RHEL 7 : python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python: Stack-based buffer overflow in PyCArgrepr in ctypes/callproc.c CVE-2021-3177 - python: XML Extern...

CVE-2024-33829

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/readDeal.php?mudi=updateWebCache...

CVE-2024-33830

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/readDeal.php?mudi=clearWebCache...

CVE-2024-33829

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/readDeal.php?mudi=updateWebCache...

CVE-2024-33830

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/readDeal.php?mudi=clearWebCache...

Security Bulletin: Vulnerability in Axios might affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2023-45857)

Summary Vulnerabilities in axios might affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerabilities include allowing remote attacker to perform cross-site scripting attacks, Web cache poisoning and other malicious attacks. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is...

Security Bulletin: Vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis (CVE-2023-40167)

Summary There is a potential HTTP request smuggling vulnerability in Apache Solr. This has been addressed. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header. By sending a specially crafted...

Security Bulletin: IBM Event Streams is vulnerable to HTTP request smuggling (CVE-2023-40167)

Summary IBM Event Streams is vulnerable to HTTP request smuggling due to Jetty component. Jetty provides client-side libraries that allow us to embed an HTTP or WebSocket client in our applications. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request...

BIT-PYTHON-2021-23336 Web Cache Poisoning

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

BIT-DJANGO-2021-23336 Web Cache Poisoning

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-40167]

Summary The jetty-http package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEsCVE-2023-40167. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) may be vulnerable to HTTP request smuggling (CVE-2023-46589)

Summary Due to the use of Apache Tomcat, IBM DevOps Deploy / IBM UrbanCode Deploy UCD is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP trailer headers. By sending a specially crafted HTTPS trailer header, an attacker could exploit this vulnerability to poison the we...

Dell iDRAC8 Injection (CVE-2021-21510)

Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary Host' header values to poison a web-cache or trigger redirections. This plugin only works with Tenable.ot...

Security Bulletin: [All] Apache Tomcat (core only) - CVE-2023-45648 (Publicly disclosed vulnerability)

Summary Apache Tomcat is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP trailer headers. By sending a specially...

Security Bulletin: A vulnerability in axios affects IBM Robotic Process Automation and may result in cross-site request forgery (CVE-2023-45857).

Summary axios is used by IBM Robotic Process Automation as part of control center CVE-2023-45857. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By inserting the X-XSRF-TOKEN header...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to cross-site request forgery (CVE-2023-45857)

Summary There is a vulnerability in Axios used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery,...

Security Bulletin: Vulnerability in Apache Tomcat affects App Connect Professional.

Summary App Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat. Vulnerability Details CVEID:CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP trailer headers. By sending a specially crafted...

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to a HTTP tequest smuggling vulnerability (CVE-2023-45648)

Summary Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP trailer headers. By sending a specially crafted invalid trailer header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct X...

Security Bulletin: IBM UrbanCode Deploy (UCD) is affected by a HTTP request smuggling Vulnerability in Eclipse Jetty (CVE-2023-40167)

Summary Due to the use of Jetty IBM UrbanCode Deploy UCD is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header. By sending a specially crafted request, a remote attacker could exploit this vulnerability to poison the web cache, bypass web application...

Security Bulletin: IBM Integration Bus is vulnerable to multiple CVEs due to Apache Tomcat.

Summary Due to Apache Tomcat, IBM Integration Bus is vulnerable to multiple CVEs. CVE-2023-45648, CVE-2023-42794, CVE-2023-44487, CVE-2023-42795. Vulnerability Details CVEID: CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP...