HCL Technologies HCL Launch 安全漏洞

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, Inc. It is used to handle the most complex deployment processes in DevOps. A security vulnerability exists in HCL DevOps Deploy and HCL Launch that stems from the...

PT-2024-19941 · Hcl · Hcl Devops Deploy +1

Name of the Vulnerable Software and Affected Versions: HCL DevOps Deploy / HCL Launch affected versions not specified Description: The issue is related to incomplete revocation of permissions when deleting a custom security resource type. There is no information provided about the estimated numbe...

CVE-2024-22334

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type,...

CVE-2024-22334

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type,...

CVE-2024-22334 IBM UrbanCode Deploy improper privilege control

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type,...

CVE-2024-22334 IBM UrbanCode Deploy improper privilege control

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type,...

CVE-2024-22334

Summary : CVE-2024-22334 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy, with an incomplete revocation of permissions when deleting a custom security resource type. The issue can cause associated permissions of objects using that type to remain or be misreported, leading to inaccurate p...

PT-2024-19347 · Ibm · Ibm Urbancode Deploy +1

Name of the Vulnerable Software and Affected Versions: IBM UrbanCode Deploy versions 7.0 through 7.0.5.20 IBM UrbanCode Deploy versions 7.1 through 7.1.2.16 IBM UrbanCode Deploy versions 7.2 through 7.2.3.9 IBM UrbanCode Deploy versions 7.3 through 7.3.2.4 IBM DevOps Deploy versions 8.0 through...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a incomplete revocation of permissions vulnerability (CVE-2024-22334)

Summary BM DevOps Deploy / IBM UrbanCode Deploy UCD could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to...

CVE-2024-31995 zcap has incomplete expiration checks in capability chains.

@digitalbazaar/zcap provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current da...

CVE-2024-31995 zcap has incomplete expiration checks in capability chains.

@digitalbazaar/zcap provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current da...

Netentsec NS-ASG Application Security Gateway SQL注入漏洞

Netentsec NS-ASG Application Security Gateway is an application security gateway from China Netentsec. A SQL injection vulnerability exists in Netentsec NS-ASG Application Security Gateway version 6.3, which originates from an SQL injection vulnerability in the parameter CRLId in the file...

Secrets Sensei: Conquering Secrets Management Challenges

In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We're all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. Howeve...

BIT-GITLAB-2020-13294

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application...

BIT-GITLAB-2020-13307

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access...

BIT-EJBCA-2021-40088

An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints by verifying that...

How to Find and Fix Risky Sharing in Google Drive

Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally...

CVE-2024-23979

When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point CRLDP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support EoTS are n...

Authentication flaw

When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point CRLDP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support EoTS are n...

CVE-2024-23979

BIG-IP CVE-2024-23979 affects SSL Client Certificate LDAP and CRLDP Authentication profiles when configured on a virtual server, causing undisclosed requests to increase CPU resource utilization and potentially degrade performance (DoS) per the F5 security advisory K000134516. The issue is docume...