Security Bulletin: IBM Security Verify Governance, Identity Manager virtual appliance component vulnerable to spoofing attacks (CVE-2022-38712)

Summary IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to...

CVE-2022-48330

A Huawei sound box product has an out-of-bounds write vulnerability. Attackers can exploit this vulnerability to cause buffer overflow. Affected product versions include:FLMG-10 versions FLMG-10 10.0.1.0H100SP22C00...

CVE-2022-48330

A Huawei sound box product has an out-of-bounds write vulnerability. Attackers can exploit this vulnerability to cause buffer overflow. Affected product versions include:FLMG-10 versions FLMG-10 10.0.1.0H100SP22C00...

PT-2023-15709 · Flmg-10 · Flmg-10

Name of the Vulnerable Software and Affected Versions: FLMG-10 version 10.0.1.0H100SP22C00 Description: The issue is an out-of-bounds write vulnerability that can be exploited by attackers to cause a buffer overflow. Recommendations: For version 10.0.1.0H100SP22C00, at the moment, there is no...

Huawei FLMG-10 缓冲区错误漏洞

The Huawei FLMG-10 is a high-end Bluetooth remote speaker from Huawei, a Chinese company. A security vulnerability exists in Huawei FLMG-10 version 10.0.1.0 H100SP22C00, which stems from an out-of-bounds write vulnerability...

Security Bulletin: IBM API Connect is impacted by an external service interaction vulnerability (CVE-2022-34350)

Summary IBM API Connect has addressed the following external service interaction vulnerability CVE-2022-34350. Vulnerability Details CVEID:CVE-2022-34350 DESCRIPTION: IBM API Connect is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remo...

Security Bulletin: Security vulnerabilities have been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component

Summary IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerabilities Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificate...

IBM DataPower Gateway 代码问题漏洞

IBM DataPower Gateway is a suite of International Business Machines IBM security and integration platforms designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and...

Security Bulletin: IBM DataPower Gateway affected by multiple vulnerabilities in Java

Summary While core IBM DataPower Gateway does not use Java, certain components shipped with IDG may be vulnerable. IBM has addressed the CVEs. Vulnerability Details CVEID:CVE-2022-21434 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an...

CVE-2022-22259

There is an improper authentication vulnerability in FLMG-10 10.0.1.0H100SP22C00. Successful exploitation of this vulnerability may lead to a control of the victim device...

CVE-2022-22259

There is an improper authentication vulnerability in FLMG-10 10.0.1.0H100SP22C00. Successful exploitation of this vulnerability may lead to a control of the victim device...

CVE-2022-22259

There is an improper authentication vulnerability in FLMG-10 10.0.1.0H100SP22C00. Successful exploitation of this vulnerability may lead to a control of the victim device...

Security Bulletin: IBM DataPower Gateway potentially vulnerable to DNS spoofing

Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2021-22931 DESCRIPTION: Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An attacker could exploit this vulnerability to cause output of wrong hostnames...

CVE-2020-4994

IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. IBM X-Force ID: 192906...

Security Bulletin: IBM DataPower Gateway vulnerable to temporary DoS

Summary IBM has addressed the CVEs Vulnerability Details CVEID: CVE-2022-22356 DESCRIPTION: IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487. CVSS Base score: 5...

CVE-2020-4994

IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. IBM X-Force ID: 192906...

CVE-2021-39070

IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353...

IBM Security Verify Access 安全漏洞

IBM Security Verify Access ISAM is a service from IBM USA that improves user access security. IBM Security Verify Access versions 10.0.0.0, 10.0.1.0 and 10.0.2.0 have a security vulnerability that could be exploited by an attacker to authenticate as any user on the system authenticate as any user...

CVE-2021-38894

CVE-2021-38894 affects IBM Security Verify Access/Verify (10.0.0.x). Information disclosure occurs when a detailed technical error message is returned in a browser, allowing remote attackers to obtain sensitive information that could aid further attacks. Public sources confirm the issue is tied t...

IBM DataPower Gateway 加密问题漏洞

IBM DataPower Gateway is a security and integration platform built specifically for mobile, cloud, API, web, SOA, B2B and cloud workloads. A weak cryptographic algorithm vulnerability exists in IBM DataPower Gateway 10.0.0.0 - 10.0.1.0. An attacker could exploit the vulnerability to decrypt highl...