154 matches found
IBM Concert 路径遍历漏洞
IBM Concert Software is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A path traversal vulnerability exists in IBM Concert Software that stems from improperly handling URL requests that contain point sequences, a...
AI Inference on Akamai Cloud: Enabling Developers to Accelerate Edge Native Applications
...
IBM Concert Brute Force Exploit
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A brute force vulnerability exists in IBM Concert version 1.0.5 that stems from insufficient account lockout settings and can be exploited by an attack...
IBM Concert Input Validation Error Vulnerability (CNVD-2025-02547)
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An input validation error vulnerability exists in IBM Concert versions 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3, which stems from incorrect log...
IBM Concert Information Disclosure Vulnerability (CNVD-2025-02548)
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An information disclosure vulnerability exists in IBM Concert versions 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3, which stems from a detailed technical...
CVE-2024-56513 Karmada PULL Mode Cluster Privilege Escalation
Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the karmadactl register command have excessive privileges to access control plane resources...
IBM Concert Access Control Error Vulnerability
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An Access Control Error vulnerability exists in versions prior to IBM Concert 1.0.3 that stems from improper access control and can be exploited by an...
IBM Concert Trust Management Issues Vulnerability (CNVD-2024-49175)
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A trust management issue vulnerability exists in IBM Concert versions 1.0.0 and 1.0.1 that stems from vulnerability to attacks that rely on the use of...
Gartner 2024 CNAPP Market Guide Insights for Leaders
As businesses increasingly pivot to cloud-native applications, the landscape of cybersecurity becomes ever more challenging...
Enhancing Cloud-Native Security: Qualys Introduces Scanning for Container-Optimized OS in Google Kubernetes Engine
As organizations move from traditional workloads to containerized environments, they encounter new security challenges. Containers bring added complexity that traditional security tools often struggle to manage, largely because of their transient nature and the shared responsibility between the...
IBM Concert Information Disclosure Vulnerability
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A security vulnerability exists in IBM Concert version 1.0 that stems from not setting a security attribute on an authorization token or session cookie...
5 Key Insights from the Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP)
As the cloud landscape continues to evolve, organizations face the growing challenge of securing their cloud-native applications. We feel the 2024 Gartner Market Guide for Cloud-Native Application Protection Platforms CNAPP provides invaluable insights into the latest trends and technologies that...
CVE-2024-40636
Steeltoe is an open source project that provides a collection of libraries that helps users build production-grade cloud-native applications using externalized configuration, service discovery, distributed tracing, application management, and more. When utilizing multiple Eureka server service UR...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update
An update is now available for Red Hat OpenShift GitOps 1.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
BIT-ENVOY-2021-43825 Use-after-free in Envoy
Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered dat...
BIT-ENVOY-2022-21656 X.509 subjectAltName matching bypass in Envoy
Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...
BIT-ENVOY-2022-21657 X.509 Extended Key Usage and Trust Purposes bypass in Envoy
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage...
BIT-ENVOY-2023-27491 Envoy forwards invalid Http2/Http3 downstream headers
Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed request...
BIT-ENVOY-2023-35942 Envoy's gRPC access log crash caused by the listener draining
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a use-after-free crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9,...
google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...