WooCommerce – Product Importer Security Vulnerabilities

Security Bulletin: Multiple vulnerabilities in Bouncy Castle API affect IBM License Metric Tool.

Summary IBM License Metric Tool is affected by Bouncy Castle Cryptography vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-30172 DESCRIPTION: **The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519 verification code. By...

Security Bulletin: Security vulnerabilities have been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool.

Summary There are security vulnerabilities in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3...

Security Bulletin: Vulnerabilities in Jinja, idna & cryptography can affect IBM Storage Protect Plus Microsoft File Systems Backup and Restore

Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Jinja, idna & cryptography which include cross-site scripting & a denial of service, as described by the CVEs in the "Vulnerability Details" section. These vulnerabilities have been...

Security Bulletin: IBM Instana Observability is vulnerable to SQL injection due to PostgreSQL driver and toolkit for Go, known as pgx.

Summary PostgreSQL driver and toolkit for Go, known as pgx is used by IBM Instana Observability (Using third-party datastore Operators) as part of the postgres operator (CVE-2024-27304). This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID:...

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console (CVE-2024-35153).

Summary The security issue described in CVE-2024-35153 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section...

Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities.

Summary IBM MQ Appliance has addressed multiple open source vulnerabilities (CVE-2020-12762, CVE-2021-33631, CVE-2023-6931, CVE-2024-1086). Vulnerability Details CVEID: CVE-2020-12762 DESCRIPTION: json-c could allow a remote attacker to execute arbitrary code on the system, caused by an integer...

Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2024-2511)

Summary IBM MQ Appliance has addressed an OpenSSL denial of service vulnerability. Vulnerability Details CVEID: CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote...

Security Bulletin: IBM MQ Appliance vulnerable to open redirect (CVE-2024-29041)

Summary IBM MQ Appliance has addressed an open redirect vulnerability. Vulnerability Details CVEID: CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using....

Security Bulletin: IBM MQ Appliance is vulnerable to XML External Entity (XXE) injection and server-side request forgery (CVE-2024-22354 & CVE-2024-22329)

Summary IBM MQ Appliance has addressed XML External Entity (XXE) injection and server-side request forgery vulnerabilities. Vulnerability Details CVEID: CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are.....

Security Bulletin: IBM MQ Appliance vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)

Summary By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM MQ Appliance has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms...

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service attack (CVE-2024-35116)

Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID: CVE-2024-35116 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack caused by an error applying configuration changes. CVSS Base score: 5.9 CVSS Temporal Score: See: ...

Security Bulletin: IBM MQ is vulnerable to a denial of service attack (CVE-2024-35116)

Summary IBM MQ has addressed a denial of service vulnerability. Vulnerability Details CVEID: CVE-2024-35116 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack caused by an error applying configuration changes. CVSS Base score: 5.9 CVSS Temporal Score: See: ...

Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-35155)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID: CVE-2024-35155 DESCRIPTION: IBM MQ Console could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the...

Security Bulletin: IBM MQ is affected by a password disclosure vulnerability (CVE-2024-35156)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ REST API. Vulnerability Details CVEID: CVE-2024-35156 DESCRIPTION: IBM MQ could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This...

Security Bulletin: IBM MQ is affected by a vulnerability in Eclipse Jetty (CVE-2024-22201)

Summary An issue was found in Eclipse Jetty that is shipped with the IBM MQ Explorer. Vulnerability Details CVEID: CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. By sending a specially crafted request,.....

Security Bulletin: IBM MQ is affected by a vulnerability in the IBM Runtime Environment, Java Technology Edition (CVE-2024-21085)

Summary An issue was identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped with IBM MQ. Vulnerability Details CVEID: CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low...

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary Multiple issues were identified with IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID: CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere...

Security Bulletin: IBM MQ is vulnerable to a denial of service attack (CVE-2024-31919)

Summary IBM MQ has addressed a denial of service vulnerability caused by an error processing messages when an API Exit using MQBUFMH is used. Vulnerability Details CVEID: CVE-2024-31919 DESCRIPTION: IBM MQ, in certain configurations, is vulnerable to a denial of service attack caused by an error...

Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack (CVE-2024-31912)

Summary IBM MQ has addressed a privilege escalation vulnerability. Vulnerability Details CVEID: CVE-2024-31912 DESCRIPTION: IBM MQ could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. CVSS Base score: 7.5 CVSS Temporal...

IBM MQ 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD Privilege Escalation (7158072)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158072 advisory. IBM MQ could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. (CVE-2024-31912) Note that...

IBM MQ 9.1 <= 9.1.0.22 / 9.2 <= 9.2.0.26 / 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7157976)

The version of IBM MQ Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7157976 advisory. IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service,...

IBM MQ 9.0 <= 9.0.0.26 / 9.1 <= 9.1.0.22 / 9.2 <= 9.2.0.26 / 9.3 < 9.4 CD (7158057)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158057 advisory. Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can...

IBM MQ DoS (7157979)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7157979 advisory. IBM MQ, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used....

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7150929)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 7150929 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of ...

IBM MQ 9.0 <= 9.0.0.26 / 9.1 <= 9.1.0.22 / 9.2 <= 9.2.0.26 / 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7157980)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7157980 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are...

IBM MQ 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7158058)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158058 advisory. IBM MQ could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used...

IBM MQ 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7158059)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158059 advisory. IBM MQ Console could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This...

CVE-2024-36680: SQL Injection Vulnerability in Facebook’s PrestaShop Module Exposes Thousands of E-commerce Sites to Credit Card Fraud

**SQL Injection Exposure in Promokit.eu Threatens Facebook's PrestaShop Customers ** PrestaShop is a free, open-source E-commerce platform launched in 2007. Built with PHP and MySQL, it offers customizable, scalable solutions for online stores. Features include product management, inventory...

Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack

On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository. Upon further investigation, our team quickly identified 4 additional affected plugins through our internal Threat...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-37532

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the...

Security Bulletin: IBM Master Data Management affected by vulnerabilites in IBM WebSphere Application Server to cross-site scripting (CVE-2024-35153)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in IBM WebSphere Application Server. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities

Summary There are vulnerabilities in IBM® Java™ Version 8 used by IBM Cognos Dashboards on Cloud Pak. IBM Cognos Dashboards on Cloud Pak has addressed these vulnerabilities by upgrading IBM® Java™. There are vulnerabilities in Open-Source Software (OSS) components consumed by IBM Cognos Dashboards....

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by a security flaw in IBM WebSphere Application Server Liberty. The flaw can lead to weaker than expected security for outbound TLS connections, as described in the "Vulnerability Details" section....

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by a security flaw in IBM WebSphere Application Server Liberty. The flaw can lead to weaker than expected security for outbound TLS connections, as described in the "Vulnerability Details" section....

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty and libcurl may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty and libcurl. The flaws can lead to weaker than expected security for outbound TLS connections and bypass of security restrictions, as described in the "Vulnerability...

Security Bulletin: IBM Operator for Apache Flink is vulnerable to a denial of service attack due to the Apache Commons Compress component ( CVE-2024-25710,CVE-2024-26308).

Summary IBM Operator for Apache Flink is vulnerable to a denial of service attack due to the Apache Commons Compress component. Apache Flink uses Commons Compress for handling compressed files and formats, enabling efficient data processing and storage. Vulnerability Details ** CVEID:...

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.0 Vulnerability Details ** CVEID: CVE-2022-25857 DESCRIPTION: **Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to cross-site scripting (CVE-2024-35153)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions...

Exploit Attempts Recorded Against New MOVEit Transfer Vulnerability - Patch ASAP!

A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to follow-redirects arbitrary phishing attack vulnerability ( CVE-2023-26159)

Summary Potential follow-redirects arbitrary phishing attack vulnerability ( CVE-2023-26159) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting (CVE-2024-35153)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected....

Security Bulletin: IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2024-29018 DESCRIPTION: **moby could allow a remote attacker to obtain sensitive information, caused by incorrect resource transfer between spheres. By...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified vulnerability in Java SE ( CVE-2024-20952)

Summary Potential unspecified vulnerability in Java SE related to the VM component (CVE-2024-20952) has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Node.js and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor (CVE-2024-27983, CVE-2024-27980, CVE-2024-22329, CVE-2024-27982, CVE-2024-22354, CVE-2024-4068). Vulnerability Details ** CVEID: CVE-2024-27983 DESCRIPTION:...

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.4 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.4 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2022-48554 DESCRIPTION: **File is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the file_copystr...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to a denial of service due to a module used in node

Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor (IBM X-Force ID: 294242). Vulnerability Details ** IBM X-Force ID: 294242 DESCRIPTION: **Node.js Axios module is vulnerable to a denial of service, caused by a prototype pollution.....

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to weaker than expected security for outbound TLS connections due to WebSphere Application Server Liberty

Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor (CVE-2023-50312). Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to conduction of phishing attacks due to a web framework used in node

Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor (CVE-2024-29041). Vulnerability Details ** CVEID: CVE-2024-29041 DESCRIPTION: **Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open...

Malwarebytes Premium Security stops 100% of malware during AV Lab test

Malwarebytes Premium Security has maintained its long-running, perfect record in protecting users against online threats by blocking 100% of the malware samples deployed in the AV Lab Cybersecurity Foundation’s “Advanced In-The-Wild Malware Test.” For its performance in the May 2024 evaluation,...

Exploit for Path Traversal in Solarwinds Serv-U

CVE-2024-28995-SolarWinds-Serv-U **SolarWinds Serv-U File...