Security Bulletin: IBM webMethods Integration Server is affected by vulnerable Google Guava 30.0 jar used in the GraphQL functionality

Summary Google Guava is used by IBM webMethods Integration Server as part of the GraphQL functionality. CVE-2023-2976, CVE-2020-8908. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versio...

Security Bulletin: Multiple Security Vulnerabilities in Google Guava Affects IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities from Google Guava Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and...

Linux Distros Unpatched Vulnerability : CVE-2020-8908

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a tempora...

CVE-2020-8908 affecting package guava 25.0-5

CVE-2020-8908 affecting package guava 25.0-5. This CVE either no longer is or was never applicable...

Security Bulletin: The IBM QRadar SIEM Amazon Web Services protocol is vulnerable to access restriction bypass and sensitive information exposure (CVE-2020-8908, CVE-2023-2976)

Summary Google Guava is used by IBM QRadar SIEM Amazon Web Services protocol, and it has known vulnerabilities. The issues have been addressed in an update. Vulnerability Details CVEID:CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions,...

RHEL 8 : guava (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - guava: local information disclosure via temporary directory created with unsafe permissions CVE-2020-8908 Note that...

RHEL 8 : guava (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - guava: insecure temporary directory creation CVE-2023-2976 Note that Nessus has not tested for this issue but has...

Updated guava packages fix security vulnerabilities

A bug that could allow an attacker with access to the machine to potentially access data in a temporary directory created by the Guava. CVE-2020-8908 Predictable temporary files and directories used in FileBackedOutputStream. CVE-2023-2976...

SUSE SLES15 Security Update : guava (SUSE-SU-2024:1138-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1138-1 advisory. - A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially acces...

openSUSE: Security Advisory for guava (SUSE-SU-2023:3090-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-8908 affecting package guava for versions less than 25.0-7

CVE-2020-8908 affecting package guava for versions less than 25.0-7. A patched version of the package is available...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : guava (SUSE-SU-2023:3090-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3090-1 advisory. - A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker...

Vulnerabilities fixed in Oracle Communications Applications

Vulnerabilities have been fixed in Oracle Communications Applications products. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote code...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker and denial of service due to Guava (CVE-2020-8908, CVE-2018-10237).

Summary IBM App Connect Enterprise toolkit and IBM Integration Bus toolkit are vulnerable to a remote attacker and denial of service due to Guava CVE-2020-8908, CVE-2018-10237. The resolving fix includes Guava version =31.1 Vulnerability Details CVEID:CVE-2020-8908 DESCRIPTION: Guava could allow ...

Security Bulletin: IBM Storage Protect Server is vulnerable to attacks due to Google guava (CVE-2020-8908, CVE-2018-10237)

Summary Google guava is used by IBM Storage Protect and may be affected by these vulnerabilities. Vulnerability Details CVEID:CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory creation vulnerability in...

Security Bulletin: IBM Security Verify Governance is vulnerable to denial of service and security bypass (CVE-2018-10237, CVE-2020-8908)

Summary IBM Security Verify Governance is vulnerable to a denial of service and security restrictions bypass within Google Guava. The product has upgraded the affected package. Vulnerability Details CVEID:CVE-2018-10237 DESCRIPTION: Google Guava is vulnerable to a denial of service, caused by...

Security Bulletin: Multiple Vulnerabilities of Guava Google Core Libraries have affected APM Synthetic Playback Agent

Summary APM Synthetic Playback Agent is vulnerable to Google Guava CVE-2020-8908 and CVE-2018-10237. The fix includes Google Guava upgraded to guava-30.0-jre. Vulnerability Details CVEID:CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions,...

Security Bulletin: IBM B2B Advanced Communications is vulnerable security bypass due to Google Core Libraries for Java [Guava] (CVE-2020-8908)

Summary IBM B2B Advanced Communications has addressed vulnerabilities in Google Core Libraries for Java Guava shipped with product. Vulnerability Details CVEID:CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory...

SUSE CVE-2020-8908

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir. By default, on unix-like systems, the created directory i...

Security Bulletin: A vulnerability with Guava affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2020-8908)

Summary A vulnerability with Guava affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data CVE-2020-8908. Please see below for details on how to remediate this issue. Vulnerability Details CVEID:CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass...