Security Bulletin: IBM Security Guardium Insights is affected by a jQuery vulnerabilitiy (CVE-2019-11358)

Summary IBM Security Guardium Insights has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker...

CVE-nu11-100421

The search parameter appears to be vulnerable to time-based blind SQL injection attacks, on the web app “Local Offices Contact Directories Site” by oretnom23. The malicious attacker can execute a malicious payload and he can dump hashes authentication credentials. Then the attacker can to take...

CVE-2021-38165

A flaw was found in the way lynx parsed URLs with userinfo part containing authentication credentials. These credentials were included in the Server Name Indication SNI TLS extension data and sent unencrypted during the TLS connection handshake. This could lead to exposure of authentication...

Launching ‘Secret Detection’ to keep your Cloud ‘Secrets’ safe

Most digital applications we work on require some type of credentials –– to connect to a database with a username/password, to access computer programs via authorized tokens, or API keys to invoke services for authentication. Credentials a.k.a ‘Secrets’ are pieces of user or system level...

NCH Quorum Cross-Site Scripting Vulnerability (CNVD-2021-55898)

NCH Quorum is a teleconference server software. It can turn any computer into a conference call server. A cross-site scripting vulnerability exists in NCH Quorum, which could be exploited by attackers to steal cookie-based authentication credentials from victims...

Secure Secrets: Managing Authentication Credentials

Secret management plays an important role in keeping essential information secure and out of threat actors’ reach. We discuss what secrets are and how to store them securely...

Unchecked hostname resolution could allow access to local network resources by users outside the local network

Impact A newly implemented route allowing users to download files from remote endpoints was not properly verifying the destination hostname for user provided URLs. This would allow malicious users to potentially access resources on local networks that would otherwise be inaccessible. This...

curl: Leak of authentication credentials in URL via automatic Referer

It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Referer HTTP request header while handling HTTP redirects. This could lead to exposure of the credentials to the server to which requests were redirected...

Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Operations Analytics Predictive Insights (CVE-2020-13947)

Summary Apache ActiveMQ is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-13947 DESCRIPTION: Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper...

CVE-2020-15381

Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-1962)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2021-1962)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way libcurl handled TLS 1.3 session tickets. A malicious HTTPS proxy could possibly use this flaw to make...

Security Bulletin: A vulnerability in the GSKit component of Informix Dynamic Server (IDS) (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit, component of Informix Dynamic Server IDS . Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this...

Security Bulletin: A vulnerability in the GSKit component of Client Software Development Kit (CSDK) (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit, component of Informix Client Software Development Kit CSDK Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit...

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4996)

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to security vulnerability. The vulnerability concerns sensitive data leakage via screenshots in ISAR Apps. Vulnerability Details CVEID: CVE-2020-4996 DESCRIPTION: IBM Security Access Manager...

Security Bulletin: Security vulnerabilities have been identified in GSKIT and/or GSKit Crypto and Fork that are integrated with IBM DB2 and shipped with IBM InfoSphere BigInsights. (CVE-2015-7420, CVE-2015-7421, CVE-2016-0201)

Summary Security vulnerabilities have been identified in GSKIT and/or GSKit Crypto and Fork that are integrated with IBM DB2 and shipped with IBM InfoSphere BigInsights. Information about security vulnerabilities affecting GSKIT/ Crypto and Fork has been published in a security bulletin...

CVE-2021-20445

IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621...

Design/Logic Flaw

IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621...

CVE-2021-20445

IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621...

CVE-2021-20445

CVE-2021-20445 affects IBM Maximo for Civil Infrastructure 7.6.2. The vulnerability stems from insecure storage of authentication credentials, potentially allowing a user to obtain sensitive information. The issue is documented across multiple sources (NVD entry for the CVE and IBM bulletin) and ...