Lucene search
K

216 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 9:9 a.m.27 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the jose4j component ( CVE-2023-51775).

Summary IBM Event Streams is vulnerable to a a denial of service attack due to the jose4j component. The jose4j library is used in event streams for secure handling of JSON Web Tokens JWTs, enabling encryption, decryption, and validation of tokens to ensure secure authentication and data integrit...

6.5CVSS6.7AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 9:8 a.m.34 views

Security Bulletin: IBM Event Streams is vulnerable to a cross-site request forgery due to the Axios component (CVE-2023-45857).

Summary IBM Event Streams is vulnerable to XSS vulnerability due to Axios component . Axios is a promise-based HTTP library that lets developers make requests to either their own or a third-party server to fetch data. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to...

6.5CVSS6.4AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 9:6 a.m.42 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the k8sio apiMAChinery component (CVE-2023-44487).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the k8sio apiMAChinery component. k8sio apiMachinery is utilized for handling Kubernetes API interactions, facilitating streamlined communication with Kubernetes clusters within event-driven applications. Vulnerability...

7.5CVSS7.5AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 9:4 a.m.29 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack and Phishing attacks due to the follow-redirect and k8s.io/apiMAChinery component (CVE-2023-26159,CVE-2023-44487).

Summary IBM Event Streams is vulnerable to a denial of service attack and Phishing attacks due to the follow-redirect and k8s.io/apiMAChinery component. The follow-redirect library is employed in event streams to seamlessly manage HTTP redirects, ensuring smooth navigation between resources witho...

7.5CVSS7.9AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 9:3 a.m.42 views

Security Bulletin: IBM Event Streams is vulnerable to a Broken Access Control attack and Post Exploitation attacks due to the Kotlin component (CVE-2020-29582,CVE-2022-24329).

Summary IBM Event Streams is vulnerable to a Broken Access Control attack and Post Exploitation attacks due to the JetBrains Kotlin component. JetBrains Kotlin is used in event streams to simplify the development process with its concise syntax, enhance code safety with nullability features, and...

5.3CVSS6.5AI score0.02572EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 9:2 a.m.26 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Eclipse Vert.x component (CVE-2024-1300).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the Eclipse Vert.x component. Vert. x is a toolkit to build reactive microservices.It is used to create a highly scalable and performant event-driven architecture for managing Kafka clusters. Vulnerability Details...

5.4CVSS6AI score0.01055EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 9:0 a.m.27 views

Security Bulletin: IBM Event Streams is vulnerable to a Broken Access Control due to the follow-redirects component ( CVE-2024-28849).

Summary IBM Event Streams is vulnerable to a Broken Access Control due to the Node.js follow-redirects module. follow-redirects provides request and get methods that behave identically to those found on the native http and https modules. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION:...

6.5CVSS6.7AI score0.01044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 8:58 a.m.26 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to Okio component ( CVE-2023-3635).

Summary IBM Event Streams is vulnerable to a denial of service attack due to Okio GzipSource component used in our strimzi-kafka-bridge. Okio is used in kafka to efficiently handle byte streams and improve data serialization/deserialization and network communication performance. Vulnerability...

7.5CVSS6.3AI score0.01077EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/25 5:26 a.m.49 views

Security Bulletin: IBM Event Streams is vulnerable to sensitive information leakage and directory traversal attack due to the Golang related packages (CVE-2023-45285, CVE-2023-39326, CVE-2023-45283).

Summary Golang Go is used by IBM Event Streams and could allow a remote attacker to obtain sensitive information, caused by a flaws in modules with ".git" suffix and in the net/http package. By sending specially crafted requests, an attacker can attain these privileges. Vulnerability Details...

7.5CVSS6.9AI score0.02758EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/25 5:16 a.m.36 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack (CVE-2024-28176).

Summary IBM Event Streams is vulnerable to a denial of service due to the jose module component, caused by a flaw during JWE Decryption operations. Jose module is a javaScript implementation of the JSON Object Signing and Encryption JOSE for current web browsers and node. js-based servers...

5.9CVSS5.4AI score0.02085EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 6:26 a.m.51 views

Security Bulletin: IBM Event Streams is affected by authorization bypass through user-controlled key vulnerability ( CVE-2023-44981).

Summary This security vulnerability in Apache ZooKeeper could allow an attacker to bypass security restrictions on the system, caused by a flaw when SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true. This bulletin identifies the steps to take to address the...

9.1CVSS9.1AI score0.01713EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 6:24 a.m.32 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service due to the Eclipse Jetty component (CVE-2023-36478).

Summary IBM Event Streams is vulnerable to a denial of service DoS due to the Eclipse Jetty component. Eclipse Jetty provides a Web server and javax. servlet container, plus support for Web Sockets, OSGi, JMX, JNDI, JASPI, AJP and many other integrations. Vulnerability Details CVEID:CVE-2023-3647...

7.5CVSS7.6AI score0.03754EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 6:17 a.m.45 views

Security Bulletin: IBM Event Streams is vulnerable to HTTP request smuggling (CVE-2023-40167)

Summary IBM Event Streams is vulnerable to HTTP request smuggling due to Jetty component. Jetty provides client-side libraries that allow us to embed an HTTP or WebSocket client in our applications. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request...

5.3CVSS6.3AI score0.01069EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/16 8:19 a.m.32 views

Security Bulletin: IBM Event Streams is affected by a partial denial of service in Java (CVE-2023-22081).

Summary IBM Event Streams is affected by a partial denial of service due to the JSSE component. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component...

5.3CVSS5.3AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/13 10:52 a.m.32 views

Security Bulletin: IBM Event Streams is affected by an unauthenticated access (CVE-2023-22045 and CVE-2023-22049).

Summary This security vulnerability in Java SE related to the VM component and Libraries component could allow a remote attacker to cause low confidentiality and integrity impacts. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM...

3.7CVSS5.5AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/13 10:49 a.m.33 views

Security Bulletin: IBM Event Streams is affected by a remote code execution vulnerability (CVE-2023-26136).

Summary A Remote Code Execution RCE vulnerability in Salesforce tough-cookie could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. Vulnerability Detai...

9.8CVSS8.4AI score0.02542EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/24 10:4 a.m.20 views

Security Bulletin: IBM Event Streams is vulnerable to a man-in-the-middle attack due to the Hot Rod Client (CVE-2023-4586).

Summary IBM Event Streams is vulnerable to a man-in-the-middle attack due to the netty-handler-4.1.86.Final.jar component of Hot Rod client. Hot Rod is a binary, platform-independent protocol that was developed in the open as a part of Infinispan. Infinispan is as a shared store for stateful data...

7.4CVSS7.1AI score0.00448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/23 4:7 a.m.45 views

Security Bulletin: IBM Event Streams is affected by an openSSL Vulnerability - CVE-2023-3817

Summary OpenSSL is an open-source command line tool to generate private keys, install your TLS certificates and identify cert information. This CVE-2023-3817 carries a risk of potential denial of service attack. Vulnerability Details CVEID:CVE-2023-3817 DESCRIPTION: OpenSSL is vulnerable to a...

5.3CVSS5.8AI score0.02577EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 10:29 p.m.33 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js (CVE-2023-32006)

Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. CVE-2023-32006 Vulnerability Details CVEID:CVE-2023-32006 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of...

8.8CVSS9.1AI score0.01273EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 10:28 p.m.43 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js (CVE-2023-32559)

Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. CVE-2023-32559 Vulnerability Details CVEID:CVE-2023-32559 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of the deprecated API...

7.5CVSS8.5AI score0.01484EPSS
Exploits1Affected Software1
Rows per page
Query Builder