Security Bulletin: IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations

Summary The KT1 component of ITM/ITCAM Agents, hereafter referred to as simply Agents, provides the ability to read from and write to the local file system. This facility is utilised by features such as SDA, Self-Describing Agent, which ensures that updates to a product's application support file...

OpenSearch Data Prepper uses deprecated SSL protocol identifier

Impact The GeoIP processor and Kafka source and buffer were using the deprecated "SSL" protocol identifier when creating SSL contexts, potentially allowing the use of insecure SSL protocols instead of modern TLS versions. Multiple Data Prepper plugins used SSLContext.getInstance"SSL" which could...

Security Bulletin: Vulnerability in SSLv3 affects WebSphere DataPower XC10 Appliance versions 2.1 and 2.5 (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in the WebSphere DataPower XC10 Appliance versions 2.1 and 2.5. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: The product could allow a...