54 matches found
Security Bulletin: IBM B2B Sterling integrator is affected by Apache Santuario vulnerability to information disclosure
Summary IBM B2B Sterling integrator is vunerable to information disclosure due to Apache Santuario Vulnerability Details CVEID:CVE-2023-44483 DESCRIPTION: Apache Santuario could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of a private key in the lo...
What is known about the Spoofing – Windows MSHTML Platform (CVE-2024-43573) vulnerability from the October Microsoft Patch Tuesday?
What is known about the Spoofing - Windows MSHTML Platform CVE-2024-43573 vulnerability from the October Microsoft Patch Tuesday? In fact, just that it is being exploited in the wild. There are no write-ups or public exploits yet. The Acknowledgements section in the Microsoft bulletin is empty. I...
Security Bulletin: Information disclosure vulnerabilities affect IBM Business Automation Workflow - CVE-2024-28849, CVE-2024-21501
Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage...
Security Bulletin: IBM Decision Optimization for Cloud Pak for Data may be vulnerable to a remote attacker (CVE-2024-28849)
Summary There is a vulnerability in follow-redirects used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could...
CVE-2024-21080
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: REST Services. Supported versions that are affected are 12.2.9-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications...
Security Bulletin: Vulnerability in IBM® SDK, Java™ Technology affects IBM Cloud Pak System [CVE-2022-3676]
Summary Vulnerability in IBM® SDK, Java™ Technology affect Cloud Pak System. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a...
Security Bulletin: IBM Event Streams is affected by a remote code execution vulnerability (CVE-2023-26136).
Summary A Remote Code Execution RCE vulnerability in Salesforce tough-cookie could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. Vulnerability Detai...
Security Bulletin: IBM Integration Bus is vulnerable to a remote attacker due to Apache Tomcat
Summary IBM Integration Bus is vulnerable to a remote attacker due to Apache Tomcat CVE-2023-41080. Vulnerability Details CVEID:CVE-2023-41080 DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the FORM authentication...
Security Bulletin: A security vulnerability has been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (CVE-2022-3676)
Summary IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type chec...
Security Bulletin: IBM Safer Payments vulnerable to denial of service attack (CVE-2023-27556)
Summary The API and MCI interfaces of IBM Safer Payments are vulnerable to the Slowloris denial of service attack. This vulnerability is addressed Vulnerability Details CVEID:CVE-2023-27556 DESCRIPTION: IBM Counter Fraud Management for Safer Payments does not properly allocate resources without...
Security Bulletin: A vulnerability in IBM Java Runtime affects SPSS Collaboration and Deployment Services (CVE-2021-28167)
Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by SPSS Collaboration and Deployment Services. This issue has been addressed. Vulnerability Details CVEID:CVE-2021-28167 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions,...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to a denial of service due to Vmware Tanzu Spring Framework (CVE-2022-22971)
Summary IBM Sterling Partner Engagement Manager uses Vmware Tanzu Spring Framework that is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. The issue has been addressed. Vulnerability Details CVEID:CVE-2022-22971 DESCRIPTION: Vmware Tanzu Spring Framework ...
LS ELECTRIC PLC and XG5000 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor : LS ELECTRIC, LS Industrial Systems LSIS Co. Ltd Equipment: LS ELEC PLC and XG5000 Vulnerability: Inadequate Encryption Strength 2. UPDATE This updated advisory is a follow-up to the original advisory...
CVE-2021-2481
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
VMware vRealize Orchestrator update addresses open redirect vulnerability (CVE-2021-22036)
3. VMware vRealize Orchestrator update addresses open redirect vulnerability CVE-2021-22036 VMware vRealize Orchestrator contains an open redirect vulnerability due to improper path handling. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv...
CVE-2021-2020
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
CVE-2021-2020
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
Intel CSI2 Host Controller Advisory
Summary: A potential security vulnerability in the Intel Camera Serial Interface CSI 2 Host Controller driver may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2020-0573 Description: Out of bounds read...
CVE-2020-14800
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...
Security Bulletin: Publicly disclosed vulnerability found by vFinder in IBM eDiscovery Analyzer
Summary Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct...