EUVD-2024-52843

Malicious code in bioql PyPI...

EUVD-2024-52844

Malicious code in bioql PyPI...

Security Bulletin: IBM PowerHA SystemMirror for IBM i is vulnerable to multiple vulnerabilities in the PowerHA Web Interface [CVE-2024-55897, CVE-2024-55896]

Summary The IBM PowerHA SystemMirror for IBM i Web Interface is vulnerable to obtaining cookie values CVE-2024-55897 and hijacking the clicking action of users CVE-2024-55896 as described in the vulnerability details section. The PowerHA Web Interface allows easy management of PowerHA operations...

CVE-2024-55896

IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system...

CVE-2024-55897

Summary: CVE-2024-55897 affects IBM PowerHA SystemMirror for IBM i versions 7.4 and 7.5. The issue is that authorization tokens and session cookies do not have the Secure attribute set, enabling cookie values to be exposed if a user visits an insecure (HTTP) link or a page with such a link, allow...

CVE-2024-55897 IBM PowerHA SystemMirror for i information disclosure

IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure...

CVE-2024-55897 IBM PowerHA SystemMirror for i information disclosure

IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure...

CVE-2024-55896

CVE-2024-55896 affects IBM PowerHA SystemMirror for IBM i, versions 7.4 and 7.5. The issue is improper restrictions when rendering content via iFrames, potentially allowing an attacker to gain improper access and perform unauthorized actions on the system. IBM’s bulletin lists fix actions: apply ...

CVE-2024-55896 IBM PowerHA SystemMirror for i clickjacking

IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system...

PT-2024-36606 · Ibm · Ibm Powerha Systemmirror

Name of the Vulnerable Software and Affected Versions: IBM PowerHA SystemMirror for i versions 7.4 through 7.5 Description: The issue is related to improper restrictions when rendering content via iFrames, which could allow an attacker to gain improper access and perform unauthorized actions on t...

AIX 6.1 / 7.1.2 / 7.1.3 : IBM PowerHA SystemMirror CSPOC Privilege Escalation

The remote AIX host is running a version of IBM PowerHA SystemMirror that is missing a security patch. It is, therefore, affected by a privilege escalation vulnerability in the Cluster Single Point of Control CSPOC feature that occurs when adding an authenticated, remote user to the list that...

Design/Logic Flaw

CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an "su root" action by leveraging presence on the cluster-wide password-change list...

CVE-2015-5005

CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an "su root" action by leveraging presence on the cluster-wide password-change list...