220 matches found
event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in EDA
A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams...
Security Bulletin: Multiple Java Vulnerabilities in IBM Event Streams
Summary Multiple Java SE vulnerabilities were addressed in IBM Event Streams version 11.5.1. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2025-2877 Event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in eda
A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams...
Security Bulletin: Multiple Vulnerabilities in IBM Event Streams
Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.6.1. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted...
HashiCorp Nomad 安全漏洞
HashiCorp Nomad is a simple and flexible scheduler and orchestrator from the US-based HashiCorp Inc. for managing containerized and non-containerized applications at scale, both locally and in the cloud. HashiCorp Nomad suffers from a security vulnerability that stems from the fact that Nomad eve...
Security Bulletin: Multiple Vulnerabilities in IBM Event Streams
Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.5.1. Vulnerability Details CVEID:CVE-2023-0466 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a flaw in the X509VERIFYPARAMadd0policy function. By using invalid certifica...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Eclipse Vert.x component (CVE-2024-1023,CVE-2024-1300).
Summary IBM Event Streams is vulnerable to a denial of service attack due to the Vert.x component.It is a toolkit for writing reactive, non-blocking, asynchronous applications that run on the JVM Java Virtual Machine and it provides a non-prescriptive and flexible way to write efficient,...
Security Bulletin: IBM Event Streams is vulnerable to arbitrary code execution on the system due to the Apache Avro component (CVE-2024-47561).
Summary IBM Event Streams is vulnerable to arbitrary code execution on the system. Apache Avro is commonly used in event streams like Apache Kafka to serialize and deserialize event data, providing a structured, efficient, and schema-based format for transmitting messages between producers and...
Security Bulletin: Multiple Vulnerabilities in IBM Event Streams
Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.5.2 Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Apache Commons Compress component (CVE-2024-25710, CVE-2024-26308).
Summary IBM Event Streams is vulnerable to a denial of service due to the Apache Commons Compress component. Commons Compress is a library that creates a standard interface for the most widely used compression and archiving formats. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache...
Security Bulletin: Due to the package jsonpath-plus, IBM Event Streams is vulnerable to Remote Code Execution
Summary jsonpath-plus is used by IBM Event Streams as part of the UI. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code...
Security Bulletin: Multiple Vulnerabilities in IBM Event Streams
Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.5.1. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending a specially crafted payload, a remote...
Security Bulletin: Multiple Vulnerabilities in IBM Event Streams
Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.5.1. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this...
Security Bulletin: Due to use of Async, IBM Event Streams is vulnerable to Regular Expression denial of service
Summary Async is used by IBM Event Streams CVE-2024-39249 Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while parsing function in autoinject function. By sending a specially crafted...
Security Bulletin: Due to use of cURL libcurl, IBM Event Streams is vunerable to bypass security restrictions.
Summary cURL libcurl is used in IBM Event Streams CVE-2023-28322 Vulnerability Details CVEID:CVE-2023-28322 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw in the logic for a reused handle when it is expected to be changed from a PUT to a...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Netty package (CVE-2023-34462).
Summary Netty is used by IBM Event Streams, providing high-performance, asynchronous network communication that ensures scalability, low latency, and secure connections, essential for real-time data processing and reliable event delivery. Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION:...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the protobuf-java (CVE-2022-3509).
Summary IBM Event Streams is vulnerable to a denial of service attack due to the protobuf-java core and lite. They are most often used for defining communications protocols together with gRPC and for data storage. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Apache Kafka (CVE-2024-27309).
Summary IBM Event Streams is vulnerable to a denial of service attack due to the Apache Kafka. It is primarily used to build real-time streaming data pipelines and applications that adapt to the data streams. It combines messaging, storage, and stream processing to allow storage and analysis of...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the snappy-java (CVE-2023-43642).
Summary IBM Event Streams is vulnerable to a denial of service attack due to the snappy-java component. In IBM Event Streams, Snappy-java boosts performance by compressing event payloads before transmission and decompressing them on the client side, reducing bandwidth usage and improving data...
Security Bulletin: IBM Event Streams is vulnerable to phishing attack due to the follow-redirects component (CVE-2023-26159).
Summary IBM Event Streams is vulnerable to phishing attack due to the follow-redirects component. In event streams, following redirects ensures uninterrupted data flow by automatically directing clients to new endpoints if the original one changes. It also aids in load balancing and failover...