : python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python: Heap overflow in zipimporter module (CVE-2016-5636) python: Integer overflow in...

RHEL 6 : python33-python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. python: missing boundary check in JSON module (CVE-2014-4616) Note that Nessus has not tested for this issue but has...

RHEL 5 : libksba (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libksba: integer underflow flaw leading to a heap-based buffer overflow in ksba_oid_to_str() ...

RHEL 6 : hplip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. hplip: hp-plugin verified binary download with short key ID (CVE-2015-0839) Note that Nessus has not tested for this...

RHEL 7 : dhcp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. dhcp: UDP payload length not properly checked (CVE-2015-8605) Note that Nessus has not tested for this issue but has...

RHEL 7 : a2ps (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. a2ps: output_file() format string flaw (CVE-2015-8107) Note that Nessus has not tested for this issue but has...

RHEL 7 : freeradius (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer ...

RHEL 6 : java-1.5.0-ibm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842) (CVE-2015-4803) ...

RHEL 4 : perl-libwww-perl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl-libwww-perl: multiple HTTP client download filename vulnerability [OCERT 2010-001] (CVE-2010-2253) ...

RHEL 5 : gdm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. gdm: logs user passwors that contain invalid UTF8-encoded characters, in debug mode (CVE-2010-2387) Note that Nessus...

RHEL 6 : tog-pegasus (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. tog-pegasus: xml hash table collision CPU usage DoS (CVE-2011-4967) Note that Nessus has not tested for this issue...

RHEL 5 : openssl097a (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) The Diffie-Hellman...

RHEL 6 : mailx (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. BSD compress LZW decoder buffer overflow (CVE-2011-2895) Note that Nessus has not tested for this issue but has...

RHEL 3 : gstreamer-plugins (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 (CVE-2011-2911, CVE-2011-2915) Stack-based...

RHEL 7 : yelp-xsl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. jquery-ui: XSS vulnerability in jQuery.ui.dialog title option (CVE-2010-5312) jquery-ui: XSS...

RHEL 5 : libpng (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libpng: underflow read in png_check_keyword() (CVE-2015-8540) The png_push_read_zTXt function in...

RHEL 6 : crypto-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. crypto-utils: insecure temporary file usage in genkey (CVE-2012-3504) Note that Nessus has not tested for this issue...

RHEL 6 : icu (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ICU: missing boundary checks in layout engine (OpenJDK 2D, 8132042) (CVE-2015-4844) icu: Double free in...

RHEL 4 : xemacs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. xemacs: multiple integer overflow flaws (CVE-2009-2688) Note that Nessus has not tested for this issue but has...

RHEL 5 : xfsprogs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. xfsprogs: xfs_metadump information disclosure flaw (CVE-2012-2150) Note that Nessus has not tested for this issue...