Certifi Vulnerable to Insufficient Verification of Data Authenticity via GlobalTrust Root Certificate

Certifi contains an insufficient verification of data authenticity vulnerability. The withdrawal of the GLOBALTRUST root certificate has been performed. This could result in users experiencing compliance issues. Products Not Affected Brocade Fabric OS VEX Justification: Componentnotpresent Brocad...

Security Bulletin: Vulnerability in certifi affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2023-37920]

Summary The certifi package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2023-37920 Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in Certifi has an...

Security Bulletin: Vulnerability in certifi affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-37920]

Summary The certifi package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2023-37920 Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: Certifi is a curated collection of Root Certificates for validating the...

Security Bulletin: Vulnerability in certifi affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2022-23491]

Summary The certifi package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2022-23491 Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: An unspecified error in with TrustCor's ownership also operated a business that...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to certifi-2023.7.22-py3-none-any.whl CVE-2024-39689

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to certifi-2023.7.22-py3-none-any.whl CVE-2024-39689. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weak...

Security Bulletin: IBM InfoSphere Information Server is affected by a security vulnerability in Certifi python-certifi (CVE-2024-39689)

Summary A security vulnerability in Certifi python-certifi that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root certificate. An...

1337x (=1.2.5), 170051277-trab-final-gces (>=0.3.0 <=0.5.0) +2107 more potentially affected by CVE-2024-39689 via certifi (>=2021.5.30 <=2024.6.2)

certifi PYPI version =2021.5.30, =0.3.0, =0.1.0, =0.2.1, =0.1.2, =1.0.0, =1.0.4, =1.0.11, =2.3.0, =1.0.0, =1.0.4 and more Source cves: CVE-2024-39689 Source advisory: OSV:GHSA-248V-346W-9CWC...

1337x (=1.2.5), 170051277-trab-final-gces (>=0.3.0 <=0.5.0) +2107 more potentially affected by CVE-2024-39689 via certifi (>=2021.5.30 <=2024.6.2)

certifi PYPI version =2021.5.30, =0.3.0, =0.1.0, =0.2.1, =0.1.2, =1.0.0, =1.0.4, =1.0.11, =2.3.0, =1.0.0, =1.0.4 and more Source cves: CVE-2024-39689 Source advisory: OSV:PYSEC-2024-230...

PT-2024-6615

Name of the Vulnerable Software and Affected Versions: Certifi versions 2021.05.30 through 2024.07.03 Description: The issue is related to the insufficient validation of data when processing the GLOBALTRUST root certificate, which may allow a remote attacker to compromise the integrity of protect...

Security Bulletin: Vulnerability with Certifi affect IBM Cloud Object Storage Systems (Sept2023v3)

Summary Vulnerability with Certifi CVE-2023-37920 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in Certifi has an unknown impact and attack vector. CVSS...

Security Bulletin: Decision Optimization in IBM Cloud Pak for Data is vulnerable to a Certifi vulnerability (CVE-2023-37920)

Summary Decision Optimization in IBM Cloud Pak for Data is vulnerable to a Certifi vulnerability with details below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in Certifi has an...

170051277-trab-final-gces (>=0.3.0 <=0.5.0), 2022-2-gces-ifpf (=0.3.0) +2742 more potentially affected by CVE-2023-37920 via certifi (>=2015.4.28 <=2023.5.7)

certifi PYPI version =2015.4.28, =0.3.0, =0.0.2, =0.0.6, =1.0.0, =0.1.0, =0.2.1, =1.0.0, =1.0.2, =0.1.1, =1.0.0, =0.1.0, =0.1.0, =1.0.0 - abuseipdb-wrapper =0.1.7 and more Source cves: CVE-2023-37920 Source advisory: OSV:PYSEC-2023-135...

2keys (=0.5.1), 8a-scraper (>=0.0.2 <=0.0.4) +1633 more potentially affected by CVE-2022-23491 via certifi (>=2017.11.5 <=2021.5.30)

certifi PYPI version =2017.11.5, =0.0.2, =0.0.6, =1.0.0, =1.0.2, =0.1.1, =1.0.0, =0.1.0, =0.1.0, =1.0.1, =2.1.3, =1.0.0, =2.1.0, =0.0.3, =0.0.4 and more Source cves: CVE-2022-23491 Source advisory: OSV:GHSA-43FP-RHV2-5GV8...

2keys (=0.5.1), 8a-scraper (>=0.0.2 <=0.0.4) +1633 more potentially affected by CVE-2022-23491 via certifi (>=2017.11.5 <=2021.5.30)

certifi PYPI version =2017.11.5, =0.0.2, =0.0.6, =1.0.0, =1.0.2, =0.1.1, =1.0.0, =0.1.0, =0.1.0, =1.0.1, =2.1.3, =1.0.0, =2.1.0, =0.0.3, =0.0.4 and more Source cves: CVE-2022-23491 Source advisory: OSV:PYSEC-2022-42986...

PT-2022-16025

Name of the Vulnerable Software and Affected Versions Certifi versions prior to 2022.12.07 Description The issue is related to the presence of TrustCor's root certificates in the list of root certificates, which has been removed due to TrustCor's involvement in producing spyware. This removal is...