EUVD-2015-0140

Malware in sbrugna...

EUVD-2016-0358

Malware in sbrugna...

EUVD-2015-0216

Malware in sbrugna...

MAL-2025-15887 Malicious code in bluemix-objstore (npm)

The package bluemix-objstore was found to contain malicious code...

Malicious code in bluemix-objstore (npm)

The package bluemix-objstore was found to contain malicious code...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affected IBM Workflow for Bluemix October 2015

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8. that is used by IBM Workflow for Bluemix. These issues were disclosed as part of the IBM® SDK, Java™ Technology Edition updates in October 2015. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affected IBM Workflow for Bluemix April 2016 (CVE-2016-3426)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM Workflow for Bluemix. These issues were disclosed as part of the IBM® SDK, Java™ Technology Edition updates in April 2016. Vulnerability Details CVEID: CVE-2016-3426 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Bluemix Workflow

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.1 that is used by Bluemix Workflow. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL...

Security Bulletin: Vulnerabilities in OpenSSL affect Bluemix Workflow (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-204, CVE-2015-205, CVE-2015-206)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes the vulnerability that has been referred to as “FREAK”. OpenSSL is used by Bluemix Workflow for internal communication. Bluemix Workflow has addressed the applicable CVEs. Vulnerability Details...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affected IBM Workflow for Bluemix January 2016 (CVE-2015-7575, CVE-2016-0466, CVE-2016-0475)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8. that is used by IBM Workflow for Bluemix. These issues were disclosed as part of the IBM® SDK, Java™ Technology Edition updates in January 2016 and include the vulnerability commonly referred to as "SLOTH"...

CVE-2015-0102

IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2015-0102

CVE-2015-0102 affects IBM Workflow for Bluemix. The vulnerability arises because the session cookie is not marked Secure in HTTPS, enabling network attackers to potentially capture the cookie during transmission over HTTP. NVD lists CVSS‑3.1 base score 8.1 (High) and CVSS‑2 base score 5.8 (Medium...

CVE-2015-0102

IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Security Bulletin: Multiple vulnerabilities in current releases of IBM® SDK for Node.js™ in IBM Bluemix (CVE-2015-3197, CVE-2016-2086, CVE-2016-2216)

Summary This bulletin describes CVE-2015-3197 that was reported on January 26, 2015 by the OpenSSL Project, plus two additional vulnerabilities. Vulnerability Details CVEID: CVE-2015-3197 DESCRIPTION: OpenSSL could allow a remote attacker to conduct man-in-the-middle attacks, caused by the use of...

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM® SDK for Node.js™ in IBM Bluemix

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes the Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000 which affects IBM SDK for Node.js in IBM Bluemix. Vulnerability Details CVEID: CVE-2015-4000...

Security Bulletin: Current Release of IBM® SDK for Node.js™ in IBM Bluemix is affected by CVE-2015-5380

Summary Denial of service vulnerability caused by an out of bounds write in the V8 JavaScript engine's UTF decoder. Vulnerability Details CVEID: CVE-2015-5380 DESCRIPTION: Google V8, as used in Node.js, is vulnerable to a denial of service that is caused by the failure to verify available memory...

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ in IBM Bluemix

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js has addressed the applicable CVEs including the "DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability. Vulnerability Details...

Security Bulletin: Current Releases of IBM® SDK for Node.js™ in IBM Bluemix are affected by CVE-2016-3956, CVE-2016-2515 and CVE-2016-2537.

Summary IBM SDK for Node.js in IBM Bluemix are affected by a HTTP bearer token leak in the npm package management tool and two denial of service vulnerabilities in modules used by the npm package management tool. Vulnerability Details CVE-ID: CVE-2016-3956 Description: npm could allow a remote...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ in IBM Bluemix (CVE-2017-3735 CVE-2017-14919)

Summary OpenSSL vulnerabilities were disclosed on November 2, 2017 by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js has addressed the applicable CVEs.A vulnerability was disclosed in October 2017 by the Node.js project. IBM SDK for Node.js has addressed the CVE...