531 matches found
Security Bulletin: IBM App Connect Enterprise Certified Container operator and the IntegrationServer and IntegrationRuntime operands are vulnerable to networking errors [CVE-2024-24790]
Summary IBM App Connect Enterprise Certified Container operator and the IntegrationServer and IntegrationRuntime operands contain Golang binaries that are vulnerable to networking errors. This bulletin provides patch information to address the reported vulnerability. CVE-2024-24790 Vulnerability...
Brandon Adkins’ Career Journey - Taking Chances and Tackling New Challenges
Brandon Adkins is the Manager of our Threat Intelligence & Detection Engineering TIDE team. His career journey spans a variety of roles and teams where he has been able to showcase his technical skills in security. Since joining Rapid7, he’s had experience as a Penetration Testing Consultant,...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution
Summary Salesforce tough-cookie is used by IBM App Connect Enterprise Certified Container for handling cookies. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service [CVE-2024-38355]
Summary Socket.IO is used by IBM App Connect Enterprise Certified Container for real-time UI updates. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...
Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the Python Cryptographic Authority package
Summary The Python cryptography package which provides both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, message digests, and key derivation functions, is used by IBM Ansible plug-in. This library is vulnerable to CVE-2024-26130...
Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the cryptography package
Summary Storage Virtualize Ansible Collection uses the cryptography package to provide common cryptographic algorithms. Version 41.0.7 of cryptography package is vulnerable to CVE-2023-50782. Vulnerability Details CVEID:CVE-2023-50782 DESCRIPTION: Python Cryptographic Authority cryptography could...
Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the paramiko package
Summary Storage Virtualize Ansible Collection uses the third-party library paramiko to implement SSH for authentication to target systems. Version 3.3.1 of paramiko is vulnerable to CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2024-31904]
Summary Calls to the Admin API in IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability. CVE-2024-31904 Vulnerability Details...
Security Bulletin: IBM App Connect Enterprise Certified Container operator, IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2024-24783]
Summary Golang Go is used by the operator, and the IntegrationServer and IntegrationRuntime operands in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operator, and IntegrationServer and IntegrationRuntime operands are vulnerable to denial of servic...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service due to [CVE-2024-24788]
Summary Golang Go is used by a parent process in the IntegrationServer and IntegrationRuntime operands of IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to [CVE-2024-33883]
Summary Node.js module ejs is used by IBM App Connect Enterprise Certified Container for generating user interfaces in the DesignerAuthoring operand. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.17 LTS and 11.5.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality due to [CVE-2024-28849]
Summary Node.js module follow-redirects is used by IBM App Connect Enterprise Certified Container for http communications. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality and denial of service due to [CVE-2023-46809] [CVE-2024-21892] [CVE-2024-22019]
Summary Node.js is used by IBM App Connect Enterprise Certified Container as one of the main runtimes. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality and denial of service. This bulletin provides patch information to address the reported...
Security Bulletin: IBM App Connect Enterprise Certified Container instances that run or edit flows containing JSONata mapping are vulnerable to arbitrary code execution due to [CVE-2024-27307]
Summary JSONata is used by IBM App Connect Enterprise Certified Container flows for mapping and extracting values within a JSON document. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands that run or edit flows containing JSONata...
Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility
Summary There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-20918 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands may be vulnerable to denial of service
Summary The Bouncy Castle Crypto Package For Java is used by the MQ Client in IBM App Connect Enterprise Certified Container IntegrationServers and IntegrationRuntimes. This bulletin provides patch information to address the reported vulnerability in the Bouncy Castle Crypto Package For Java...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service due to [CVE-2023-24762]
Summary FastAPI is used by IBM App Connect Enterprise Certified Container for internal HTTP communications. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to addres...
Security Bulletin: App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.14 LTS and 11.2.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
The vulnerability of the PJSIP_HEADER() function in Asterisk IP telephony management systems and Certified Asterisk versions allows attackers to trigger a service failure.
The vulnerability of the PJSIPHEADER function in Asterisk IP telephony systems and Certified Asterisk is related to the operation of writing data beyond the buffer in memory when processing the update argument. Exploiting this vulnerability can allow a malicious actor to cause service failures...