Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 4:44 p.m.44 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Amazon AWS S3 Crypto SDK for GoLang (CVE-2020-8912)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Amazon AWS S3 Crypto SDK for GoLang caused by a flaw in the in-band key negotiation. CVE-2020-8912. Amazon AWS S3 Crypto SDK for GoLang is included as part of the Base OS...

2.5CVSS4.7AI score0.00231EPSS
Exploits1Affected Software1
OSV
OSV
added 2020/08/11 8:15 p.m.3 views

CVE-2020-8912

A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this i...

2.5CVSS6.4AI score
Exploits0References2
Wolfi
Wolfi
added 2020/08/11 8:15 p.m.37 views

CVE-2020-8912 vulnerabilities

Vulnerabilities for packages: external-secrets-operator, opentelemetry-collector, grafana, cloud-sql-proxy, gatekeeper, cluster-autoscaler, k3d, kots, loki, mattermost, argo-cd, zot, kube-arangodb...

2.5CVSS6.4AI score0.00231EPSS
Exploits1
CVE
CVE
added 2020/08/11 7:20 p.m.448 views

CVE-2020-8912

CVE-2020-8912 concerns the AWS S3 Crypto SDK for Go, affected in GoLang SDKs before version 2. The bug is in-band key negotiation which allows a user with write access to a bucket to alter the encryption algorithm of an object (e.g., switch from AES-GCM to AES-CTR). When combined with a decryptio...

2.5CVSS4AI score0.00231EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder