Code injection

IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798...

CVE-2018-1608

IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798...

CVE-2018-1608

IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798...

CVE-2018-1608

CVE-2018-1608 affects IBM Rational Engineering Lifecycle Manager (REL M) 6.0–6.0.6. The flaw stems from using weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Affected versions are RELM 6.0 through 6.0.6. The IBM bulletin and NV...

CVE-2018-2007

IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078...

CVE-2018-2007

IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078...

Code injection

IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.36, 6.0.0.0, and 6.0.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 147294...

CVE-2018-1720

IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.36, 6.0.0.0, and 6.0.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 147294...

IBM Sterling B2B Integrator Information Disclosure Vulnerability (CNVD-2019-12468)

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates B2B processes, transactions and relationships. An information disclosure vulnerability exists in IBM Sterling B2B Integrator versions 5.2.0.1 through 5.2.6.36 and 6.0.0.0. The vulnerability, which stems from the failu...

CVE-2018-1925

IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925...

Security Bulletin: IBM MQ Console is vulnerable to a man in the middle attack (CVE-2018-1925)

Summary The IBM MQ Console is vulnerable to a man in the middle attack caused by weaker than expected cryptographic algorithms. Vulnerability Details CVEID: CVE-2018-1925 DESCRIPTION: IBM MQ uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitiv...

CVE-2019-1828

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials. The vulnerability exists because affected devices use weak encryption algorithms for use...

Security Bulletin: API Connect V5 is impacted by weak cryptographic algorithms (CVE-2018-2007)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-2007 DESCRIPTION: IBM API Connect uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base Score: 5.9 CVSS Temporal...

Facebook’s plain text misstep, and other password sins

Two days after an article by Brian Krebs disclosed that hundreds of millions of Facebook account passwords had been stored in plain text for years, Facebook released a statement indicating they hash and salt passwords, more or less in accordance with industry best practice. Plain text storage of...

CVE-2017-1713

IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632...

CVE-2017-1713

IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632...

openssl security update

1.0.2k-16.0.1.el76.1 - Bump release for rebuild. 1.0.2k-16.1 - use SHA-256 in FIPS RSA pairwise key check - fix CVE-2018-5407 - EC signature local timing side-channel key extraction 1.0.2k-16 - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on...

Security Bulletin: API Connect V2018 is impacted by weak cryptographic algorithms (CVE-2018-2007)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-2007 DESCRIPTION: IBM API Connect uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base Score: 5.9 CVSS Temporal...

CVE-2019-7006

This CVE affects Avaya one-X Communicator where the vulnerability resides in the client authentication component, using weak cryptographic algorithms. The issue could allow a local attacker to decrypt sensitive information. Affected versions are all 6.2.x prior to 6.2 SP13; remediation is to upgr...

Linux: MAC algorithms

This variable limits the types of MAC algorithms that SSH can use during communication. MD5 and 96-bit MAC algorithms are considered weak and have been shown to increase exploitability in SSH downgrade attacks. Weak algorithms continue to have a great deal of attention as a weak spot that can be...