Security Bulletin: Vulnerability Werkzeug, Twisted-22.10.0-py3, requests-2.32.2-py3, commons-lang-2.6, commons-fileupload-1.5, urllib3-2.2.2, jetty-server-9.4.56.v20240826 affect IBM Cloud Object Storage Systems (Oct 2025)

Summary Vulnerability with Werkzeug CVE-2024-34069, CVE-2023-46136 ,CVE-2024-49767, CVE-2024-49766 Twisted-22.10.0-py3 CVE-2024-41810, CVE-2023-46137, CVE-2024-41671, requests-2.32.2-py3 CVE-2024-47081, urllib3-2.2.2 CVE-2025-50182,CVE-2025-501810 commons-lang-2.6CVE-2025-48924,...

Security Bulletin: Vulnerability with spring-security-crypto and jinja affect IBM Cloud Object Storage Systems (July 2025)

Summary Vulnerability with spring-security-crypto CVE-2025-22228 and jinja CVE-2025-27516 . This vulnerability has been addressed in the latest ClevOS release. Vulnerability Details CVEID:CVE-2025-22228 DESCRIPTION: BCryptPasswordEncoder.matchesCharSequence,String will incorrectly return true for...

Security Bulletin: XSS vulnerability affects IBM Cloud Object Storage System (CVE-2021-39014)

Summary XSS vulnerability affects IBM Cloud Object Storage System CVE-2021-39014. This vulnerability has been addressed in the latest ClevOS releases. Vulnerability Details CVEID:CVE-2021-39014 DESCRIPTION: IBM Cloud Object System is vulnerable to stored cross-site scripting. This vulnerability...

Security Bulletin: Vulnerability with NTP 4.2.8p15 affect IBM Cloud Object Storage Systems (March 2025)

Summary Vulnerability with NTP CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554 . This vulnerability has been addressed in the latest ClevOS release Vulnerability Details CVEID:CVE-2023-26552 DESCRIPTION: mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when...

Security Bulletin: Vulnerability with Apache HTTP, OpendJDK, python3 and spring-web affect IBM Cloud Object Storage Systems (Sept 2024v1)

Summary Vulnerability with Apache HTTP CVE-2024-38474, CVE-2024-39573,CVE-2024-38477,CVE-2024-38473,CVE-2024-38476,CVE-2024-38475, OpenJDK CVE-2024-21131, CVE-2024-21147, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145, python3 CVE-2024-37891,CVE-2024-39689,CVE-2024-6345,CVE-2024-3651 and SpringWe...

Security Bulletin: Vulnerability with OpenJDK, commons-compress and spring-web-5.3.27/spring-web-5.3.32 affect IBM Cloud Object Storage Systems (April 2024v1)

Summary Vulnerability with OpenJDK- CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20945, CVE-2024-20932, CVE-2024-20919, CVE-2024-20926, commons-compress CVE-2024-25710, CVE-2024-26308 , spring-web-5.3.27 CVE-2024-22243, spring-web-5.3.32CVE-2024-22259. This vulnerability has been...

Security Bulletin: Vulnerability with Kernel affect IBM Cloud Object Storage Systems (Jan 2024v1)

Summary Vulnerability with Kernel - CVE-2023-45871 This vulnerability has been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-45871 DESCRIPTION: Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the IGB driver in...

Security Bulletin: Vulnerability with Kernel and Lib cURL affect IBM Cloud Object Storage Systems (Jan 2024v1)

Summary Vulnerability with Kernel - CVE-2023-5717, CVE-2023-3772, CVE-2023-39194, CVE-2023-39192, CVE-2023-46219, CVE-2023-39193, CVE-2023-45863, CVE-2023-1206, & CVE-2023-4208 and Lib cURL CVE-2023-46218 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details...

Security Bulletin: Vulnerability with MariaDB and OpenJDK affect IBM Cloud Object Storage Systems (Dec2023v1)

Summary Vulnerability with MariaDB - CVE-2022-47015 and OpenJDK CVE-2023-22081 & CVE-2023-22025 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2022-47015 DESCRIPTION: MariaDB is vulnerable to a denial of service, caused by a NULL pointer...

Security Bulletin: Vulnerability with urlib3 affect IBM Cloud Object Storage Systems (Nov2023v2)

Summary Vulnerability with urllib3 - CVE-2023-43804 and CVE-2023-45803 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw...

Security Bulletin: Vulnerability with snappy-java affect IBM Cloud Object Storage Systems (Oc2023v1)

Summary Vulnerability with snappy-java CVE-2023-43642 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a...

Security Bulletin: Vulnerability with Python affect IBM Cloud Object Storage Systems (Sept2023v2)

Summary Vulnerability with Python CVE-2023-40217 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-40217 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by a race condition in the SSLSocket module...

clevos.co.kr XSS vulnerability

Open Bug Bounty ID: OBB-484052 Description| Value ---|--- Affected Website:| clevos.co.kr Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based ...