5 matches found
Security Bulletin: IBM QRadar User Behavior Analytics is vulnerable to components with known vulnerabilities
Summary IBM QRadar User Behavior Analytics contains vulnerable packages/components and that may be identified and potentially exploited. The packages have been updated in the latest release and the vulnerabilities identified in the CVEs have been addressed. Please follow the instructions in the...
Security Bulletin: Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities
Summary Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities. IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-28469 DESCRIPTION: Node.js...
3dcore-lib (=0.17.9), 42-cli (>=1.0.0 <=1.0.4) +2735 more potentially affected by CVE-2020-28498 via elliptic (>=0.10.2 <=6.5.3)
elliptic NPM version =0.10.2, =1.0.0, =1.0.0, =0.1.0, =0.0.0-alpha8, =2.0.0, =2.0.0, =1.0.0, =1.5.1, =2.0.0, =0.0.0-alpha8, =0.0.0-alpha8, =0.0.0-alpha8, =0.0.0-alpha8, =0.0.0-alpha8, =2.1.1 and more Source cves: CVE-2020-28498 Source advisory: OSV:GHSA-R9P9-MRJM-926W...
CVE-2020-28498
CVE-2020-28498 affects the elliptic JS library (Node.js elliptic module) specifically the secp256k1 implementation in elliptic/ec/key.js. The root cause is that there is no validation to ensure the public key point passed to derive() actually lies on the secp256k1 curve, enabling potential privat...
3dcore-lib (=0.17.9), @0xcert/client (>=1.0.0 <=1.0.2) +1809 more potentially affected by CVE-2020-28498 via elliptic (>=6.0.2 <=6.5.3)
elliptic NPM version =6.0.2, =1.0.0, =0.1.0, =0.0.0-alpha8, =2.0.0, =2.0.0, =1.0.0, =1.5.1, =2.0.0, =0.0.0-alpha8, =0.0.0-alpha8, =0.0.0-alpha8, =0.0.0-alpha8, =0.0.0-alpha8, =0.0.0-alpha8, =2.1.1 and more Source cves: CVE-2020-28498 Source advisory: SNYK:JS-ELLIPTIC-1064899...