77 matches found
Security Bulletin: Vulnerabilities in Websphere Liberty server (WLP) affects IBM Cloud Application Business Insights
Summary Vulnerabilities in Websphere Liberty server WLP affects IBM Cloud Application Business Insights Vulnerability Details CVEID: CVE-2020-4590 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is...
The vulnerability of the cloud-based application for video digitization, annotation, and format conversion in Adobe Prelude lies in the recording beyond buffer boundaries in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the cloud-based application for video digitization, annotation, and Adobe Prelude format conversion involves writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the context of the current use...
Worried About SaaS Misconfigurations? Check These 5 Settings Everybody Misses
Enterprises depend on SaaS applications for countless functions, like collaboration, marketing, file sharing, and more. But problematically, they often lack the resources to configure those apps to prevent cyberattacks, data exfiltration, and other risks. Catastrophic and costly data breaches...
Mail.ru: Disk-o Cloud application (Windows) does not validate server certificate on a TLS connection
A debugging/staging functionality disabling TLS certificate check was accidentally enabled in production code for Disk-O 20.10.0133, fixed in version 20.11.0006. 21.04 version adds integrity check for update process...
Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2020-15358)
Summary In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. Vulnerability Details CVEID: CVE-2020-15358 DESCRIPTION: SQLite is vulnerable to a heap-based buffe...
Barracuda and Microsoft: Securing applications in public cloud
This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go here. Barracuda Cloud Application Protection CAP platform features integrations with Microsoft Azure Active Directory Azure AD and Azure Security Center. A component of CAP,...
Cloud Compliance – A Top Challenge for organizations
Regulatory compliance violations are among the top three biggest Cloud Application Security challenges for organizations, according to the CyberEdge Group’s ‘2020 Cyberthreat Defense Report’. Equally concerning are ‘Limitations of cloud service provider’s security tools’ which come in joint secon...
Advanced Bot Protection integrated into Imperva’s Cloud Application Security
Today, Imperva announced the general availability of Advanced Bot Protection that now fully integrates the industry-leading bot protection technology into its Cloud Application Security platform. By integrating Advanced Bot Protection this enables true defense-in-depth security by delivering bot...
Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products
Summary Multiple vulnerabilities in the Oracle Java SE and the Java SE Embedded impact the IBM SDK, Java Technology Edition. Vulnerability Details CVEID: CVE-2020-2593 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Networking component could allow an unauthenticated...
WAGO PFC200 Cloud Connectivity Remote Code Execution Vulnerability
Summary An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200. A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges. Tested Versions WAGO PFC200 Firmware versi...
Information leakage vulnerability with the application of the Citizen Cloud App
With the application of the Citizen Cloud APP is a life service platform designed for Shanghai citizens. There is an information leakage vulnerability in the APP, which can be exploited by attackers to obtain the user's corresponding ID card information...
Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2019-16168)
Summary SQLite is vulnerable to a denial of service, caused by missing validation of a sqlitestat1 sz field in whereLoopAddBtreeIndex in sqlite3.c. By providing specially-crafted input, a remote attacker could exploit this vulnerability to cause the application to crash. Vulnerability Details...
Security Bulletin: A vulnerability in IBM Websphere Application Server affects the IBM Performance Management product (CVE-2018-1901)
Summary IBM WebSphere Application Server could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. Vulnerability Details CVEID: CVE-2018-1901 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to...
Security Bulletin: A vulnerability in IBM Websphere Application Server affects the IBM Performance Management product (CVE-2019-4046)
Summary IBM WebSphere Application Server is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM Performance Management has addressed the applicable CVE. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Monitoring. IBM Monitoring has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2684 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded...
PT-2019-16891 · Ibm · Ibm Application Performance Management
Name of the Vulnerable Software and Affected Versions: IBM Cloud Application Performance Management version 8.1.4 Description: A remote attacker could hijack the clicking action of a victim by persuading them to visit a malicious Web site, potentially launching further attacks against the victim...
Design/Logic Flaw
Creative Cloud Desktop Application 4.6.1 and earlier versions have an insecure transmission of sensitive data vulnerability. Successful exploitation could lead to information leakage...
Stronger Together, Red Hat 3scale Integration
Most enterprises today rely on customers accessing their applications to conduct daily business. These enterprises know by now that application programming interfaces APIs are becoming more common than ever before to enable communication between applications and end users. Even though they are...
Design/Logic Flaw
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize...
CVE-2019-9872
CVE-2019-9872 affects JetBrains IntelliJ IDEA Ultimate. When creating run configurations for cloud application servers, credentials could be saved in plaintext in IDE configuration files. If the Settings Repository plugin was used to synchronize settings to a public repository, these credentials ...