Lucene search
K

1393 matches found

Qualys Blog
Qualys Blog
added 2024/06/03 5:41 p.m.12 views

PCI DSS 4.0: Get Audit-Ready for the New Requirements

The Payment Card Industry Data Security Standard PCI DSS originated in 2004 and is managed by the PCI Security Standards Council to ensure security for the global payment industry. This mandate applies to all entities worldwide that store, process, or transmit payment cardholder data or sensitive...

7.6AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/29 5:40 a.m.28 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2023-51775, CVE-2024-22354)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7CVSS7.6AI score0.00879EPSS
Exploits1Affected Software1
The Hacker News
The Hacker News
added 2024/05/24 10:35 a.m.15 views

DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?

Introduction The Colonial Pipeline ransomware attack 2021 and SolarWinds supply chain attack 2020 were pivotal moments in cybersecurity, starting a new challenge for Chief Information Security Officers CISOs. These attacks highlighted the importance of collaboration between CISOs and DevOps teams...

7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/20 2:44 p.m.34 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Netty (CVE-2024-29025)

Summary Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. Vulnerability Details CVEID:CVE-2024-2902...

5.3CVSS5.6AI score0.0138EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/20 2:44 p.m.31 views

Security Bulletin:  IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Nimbus-JOSE-JWT (CVE-2023-52428)

Summary Connect2id Nimbus-JOSE-JWT is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the openid authentication options. Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user requests by the PasswordBasedDecrypter PBKDF2 component. ...

7.5CVSS9.3AI score0.00814EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/05/10 7:36 p.m.47 views

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.5 security update

An update is now available for Red Hat OpenShift GitOps v1.10.5 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

7.5CVSS7.2AI score0.01199EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2024/05/10 7:16 p.m.52 views

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.2 security update

An update is now available for Red Hat OpenShift GitOps v1.12.2 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

7.5CVSS6.7AI score0.01199EPSS
Exploits1References14
RedHat Linux
RedHat Linux
added 2024/05/10 7:6 p.m.45 views

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.11.4 security update

An update is now available for Red Hat OpenShift GitOps v1.11.4 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

7.5CVSS7.2AI score0.01199EPSS
Exploits1References10
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/09 8:5 p.m.23 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Cross-Site Scripting vulnerability (CVE-2024-28781)

Summary IBM UrbanCode Deploy UCD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details...

5.4CVSS5.3AI score0.00276EPSS
Exploits0Affected Software1
Wallarm Lab
Wallarm Lab
added 2024/04/30 3:2 p.m.25 views

Introducing the Wallarm Q1 2024 API ThreatStats™ Report

As we have in previous editions of the ThreatStats report, we highlight the industry’s top API-related attacks and trends. New to this version, however, is a detailed analysis of API attacks targeting AI-based applications, representing a new and rapidly expanding threat vector. And while we...

7.5AI score
Exploits0
CNVD
CNVD
added 2024/04/16 12:0 a.m.13 views

IBM DevOps Deploy and IBM UrbanCode Deploy Access Control Error Vulnerability

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...

4.4CVSS6.6AI score0.00436EPSS
Exploits0References1
NVD
NVD
added 2024/04/15 9:15 p.m.18 views

CVE-2024-23558

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS6.2AI score0.00308EPSS
Exploits0References1
OSV
OSV
added 2024/04/15 9:15 p.m.5 views

CVE-2024-23561

HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values...

4.3CVSS5.8AI score0.0036EPSS
Exploits0References1
OSV
OSV
added 2024/04/15 9:15 p.m.4 views

CVE-2024-23558

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS5.8AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/15 9:0 p.m.10 views

CVE-2024-23558 HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS6.7AI score0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/15 9:0 p.m.27 views

CVE-2024-23558 HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS6.5AI score0.00308EPSS
Exploits0References1
CVE
CVE
added 2024/04/15 9:0 p.m.62 views

CVE-2024-23558

The CVE-2024-23558 entry concerns HCL DevOps Deploy / HCL Launch where logout does not invalidate the user session, enabling an authenticated user to impersonate another user on the system. Connected documents confirm the issue origin as a session invalidation failure after logout, with CVSS deta...

6.3CVSS6.6AI score0.00308EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2024/04/15 8:20 p.m.9 views

CVE-2024-23561 HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability

HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values...

4.3CVSS6.4AI score0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/15 8:20 p.m.14 views

CVE-2024-23561 HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability

HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values...

4.3CVSS4.7AI score0.0036EPSS
Exploits0References1
NVD
NVD
added 2024/04/15 8:15 p.m.12 views

CVE-2024-23560

HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type...

4.9CVSS4.8AI score0.00324EPSS
Exploits0References1
Rows per page
Query Builder