220 matches found
Security Bulletin: IBM Event Streams is vulnerable to a man-in-the-middle attack due to the Hot Rod Client (CVE-2023-4586).
Summary IBM Event Streams is vulnerable to a man-in-the-middle attack due to the netty-handler-4.1.86.Final.jar component of Hot Rod client. Hot Rod is a binary, platform-independent protocol that was developed in the open as a part of Infinispan. Infinispan is as a shared store for stateful data...
Security Bulletin: IBM Event Streams is affected by an openSSL Vulnerability - CVE-2023-3817
Summary OpenSSL is an open-source command line tool to generate private keys, install your TLS certificates and identify cert information. This CVE-2023-3817 carries a risk of potential denial of service attack. Vulnerability Details CVEID:CVE-2023-3817 DESCRIPTION: OpenSSL is vulnerable to a...
Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js (CVE-2023-32006)
Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. CVE-2023-32006 Vulnerability Details CVEID:CVE-2023-32006 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of...
Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js (CVE-2023-32559)
Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. CVE-2023-32559 Vulnerability Details CVEID:CVE-2023-32559 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of the deprecated API...
Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js (CVE-2023-25883)
Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. CVE-2023-25883 Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS...
Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js Module._load() module (CVE-2023-32002)
Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. CVE-2023-32002 Vulnerability Details CVEID:CVE-2023-32002 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of Module.load. By sending a...
Security Bulletin: IBM Event Streams is affected by a vulnerability in cURL libcurl (CVE-2023-28321)
Summary This security vulnerability affects the base image being used to build IBM Event Stream images. CVE-2023-28321 Vulnerability Details CVEID:CVE-2023-28321 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when listed as "Subject...
Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js ChromeDriver module (CVE-2023-26156)
Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. Vulnerability Details CVEID: CVE-2023-26156 DESCRIPTION: Node.js ChromeDriver module could allow a remote attacker to execute arbitrary commands on the system, caused by a command injectio...
Security Bulletin: IBM Event Streams is affected by a vulnerability in a component (Apache Avro Java SDK)
Summary avro is used by IBM Event Streams as part of dependencies under Java CVE-2023-39410. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:...
Security Bulletin: IBM Event Streams is affected by a libcurl vulnerability
Summary cURL libcurl is used by IBM Event Streams as part of the Operating System CVE-2023-27536. The library supports retrieving data in-memory, downloading to disk, or streaming using the R "connection" interface. This bulletin identifies the steps to take to address the vulnerability...
Security Bulletin: IBM Event Streams is affected by libcurl vulnerability
Summary cURL libcurl is used by IBM Event Streams as part of the Operating System CVE-2023-27535. The library supports retrieving data in-memory, downloading to disk, or streaming using the R "connection" interface. This bulletin identifies the steps to take to address the vulnerability...
Security Bulletin: IBM Event Streams is affected by a denial of service due to OpenSSL vulnerabilities
Summary Openssl is used by IBM Event Streams as part of the Operating System CVE-2022-4450, CVE-2023-0216. This is a library that provides secure communication. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error relat...
Security Bulletin: IBM Event Streams is affected by a libcurl vulnerability
Summary cURL libcurl is used by IBM Event Streams as part of the Operating System CVE-2023-27534. The library supports retrieving data in-memory, downloading to disk, or streaming using the R "connection" interface. Vulnerability Details CVEID:CVE-2023-27534 DESCRIPTION: cURL libcurl could allow ...
Security Bulletin: IBM Event Streams is affected by multiple openssl vulnerabilities
Summary Openssl is used by IBM Event Streams as part of the Operating System CVE-2022-4304, CVE-2023-0215, CVE-2023-0286. This is a library that provides secure communication. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...
Security Bulletin: IBM Event Streams is vulnerable to denial of service attacks due to snappy-java (CVE-2023-34453, CVE-2023-34455, CVE-2023-34454)
Summary IBM Event Streams is affected by snappy-java vulnerabilities CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a special...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to Golang Go (CVE-2023-29409)
Summary IBM Event Streams is affected by Golang Go vulnerability CVE-2023-29409 Vulnerability Details CVEID:CVE-2023-29409 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificat...
Security Bulletin: IBM Event Streams is affected by a vulnerability in Golang Go (CVE-2023-29406)
Summary Vulnerabilities in golang before 1.19.11 affect the golang component that is used by IBM Event Streams CVE-2023-29406. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-29406 DESCRIPTION: Golang Go is vulnerable to HTTP header injection, caused by improper conten...
Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js Request package (CVE-2023-28155)
Summary A vulnerability in Node.js Request package through 2.88.1 affects the Node.js component that is used by IBM Event Streams CVE-2023-28155. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side...
Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Node.js
Summary Vulnerabilities in node.js before 18.16.1 affect the Node.js component that is used by IBM Event Streams CVE-2023-30581, CVE-2023-30589, CVE-2023-30585, CVE-2023-30590, CVE-2023-30588. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-30589 DESCRIPTION: Node....
Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Golang Go
Summary Vulnerabilities in golang before 1.19.10 affect the golang component that is used by IBM Event Streams CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-29403 DESCRIPTION: Golang Go could allow a...