Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Asset and Service Management

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...

CVE-2018-18568

Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business...

CVE-2018-1509

IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle MITM attack. The software might connect to a malicious host while believing it is a trusted host, or the...

Code injection

IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle MITM attack. The software might connect to a malicious host while believing it is a trusted host, or the...

CVE-2018-1509

IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle MITM attack. The software might connect to a malicious host while believing it is a trusted host, or the...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2018-8039)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Security Bulletin:...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2018-8039)

Summary WebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: Potential MITM attack in Apache CXF used by WebSphere Application Server bundled with IBM WebSphere Application Server Patterns (CVE-2018-8039)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin:...

Antidote 9.5.1 Code Execution Exploit

CVE-2018-13140 Antidote Remote Code Execution against the update component Description Antidote is a spell checker software for Windows, Linux macOS operating system. Threat The application is affected by a remote code execution against the update component. It leads to code execution with high...

Security Bulletin: Potential MITM attack in Apache CXF used by WebSphere Application Server (CVE-2018-8039)

Summary There is a potential man-in-the-middle attack in Apache CXF used by WebSphere Application Server CVE-2018-8039 Vulnerability Details CVEID: CVE-2018-8039 DESCRIPTION: Apache CXF could allow a remote attacker to conduct a man-in-the-middle attack. The TLS hostname verification does not wor...

AVM FRITZ!Box Firmware Signature Bypass

Multiple AVM FRITZ!Box devices are using an improper verification of cryptographic signatures. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2018-11775

TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default...

Grammarly: "More on Wikipedia" link disclose "Referrer" and leak `window.opener` reference for arbitrary websites

Summary: "Referrer" leak http:// link to Wikipedia transferring Referrer header allows a remote attacker with MITM access to sniff Referrer URL for important tokens after following "More on Wikipedia" link. Controllable page MITM with window.opener pointing to the navigation-initiated webpage...

Experts Bemoan Shortcomings with IoT Security Bill

An internet of things IoT bill that would mandate unique passwords for connected devices has been approved by the California state legislature. It will be the first potential connected device regulation to come into effect in the United States if California Gov. Jerry Brown decides to sign it —...

CVE-2018-11078

Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic...

Design/Logic Flaw

Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic...

CVE-2018-11078

Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic...

CVE-2018-2460

SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack...

Design/Logic Flaw

SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack...

Azure IoT SDK Spoofing Vulnerability

A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform. An attacker who successfully exploited this vulnerability could impersonate a server used during the provisioning process. To exploit this vulnerability, an...