Beyond Collection: Measuring the Detection Efficacy of Modern Security Logging Standards

Effective security logging is crucial for the timely and accurate detection of cyber threats; however, the relative effectiveness of various industry-standard logging frameworks remains understudied. This paper addresses this critical gap by presenting the first systematic evaluation of modern...

IBM Spectrum Virtualize Security Vulnerability

IBM Spectrum Virtualize is a block storage virtualization system from International Business Machines IBM, Inc. that improves the data value, security and simplicity of new and existing storage infrastructures. A security vulnerability exists in IBM Spectrum Virtualize version 8.5 that stems from...

CVE-2023-4339

Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions...

PT-2023-28823 · Broadcom · Broadcom Raid Controller

Name of the Vulnerable Software and Affected Versions: Broadcom RAID Controller affected versions not specified Description: The Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to the improper use of ssl.rnd to set up a CIM connection. Recommendations: At the...

Broadcom RAID Controller Security Vulnerability

Broadcom RAID Controller is a series of RAID controllers from Broadcom Corporation USA. A security vulnerability exists in the Broadcom RAID Controller, which stems from a web interface that can easily expose a CIM private key stored in an insecure file, rendering the product susceptible to attac...

CVE-2023-37364

In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. This allows context-dependent attackers to read arbitrary files or cause a denial of service, a similar issue to CVE-2013-4152...

CVE-2023-3113

An unauthenticated XML external entity injection XXE vulnerability exists in LXCA's Common Information Model CIM server that could result in read-only access to specific files...

Xxe

An unauthenticated XML external entity injection XXE vulnerability exists in LXCA's Common Information Model CIM server that could result in read-only access to specific files...

OSSEM - Open Source Security Events Metadata

The Open Source Security Events Metadata OSSEM is a community-led project that focuses primarily on the documentation and standardization of security event logs from diverse data sources and operating systems. Security events are documented in a dictionary format and can be used as a reference fo...

SBLIM Small Footprint CIM Broker (SFCB) Buffer Overflow Vulnerability

SBLIM Small Footprint CIM Broker SFCB is an open source implementation of CIMOM Common Information Model Object Manager developed by the Standards-Based Linux Instrumentation project. A buffer overflow vulnerability exists in SBLIM SFCB version 1.4.9. An attacker can exploit this vulnerability by...

CVE-2017-3768

An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x. Flooding the IMM2 with a high volume of authentication failures via the Common Information Model CIM used ...

CVE-2017-3768

CVE-2017-3768 affects IBM IMM2 (System x, Flex, BladeCenter) and Lenovo System x variants. A remote, unprivileged attacker with CIM connectivity can flood IMM2 with authentication failures, exhausting memory and causing the device to reboot. Affected versions are Lenovo System x (pre-4.4) and IBM...

RedHat Update for sblim-cim-client2 RHSA-2012:0987-04

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

sblim: hash table collisions CPU usage DoS

internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability SBLIM Common Information Model CIM Client aka sblim-cim-client2 before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent...

RedHat Update for sblim RHSA-2008:0497-01

Check for the Version of sblim OpenVAS Vulnerability Test RedHat Update for sblim RHSA-2008:0497-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

CentOS Update for sblim-cmpi-base CESA-2008:0497 centos4 x86_64

Check for the Version of sblim-cmpi-base OpenVAS Vulnerability Test CentOS Update for sblim-cmpi-base CESA-2008:0497 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...