Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : follow-redirects vulnerabilities (USN-8217-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8217-1 advisory. It was discovered that follow-redirects did not properly protect sensitive user information during redirects. An attacker could...

Linux Distros Unpatched Vulnerability : CVE-2023-28849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a...

Linux Distros Unpatched Vulnerability : CVE-2024-28849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in follow-redirects

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of follow-redirects Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage of credentials whe...

Security Bulletin: A vulnerability in the follow-redirect module affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in the node.js follow-redirect module affects IBM Db2 Big SQL 7.6 on Cloud Pak for Data 4.8 Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the...

Security Bulletin: IBM QRadar Pre-Validation App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. This product is only used by IBM QRadar SIEM app developers and external business partners and is not relevant for users...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.6 security update

An update is now available for Red Hat OpenShift GitOps v1.12.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Security Bulletin: IBM Maximo Application Suite uses multiple packages which are vulnerable to multiple CVEs

Summary IBM Maximo Application Suite uses golang.org/x/net/http2 - v0.19.0 , v0.20.0, github.com/lestrrat-go/jwx/v2 - v2.0.11, setuptools - 50.3.2, tar - 6.2.0, github.com/docker/docker - v24.0.7, follow-redirects - 1.15.4, express - 4.18.2 , idna - 3.6 ,org.apache.cxfcxf-core - 3.5.5,...

Security Bulletin: Vulnerability in Node.js affects IBM watsonx.data

Summary Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage of credentials when clearing authorization header during cross-domain redirect, but keeping the proxy-authentication header. An attacker could exploit this...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js follow-redirects module information disclosure vulnerability [ CVE-2024-28849]

Summary Potential Node.js follow-redirects module information disclosure vulnerability CVE-2024-28849 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js - follow-redirects-1.15.4

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js - follow-redirects-1.15.4 Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by...

Moderate: Red Hat Security Advisory: RHACS 4.5 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features, bug fixes, and updates to patch vulnerabilities. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base...

Security Bulletin: IBM Maximo Application Suite: follow-redirects-1.15.5.tgz is vulnerable to CVE-2024-28849 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses follow-redirects-1.15.5.tgz which is vulnerable to CVE-2024-28849 Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information,...

Security Bulletin: A vulnerability in axios affects IBM Robotic Process Automation and may result in a bypass of security restrictions (CVE-2024-28849)

Summary A vulnerability in axios affects IBM Robotic Process Automation resulting in a bypass of security restrictions. axios is used by IBM Robotic Process Automation as part of the Control Center. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...

Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities

Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-45803 DESCRIPTION: urllib3 could allow a remote authenticate...

Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2024-4067, CVE-2024-28849, CVE-2024-4068)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js...

CBL Mariner 2.0 Security Update: reaper (CVE-2024-28849)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28849 advisory. - follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically...

Security Bulletin: Maximo Application Suite - follow-redirects-1.15.4.tgz and follow-redirects-1.15.5.tgz are vulnerable to CVE-2024-28849 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses follow-redirects-1.15.4.tgz and follow-redirects-1.15.5.tgz which are vulnerable to CVE-2024-28849. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION:...

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite uses follow-redirects-1.15.4.tgz which is vulnerable to CVE-2024-28849

Summary IBM Maximo Application Suite uses follow-redirects-1.15.4.tgz which is vulnerable to CVE-2024-28849. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote...