53 matches found
Security Bulletin: IBM Asset Data Dictionary Component uses zipp-3.15.0-py3-none-any.whl and urllib3-2.0.7-py3-none-any.whl which is vulnerable to CVE-2024-5569 and CVE-2024-37891
Summary IBM Asset Data Dictionary Component uses zipp-3.15.0-py3-none-any.whl and urllib3-2.0.7-py3-none-any.whl which is vulnerable to CVE-2024-5569 and CVE-2024-37891. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-5569...
Security Bulletin: IBM Asset Data Dictionary uses jline-3.9.0.jar and zookeeper-3.9.2.jar which is vulnerable to CVE-2023-50572 and CVE-2024-51504
Summary IBM Asset Data Dictionary uses jline-3.9.0.jar and zookeeper-3.9.2.jar which is vulnerable to CVE-2023-50572 and CVE-2024-51504. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-50572 DESCRIPTION: JLine is vulnerable to a...
CVE-2024-7295
In Progress® Telerik® Report Server versions prior to 2024 Q4 10.3.24.1112, the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information...
CVE-2024-7295 Hard-coded credentials used for temporary and cache data encryption
In Progress® Telerik® Report Server versions prior to 2024 Q4 10.3.24.1112, the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information...
PT-2024-38244 · Telerik · Telerik Report Server
Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2024 Q4 10.3.24.1112 Description: The encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. Recommendations: For versions...
Progress Telerik Report Server 信任管理问题漏洞
Progress Telerik Report Server is an enterprise-class report management and distribution solution from Progress, Inc. A trust management issue vulnerability exists in versions of Progress Telerik Report Server prior to 2024 Q4, which stems from an older algorithm used to encrypt local asset data,...
Security Bulletin: IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses third party libraries which is vulnerable to multiple CVEs
Summary IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses FlaskCors-4.0.1-py2.py3-none-any.whl, requests-2.31.0-py3-none-any.whl, express-4.19.2.tgz, commons-compress-1.22.jar, commons-io-2.11.0.jar, urllib3-1.26.18-py2.py3-none-any.whl,...
Security Bulletin: IBM Asset Data Dictionary Component uses grpc-protobuf-1.50.2.jar and jettison-1.5.2.jar which is vulnerable to CVE-2023-32731 and CVE-2023-1436
Summary IBM Asset Data Dictionary Component uses grpc-protobuf-1.50.2.jar and jettison-1.5.2.jar which is vulnerable to CVE-2023-32731 and CVE-2023-1436. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-32731 DESCRIPTION: gRPC...
Security Bulletin:IBM Asset Data Dictionary Component uses aircompressor-0.21.jar which is vulnerable to CVE-2024-36114
Summary IBM Asset Data Dictionary Component uses aircompressor-0.21.jar which is vulnerable to CVE-2024-36114. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-36114 DESCRIPTION: airlift aircompressor could allow a local attacker...
Subscription Health Dashboard Update: Optimize Deployments and Identify Issues
For VM teams navigating the complex realm of cybersecurity tools, ensuring deployment health is paramount. Swift methods are required to pinpoint issues amidst complexity. Challenges such as duplicate entries, ghost hosts, and decommissioned devices can obstruct these views, hindering data...
Security Bulletin: IBM Asset Data Dictionary Component uses netty-codec-http-4.1.100.Final.jar which is vulnerable to CVE-2024-29025
Summary IBM Asset Data Dictionary Component uses netty-codec-http-4.1.100.Final.jar which is vulnerable to CVE-2024-29025. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of...
Security Bulletin: IBM Asset Data Dictionary Component uses jose4j-0.9.3.jar which is vulnerable to CVE-2023-51775.
Summary IBM Asset Data Dictionary Component uses jose4j-0.9.3.jar which is vulnerable to CVE-2023-51775. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused ...
Security Bulletin: IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455 , CVE-2023-34454 and CVE-2023-43642
Summary IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 and CVE-2023-43642. This bulletin contains information regarding the vulnerability and its remediation...
Security Bulletin: IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455 , CVE-2023-34454 and CVE-2023-43642
Summary IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 and CVE-2023-43642. This bulletin contains information regarding the vulnerability and its remediation...
Security Bulletin: IBM Asset Data Dictionary Component uses urllib3 which is vulnerable to CVE-2023-43804
Summary IBM Asset Data Dictionary Component uses urllib3 which is vulnerable to CVE-2023-43804. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain...
Security Bulletin:IBM Asset Data Dictionary Component uses vertx-core-4.5.0.jar which is vulnerable to CVE-2024-1023 and CVE-2024-1300.
Summary IBM Asset Data Dictionary Component uses vertx-core-4.5.0.jar which is vulnerable to CVE-2024-1023 and CVE-2024-1300. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-1023 DESCRIPTION: Eclipse Vert.x is vulnerable to a...
Security Bulletin: IBM Maximo Application Suite uses ion-java-1.2.0.jar which is vulnerable to CVE-2024-21634.
Summary IBM Maximo Application Suite uses ion-java-1.2.0.jar which is vulnerable to CVE-2024-21634. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21634 DESCRIPTION: Amazon Ion is vulnerable to a denial of service, caused by a...
Security Bulletin: IBM Maximo Application Suite uses urllib3-2.0.3-py3-none-any.whl which is vulnerable to CVE-2023-45803
Summary BM Maximo Application Suite uses urllib3-2.0.3-py3-none-any.whl which is vulnerable to CVE-2023-45803. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-45803 DESCRIPTION: urllib3 could allow a remote authenticated attacke...
Security Bulletin: IBM Maximo Application Suite uses certifi-2023.5.7-py3-none-any.whl which is vulnerable to CVE-2023-37920
Summary IBM Maximo Application Suite uses certifi-2023.5.7-py3-none-any.whl which is vulnerable to CVE-2023-37920. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tug...
Security Bulletin: There is a vulnerability in Asset Data Dictionary used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-34462 and CVE-2023-44487)
Summary There is a vulnerability in Asset Data Dictionary used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel...