CVE-2018-1525

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM...

CVE-2018-1505

IBM i2 Enterprise Insight Analysis 2.1.7 is affected by an information disclosure vulnerability where web pages can be stored locally and read by another user on the same system. The IBM bulletin indicates remediation by upgrading to the 2.2.0 release (updates include added secure headers; applie...

CVE-2018-1525

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM...

CVE-2018-1504

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks...

CVE-2018-1525

IBM i2 Enterprise Insight Analysis 2.1.7 is affected by a vulnerability where HTTP Strict Transport Security was not properly enabled, enabling potential information disclosure via man-in-the-middle attacks. The IBM bulletin indicates the issue lies in missing secure headers and notes an upgrade ...

CVE-2018-1505

IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413...

CVE-2018-1504

CVE-2018-1504 affects IBM i2 Enterprise Insight Analysis 2.1.7. A remote attacker could persuade a victim to visit a malicious site to hijack the victim’s click actions (clickjacking), potentially enabling further attacks. The provided documents do not include explicit exploit details or a confir...

Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight (CVE-2018-1656, CVE-2018-0732, CVE-2018-12539, )

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Insight. These issues were disclosed as part of the IBM Java SDK updates in July 2018. An Open Source OpenSSL vulnerability has also been addressed. Vulnerability Details If you run your own...

com.amazon.emr:hive2-shims (>=5.0.0 <=5.6.0), com.boozallen.aissemble:extensions-data-delivery-spark (>=1.13.0-rc6 <=2.0.0) +59 more potentially affected by CVE-2018-1315 via org.apache.hive:hive-exec (>=2.1.0 <=2.3.2)

org.apache.hive:hive-exec MAVEN version =2.1.0, =5.0.0, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =4.1.2-RELEASE, =4.0.0-preview22.0.1, =5.6.0, =4.1.0, =4.0.00.31.1-prerelease6, =4.0.0, =4.1.0, =4.2.0 and more Source cves: CVE-2018-1315 Source advisory: OSV:GHSA-P639-XXV5-J...

Image Management 101: The Web Developer's Guide

This article originally appeared on DevOps.com Online experiences have in many ways supplanted in-person experiences. Today, no one would hesitate to buy a luxury watch online instead of from a jewelry brick-and-mortar store. But as these online experiences become the norm, user expectations for ...

VMware vRealize Log Insight 4.6.x < 4.6.2 / 4.7.x < 4.7.1 Authorization Bypass Vulnerability (VMSA-2018-0028)

The VMware vRealize Log Insight application running on the remote host is 4.6.x 4.6.2 or 4.7.x 4.7.1. It is, therefore, affected by an authorization bypass vulnerability. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid119015; scriptversion"1.4";...

bellinghaminsight.org XSS vulnerability

Open Bug Bounty ID: OBB-698585 Description| Value ---|--- Affected Website:| bellinghaminsight.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...

CVE-2018-6980

VMware vRealize Log Insight 4.7.x before 4.7.1 and 4.6.x before 4.6.2 contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which the...

CVE-2018-6980

VMware vRealize Log Insight 4.7.x before 4.7.1 and 4.6.x before 4.6.2 contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which the...

Authorization

VMware vRealize Log Insight 4.7.x before 4.7.1 and 4.6.x before 4.6.2 contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which the...

CVE-2018-6980

CVE-2018-6980 affects VMware vRealize Log Insight, specifically versions 4.7.x before 4.7.1 and 4.6.x before 4.6.2. The issue is an improper authorization in the user registration flow, which may allow Admin users with view-only permission to perform certain administrative actions they should not...

CVE-2018-6980

VMware vRealize Log Insight 4.7.x before 4.7.1 and 4.6.x before 4.6.2 contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which the...

Security Bulletin: IBM Network Performance Insight (CVE-2018-11771)

Summary Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the correct EOF indication after the end of the stream has been reached by the ZipArchiveInputStream method. By reading a specially crafted ZIP archive, a remote attacker could exploit this...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Network Performance Insight

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version IBM JRE 8.0.2.10 used by IBM Network Performance Insight. IBM Network Performance Insight has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivere...

VMSA-2018-0028:VMware vRealize Log Insight updates address an authorization bypass vulnerability

VMSA-2018-0028 VMware vRealize Log Insight updates address an authorization bypass vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0028 VMware Security Advisory Severity: Moderate VMware Security Advisory Synopsis: VMware vRealize Log Insight updates address...