149 matches found
EUVD-2020-26012
Malware in sbrugna...
Security Bulletin: Multiple Vulnerabilities in Multicloud Management Security Services
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Multicloud Management Security Services Vulnerability Details CVEID:CVE-2022-1705 DESCRIPTION: Golang Go is vulnerable to HTTP request smuggling, caused by a flaw with accepting of some invalid Transfer-Encoding headers in the HTTP/...
Security Bulletin: Vulnerability in IBM Cloud Pak for Multicloud Management
Summary A vulnerability in IBM Cloud Pak for Multicloud Management has been delivered in a HotFix for 2.3 FP9 Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Jsonpath-plus could allow a remote attacker to execute arbitrary code on the system, caused by improper input sanitization and unsa...
CVE-2022-42438
IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210...
CVE-2023-46175
IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user...
CVE-2023-46175 IBM Cloud Pak for Multicloud Management information disclosure
IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user...
CVE-2023-46175 IBM Cloud Pak for Multicloud Management information disclosure
IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user...
CVE-2023-46175
CVE-2023-46175 affects IBM Cloud Pak for Multicloud Management (CP4MCM) versions 2.3 through 2.3 FP8. The issue is that credentials are stored in a log file in plain text, which could be read by a privileged user, exposing sensitive data. The available public remediation is to upgrade to version ...
IBM Cloud Pak for Multicloud Management 安全漏洞
IBM Cloud Pak for Multicloud Management is an application from International Business Machines IBM, Inc. The default functionality used to manage multi-cloud environments. A security vulnerability exists in IBM Cloud Pak for Multicloud Management versions 2.3 through 2.3 FP8 that stems from stori...
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 9 Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding headers. By sending a...
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 8 Vulnerability Details CVEID:CVE-2023-25577 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart form data with many fields. By...
Security Bulletin: Due to use of Golang Go, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities.
Summary Golang Go is used by IBM Cloud Pak for Multicloud Management Monitoring as part of coding language. The vulnerabilities below have been addressed. Vulnerability Details CVEID:CVE-2023-29400 DESCRIPTION: Golang Go is vulnerable to HTML injection. A remote attacker could inject malicious HT...
Security Bulletin: Due to use of Scala, IBM Cloud Pak for Multicloud Management Monitoring could allow a remote authenticated attacker to execute arbitrary code on the system. [CVE-2022-36944]
Summary Scala is used by IBM Cloud Pak for Multicloud Management Monitoring, to process large amounts of data smoothly and efficiently. The vulnerability has been addresssed. Vulnerability Details CVEID:CVE-2022-36944 DESCRIPTION: Scala could allow a remote authenticated attacker to execute...
Security Bulletin: Due to use of NodeJS, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple security vulnerabilities.
Summary NodeJS is used by multiple components of IBM Cloud Pak for Multicloud Management Monitoring as a runtime environment Vulnerability Details CVEID:CVE-2022-32212 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly che...
Security Bulletin: Due to use of Spark from Hadoop, IBM Cloud Pak for Multicloud Management Monitoring could allow a remote attacker to traverse directories on the system.
Summary Vulnerability in Spark from Hadoop affect IBM Cloud Pak for Multicloud Management Monitoring. Vulnerability Details CVEID:CVE-2018-8009 DESCRIPTION: Apache Hadoop could could allow a remote attacker to traverse directories on the system. By persuading a victim to extract a specially-craft...
Security Bulletin: Due to use of Apache Cassandra , IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to an authenticated attacker to gaining elevated privileges.
Summary Apache cassandra is used by IBM Cloud Pak for Multicloud Management Monitoring as part of saving data on several components. Vulnerability Details CVEID:CVE-2023-30601 DESCRIPTION: Apache Cassandra could allow a local authenticated attacker to gain elevated privileges on the system, cause...
Security Bulletin: Due to use of Mozilla Firefox, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities.
Summary Mozilla Firefox ESR is used by IBM Cloud Pak for Multicloud Management Monitoring as part of the selenium scripts / tests agent. Vulnerability Details CVEID:CVE-2023-29539 DESCRIPTION: Mozilla Firefox could allow a remote attacker to download arbitrary files, caused by the truncation of...
Security Bulletin: Multiple Vulnerabilities in Multicloud Management Security Services
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Multicloud Management Security Services Vulnerability Details CVEID:CVE-2022-31512 DESCRIPTION: flask-mvc could allow a remote attacker to traverse directories on the system, caused by the Flask sendfile function being used unsafely...
Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service
Three new security flaws have been disclosed in Microsoft Azure API Management service that could be abused by malicious actors to gain access to sensitive information or backend services. This includes two server-side request forgery SSRF flaws and one instance of unrestricted file upload...
Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.7 Bug Fix and security update
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.11.7 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS ba...