180 matches found
Security Bulletin: IBM Data Replication Java SDK Update
Summary This bulletin covers common Java SDK vulnerability findings in the IBM Java SDK packaged with this offering. Vulnerability Details CVEID: CVE-2018-3180 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow ...
NERC CIP Compliance in Azure vs. Azure Government cloud
As discussed in my last blog post on North American Electric Reliability Corporation—Critical Infrastructure Protection NERC CIP Compliance in Azure, U.S. and Canadian utilities are now free to benefit from cloud computing in Azure for many NERC CIP workloads. Machine learning, multiple data...
CVE-2019-11497
In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This...
Denial Of Service (DoS)
OpenStack Object Storage swift provides object storage in virtual containers, which allows users to store and retrieve files arbitrary data. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication...
How Our Threat Analytics Multi-Region Data Lake on AWS Stores More, Slashes Costs
Data is the lifeblood of digital businesses, and a key competitive advantage. The question is: how can you store your data cost-efficiently, access it quickly, while abiding by privacy laws? At Imperva, we wanted to store our data for long-term access. Databases would’ve cost too much in disk and...
Security Bulletin: InfoSphere Data Replication is affected by an Apache ZooKeeper open source library vulnerability
Summary InfoSphere Data Replication has addressed the following vulnerability: CVE-2018-8012 - Apache Zookeeper could allow a remote attacker to bypass security restrictions, caused by the failure to enforce authentication or authorization when a server attempts to join a quorum. An attacker coul...
Security Bulletin: IBM InfoSphere Change Data Capture is affected by a jackson-core open source library vulnerability (CVE-2018-0125)
Summary InfoSphere Data Replication has addressed the following vulnerability: CVE-2018-0125 Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete input validation on user-controll...
Security Bulletin: InfoSphere Data Replication is affected by a Guava open source library vulnerability (CVE-2018-10237)
Summary InfoSphere Data Replication has addressed the following vulnerability: CVE-2018-10237 Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and CompoundOrdering class. By sending a specially-crafted data, a remote attacker...
Security Bulletin: IBM InfoSphere Change Data Capture is affected by an Apache Derby open source library vulnerability (CVE-2015-1832)
Summary IBM InfoSphere Change Data Capture has addressed the following vulnerability: CVE-2015-1832 - Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML datatype and XmlVTI. An attacker could...
kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss...
CVE-2018-1288
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss...
CVE-2018-1288
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss...
Design/Logic Flaw
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss...
CVE-2018-1288
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss...
CVE-2018-1288
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss...
IBM InfoSphere Data Replication Dashboard Path Traversal Vulnerability
IBM InfoSphere Data Replication Dashboard is a data synchronization solution from IBM USA. The solution enables log-based data change capture through real-time replication and provides features such as trusted data integration and synchronization. A directory traversal vulnerability exists in IBM...
IBM InfoSphere Data Replication Dashboard Cross-Site Scripting Vulnerability
IBM InfoSphere Data Replication Dashboard is a data synchronization solution from IBM USA. The solution enables log-based data change capture through real-time replication and provides features such as trusted data integration and synchronization. A cross-site scripting vulnerability exists in IB...
CVE-2013-2999
Cross-site scripting XSS vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 84115...
CVE-2013-3001
Directory traversal vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to read arbitrary files via unspecified vectors. IBM X-Force ID: 84127...
CVE-2013-3000
SQL injection vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. IBM X-Force ID: 84116...