Sensitive Information Disclosure in “Extbase Yaml Routes” (routes)

When using the CsrfTokenViewHelper the extension discloses the user's session identifier to HTML output without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance Cross Site...

Security Bulletin: A vulnerability has been found in IBM Cloud Pak for Applications v4.3 where insecure http communications is used

Summary A vulnerability has been found in IBM Cloud Pak for Applications v4.3 where insecure http communications is used Vulnerability Details CVEID: CVE-2021-20360 DESCRIPTION: IBM Cloud Pak for Applications uses weaker than expected cryptographic algorithms that could allow an attacker to decry...

Security Bulletin: IBM Tivoli Netcool/Impact uses weaker than expected cryptographic algorithms (CVE-2021-29794)

Summary A vulnerability has been identified in the SSH server configuration shipped with IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21. Vulnerability Details CVEID: CVE-2021-29794 DESCRIPTION: IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enable...

Code injection

IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 194448...

CVE-2021-20337

IBM QRadar SIEM versions affected: 7.3.0–7.3.3 Patch 8 and 7.4.0–7.4.3 GA. Root cause: weaker-than-expected cryptographic algorithms leading to potential decryption of highly sensitive information. Impact: information disclosure as described in multiple sources (CVE-2021-20337). Remediation/mitig...

CVE-2021-20497

IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969...

CVE-2021-20369

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361...

CVE-2021-20369

CVE-2021-20369 concerns IBM Cloud Pak for Applications 4.3 which uses weaker-than-expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The related IBM security bulletin notes the vulnerability in v4.3 and provides a fix in v4.3.1 to remove the in...

CVE-2021-20360

CVE-2021-20360 affects IBM Cloud Pak for Applications v4.3. The vulnerability arises from using weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. IBM’s bulletin for this issue notes that the problem is mitigated by upgrading to I...

CVE-2021-20360

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195031...

CVE-2021-29794

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 203556...

Code injection

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 203556...

CVE-2021-29794

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 203556...

CVE-2021-29794

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 use an insecure SSH server configuration that enables weaker cryptographic algorithms, potentially allowing decryption of highly sensitive information. The IBM Security Bulletin confirms the affected versions and provides a remediation path: upgrade...

IBM Security Guardium Data Encryption Information Disclosure Vulnerability (CNVD-2022-05125)

IBM Security Guardium Data Encryption is a software for securing sensitive data within organizations from IBM, U.S.A. A security vulnerability exists in IBM Security Guardium Data Encryption, which stems from the use of weaker than expected encryption algorithms for data encryption, which could b...

CVE-2021-20379

IBM Guardium Data Encryption GDE 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711...

Code injection

IBM Guardium Data Encryption GDE 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711...

CVE-2021-20379

Summary: CVE-2021-20379 affects IBM Guardium Data Encryption (GDE) versions 3.0.0.3 and 4.0.0.4, where weaker than expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Details in sources: the NVD entry states the cryptographic weakness and impact; IBM...

CVE-2021-20379

IBM Guardium Data Encryption GDE 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711...

The vulnerability of the `gh_finish_to_bv` function in the library, which performs security transformations using GOST algorithms, is related to insufficient data processing within the security mechanisms. This vulnerability allows attackers to gain access to confidential data.

The vulnerability of the ghfinishtobv function in the library, which performs security transformations using GOST algorithms, is related to the leakage of user passwords during the creation of a copy cx2 of the ghcontext structure. Exploiting this vulnerability allows an attacker to gain access t...