ROS-20240402-14

Vulnerability of a VPN packet based on IPSec strongSwan protocol is caused by a bug in the charon-tkm process with the key exchange IKE protocol implementation based on TKMv2 Trusted Key Manager. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

The vulnerability of the Guardium Cloud Key Manager (CKM), a data encryption software from IBM Guardium, allows a perpetrator to execute arbitrary code.

The vulnerability of the Guardium Cloud Key Manager CKM, a data encryption software from IBM Guardium, exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially create...

CVE-2023-28373

A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode...

CVE-2023-28373

A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode...

Code injection

A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode...

Pure Storage FlashBlade Security Vulnerability

Pure Storage FlashBlade is a consolidated storage platform for file and object workloads from U.S.-based Pure Storage. A security vulnerability exists in FlashBlade Purity OE version 4.1.0 that originates when an array administrator affects the availability of data on the system, including...

CVE-2023-28373

CVE-2023-28373 describes a flaw in FlashArray Purity where an array administrator configuring an external key manager can affect data availability, including SafeMode-protected snapshots. The connected documents confirm the impact on availability but do not specify exploit details or a confirmed ...

CVE-2023-28373 FlashArray SafeMode Immutable Vulnerability

A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode...

IBM Security Guardium Data Encryption Code Execution Vulnerability

IBM Security Guardium Data Encryption is a software from International Business Machines IBM that is used to secure sensitive data within an organization. The software protects assets located in cloud, virtual, big data and physical environments by controlling access to databases, files,...

IBM Security Guardium Data Encryption Access Control Error Vulnerability

IBM Security Guardium Data Encryption is a software from International Business Machines IBM that is used to secure sensitive data within an organization. The software protects assets located in cloud, virtual, big data and physical environments by controlling access to databases, files,...

CVE-2023-26272

IBM Security Guardium Data Encryption IBM Guardium Cloud Key Manager GCKM 1.10.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID:...

CVE-2023-26270

IBM Security Guardium Data Encryption IBM Guardium Cloud Key Manager GCKM 1.10.3 could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute...

CVE-2023-26271

IBM Security Guardium Data Encryption IBM Guardium Cloud Key Manager GCKM 1.10.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126...

CVE-2023-26270

IBM Security Guardium Data Encryption IBM Guardium Cloud Key Manager GCKM 1.10.3 could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute...

CVE-2023-26271

IBM Security Guardium Data Encryption IBM Guardium Cloud Key Manager GCKM 1.10.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126...

Sql injection

IBM Security Guardium Data Encryption IBM Guardium Cloud Key Manager GCKM 1.10.3 could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute...

CVE-2023-26270

CVE-2023-26270 affects IBM Guardium Data Encryption (GDE) Guardium Cloud Key Manager (GCKM) 1.10.3. The root cause is an Angular template injection flaw that could allow a remote attacker to execute arbitrary code. IBM and related sources list the remediation as upgrading to GCKM 1.10.4. Public r...

CVE-2023-26271

IBM Guardium Data Encryption (GCKM) 1.10.3 and earlier is affected by CVE-2023-26271 due to an inadequate account lockout that could allow remote brute-forcing of credentials. The issue affects Guardium Cloud Key Manager (GCKM) within IBM Guardium Data Encryption; root cause described as improper...

IBM Security Guardium Data Encryption 安全漏洞

IBM Security Guardium Data Encryption is a software from International Business Machines IBM that is used to secure sensitive data within an organization. The software protects assets located in cloud, virtual, big data and physical environments by controlling access to databases, files,...

IBM Security Guardium Data Encryption 跨站脚本漏洞

IBM Security Guardium Data Encryption is a software from International Business Machines IBM that is used to secure sensitive data within an organization. The software protects assets located in cloud, virtual, big data and physical environments by controlling access to databases, files,...