Solidfire, Enterprise Sds & Hci Storage Node Security Vulnerabilities

CVE-2024-28798

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2023-50954

IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-28798

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2024-31902

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: ...

CVE-2024-31902

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: ...

CVE-2023-50954

IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2023-50954 IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-31902 IBM InfoSphere Information Server cross-site request forgery

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: ...

CVE-2024-35119 IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-28795

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2023-35022

IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: ...

CVE-2023-35022

IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: ...

CVE-2024-28795

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2024-28798 IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2023-35022 IBM InfoSphere Information Server improper authentication

IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: ...

CVE-2024-28795 IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

Google to Block Entrust Certificates in Chrome Starting November 2024

Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several...

Virtuozzo Hybrid Infrastructure 6.2 (6.2.0-136)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover the compute service, high availability of the management node, object storage management, networking, and monitoring. Additionally, this release delivers stability improvements and addresses issues found...

SUSE SLES15 Security Update : frr (SUSE-SU-2024:2245-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2245-1 advisory. - CVE-2023-38406: Fixed nlri length of zero mishandling, aka 'flowspec overflow'. (bsc#1216900) - CVE-2023-47235: Fixed a crash on.....

Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site request forgery (CVE-2024-31902)

Summary A cross-site request forgery vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-31902 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and.....

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Oracle MySQL Connectors (CVE-2023-22102)

Summary A vulnerability in Oracle MySQL Connectors used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-22102 DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/J component could allow a remote attacker to cause.....

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Open Container Initiative runc

Summary Multiple vulnerabilities in Open Container Initiative runc used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2024-21626 DESCRIPTION: **Open Container Initiative runc could allow a remote attacker to bypass security restrictions, caused by an...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2023-50964)

Summary A cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50964 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript...

Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting (CVE-2024-35153)

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Vulnerability Details ** CVEID: CVE-2024-35153 DESCRIPTION: **IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to improper error handling (CVE-2023-50953)

Summary An improper error handling vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50953 DESCRIPTION: **IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical error...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information (CVE-2024-35119)

Summary A sensitive information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-35119 DESCRIPTION: **IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical...

Security Bulletin: IBM InfoSphere Information Server is affected by a code execution vulnerability in Eclipse JGit (CVE-2023-4759)

Summary A code execution vulnerability in Eclipse JGit used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-4759 DESCRIPTION: **Eclipse JGit could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of case...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL

Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2023-3817 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check()...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to information exposure in a URL (CVE-2023-50954)

Summary An information exposure vulnerability in InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50954 DESCRIPTION: **IBM InfoSphere Information Server returns sensitive information in URL information that could be used in further attacks against the system....

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in IBM® WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server. These are addressed. Vulnerability Details ** CVEID: CVE-2024-27268 DESCRIPTION: **IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in tqdm (CVE-2024-34062)

Summary A vulnerability in tqdm used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-34062 DESCRIPTION: **tqdm could allow a local authenticated attacker to execute arbitrary code on the system, caused by a CLI arguments injection . By sending a specially...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to insecure authorization (CVE-2023-35022)

Summary An insecure authorization vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-35022 DESCRIPTION: **IBM InfoSphere Information Server could allow a local user to update projects that they do not have the authorization to access. CVSS...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Psf Requests (CVE-2024-35195)

Summary A vulnerability in Psf Requests used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-35195 DESCRIPTION: **Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementation...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in XNIO (CVE-2023-5685)

Summary A vulnerability in XNIO used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-5685 DESCRIPTION: **XNIO is vulnerable to a denial of service, caused by a stack overflow exception when the chain of notifier states becomes problematically large. By...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes

Summary Multiple vulnerabilities in Kubernetes used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2020-8562 DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to obtain sensitive information, caused by a time-of-check time-of-use...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to stored cross-site scripting (CVE-2024-28798)

Summary A stored cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-28798 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to server-side request forgery (CVE-2023-50952)

Summary A server-side request forgery (SSRF) vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50952 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to server-side request forgery (SSRF). This may allow an authenticated...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to stored cross-site scripting (CVE-2024-28797)

Summary A stored cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-28797 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to stored cross-site scripting (CVE-2024-28795)

Summary A stored cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-28795 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

Security Bulletin: IBM InfoSphere Information Server low level authenticated user can view sensitive information (CVE-2024-31898)

Summary A vulnerability in IBM InfoSphere Information Server allowed a lower level authenticated user to view sensitive information. This vulnerabity was addressed. Vulnerability Details ** CVEID: CVE-2024-31898 DESCRIPTION: **IBM InfoSphere Information Server could allow an authenticated user to.....

Security Bulletin: IBM Cognos Transformer is affected by security vulnerabilities

Summary Vulnerabilities in IBM® Java™ Version 8 that is consumed by IBM Cognos Transformer have been addressed. Please refer to the table in the Related Information section for vulnerability impact. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java.....

CVE-2024-38322

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: ...

CVE-2024-38322

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: ...

CVE-2024-35156

IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-35156

IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-35116

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: ...

CVE-2024-35116

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: ...

CVE-2024-25031

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: ...

CVE-2024-25041

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant. IBM X-Force ID: ...

CVE-2024-25031

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: ...