129 matches found
Security Bulletin: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality. (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447) affect IBM PowerVM Novalink.
Summary An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high integrity impact. IBM PowerVM Novalink has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecifie...
GHSA-R487-9VV5-75GG Magento Improper Authorization leading to security feature bypass
Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading to a...
CVE-2025-27703
CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the...
CVE-2025-27702
CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexi...
CVE-2025-27702 Permissions bypass in the management console of Absolute Secure Access prior to version 13.54
CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexi...
CVE-2024-37344
There is a cross-site scripting vulnerability in the Policy management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the policy management UI when the administrators are editing the sam...
Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high...
PT-2024-29125 · Unknown · Absolute Secure Access
Name of the Vulnerable Software and Affected Versions: Absolute Secure Access versions prior to 13.52 Description: The issue is a cross-site scripting vulnerability in the management console. Attackers with system administrator permissions can interfere with another system administrator's use of...
Security Bulletin: Security vulnerabilities may affect IBM Java shipped with IBM TXSeries for Multiplatforms.
Summary Security vulnerabilities may affect IBM Java shipped with IBM TXSeries for Multiplatforms. Updates to IBM TXSeries for Multiplatforms have been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE relate...
CVE-2024-21703
This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...
CVE-2024-6769 Medium to High Integrity Privilege Escalation in Microsoft Windows
A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integri...
Microsoft多款产品 安全漏洞
Microsoft Windows and others are products of Microsoft Corporation USA.Microsoft Windows is a set of operating systems for use on personal devices.Microsoft Windows Server 2016 is a desktop operating system.Microsoft Windows Server 2019 is a desktop operating system. A security vulnerability exis...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities in IBM Java SDK, Java Technology Edition
Summary There are multiple vulnerabilities in IBM Java SDK, Java Technology Edition used by IBM App Connect Enterprise and IBM Integration Bus for z/OS. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecifie...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has addressed these vulnerabilities in updates. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high integrity...
PT-2024-4763
The Windows File Explorer is affected by a privilege escalation issue, which allows attackers to gain access to a user's NetNTLM hash from any session on the computer, even with low-privileged user rights. This issue is related to unnecessary permissions being set in Access Security when...
Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to IBM® SDK, Java™ Technology Edition
Summary Vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Spectrum Control which could allow a remote attacker to cause high confidentiality impact and high integrity impact. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945,...
CVE-2024-37351
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the second administrator later edits the same manageme...
CVE-2024-37352
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator accesses the...
CVE-2024-37348
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later edits the same...
Security Bulletin: Vulnerabilities in IBM Java affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products
Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850. Vulnerability Details...