nautobot-ai-ops (>=1.0.0 <=1.0.4), nautobot-device-resources (=1.0.0) +4 more potentially affected by CVE-2026-44794 via nautobot (>=2.0.0 <=2.4.22)

nautobot PYPI version =2.0.0, =1.0.0, =2.0.0, =0.16.0, =2.0.0, =2.5.0 - nautobot-ssot-unifi =1.0.2 Source cves: CVE-2026-44794 Source advisory: SNYK:PYTHON-NAUTOBOT-16691222...

AWS VDP: Non-Production API Endpoints for the AI Ops Service Fails to Log to CloudTrail Resulting in Silent Permission Enumeration

The vulnerability found that there are 5 non-production endpoints for the AI Ops service that can be used with standard IAM credentials and do not log to CloudTrail. While the endpoints do not appear to provide access to customer partition data, they can be used for permission enumeration without...

CVE-2022-22493

IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449...

Security Bulletin: Due to use of Apache Commons, IBM Cloud PAK for Watson AI Ops is vulnerable to remote code execution (CVE-2022-33980)

Summary Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that...

Security Bulletin: Due to use of PostgreSQL JDBC Driver, IBM Cloud PAK for Watson AI Ops is vulnerable to SQL Injection (CVE-2022-31197)

Summary PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that...

Security Bulletin: Due to use of Apple macOS Monterey and macOS Big Sur, IBM Cloud PAK for Watson AI Ops is vulnerable to attacks gaining elevated priviledges (CVE-2022-26691)

Summary A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. Vulnerability Details CVEID:CVE-2022-26691 DESCRIPTION: Apple macOS...

Security Bulletin: Due to use of Apache Log4j, IBM Cloud PAK for Watson AI Ops is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105)

Summary Apache Log4j is used by IBM Cloud PAK for Watson AI Ops as part of its logging infrastructure. The CVE numbers are: CVE-2021-45105 and CVE-2021-45046. Vulnerabilities were identified within the Apache Log4j library that is used by IBM Cloud Pak for Watson AIOps. These vulnerabilities have...