47 matches found
Open Redirect Third-Party Dependency in Bitbucket Data Center and Server - CVE-2023-26159
This High severity vulnerability known as CVE-2023-26159 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.3 and a CV...
Linux Distros Unpatched Vulnerability : CVE-2023-26159
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse functio...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in follow-redirects
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of follow-redirects Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage of credentials whe...
Security Bulletin: IBM QRadar Pre-Validation App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. This product is only used by IBM QRadar SIEM app developers and external business partners and is not relevant for users...
Security Bulletin: IBM Event Streams is vulnerable to phishing attack due to the follow-redirects component (CVE-2023-26159).
Summary IBM Event Streams is vulnerable to phishing attack due to the follow-redirects component. In event streams, following redirects ensures uninterrupted data flow by automatically directing clients to new endpoints if the original one changes. It also aids in load balancing and failover...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack and Phishing attacks due to the follow-redirect and k8s.io/apiMAChinery component (CVE-2023-26159,CVE-2023-44487).
Summary IBM Event Streams is vulnerable to a denial of service attack and Phishing attacks due to the follow-redirect and k8s.io/apiMAChinery component. The follow-redirect library is employed in event streams to seamlessly manage HTTP redirects, ensuring smooth navigation between resources witho...
Security Bulletin: IBM Watson AI Gateway for IBM Cloud Pak for Data is vulnerable to follow-redirects open redirect vulnerabilitiy [ CVE-2023-26159]
Summary Potentialfollow-redirects open redirect vulnerabilitiy CVE-2023-26159 have been identified that may affect IBM Watson AI Gateway for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-26159...
RHEL 6 : follow-redirects (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse CVE-2023-26159 No...
Important: Red Hat Security Advisory: OpenShift Virtualization 4.15.2 Images security update
Red Hat OpenShift Virtualization release 4.15.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...
CVE-2023-26159 affecting package python-tensorboard for versions less than 2.16.2-1
CVE-2023-26159 affecting package python-tensorboard for versions less than 2.16.2-1. An upgraded version of the package is available that resolves this issue...
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information CVE-2024-28849,...
Security Bulletin: IBM Storage Fusion is vulnerable to phishing attacks due to follow-redirects package.
Summary follow-redirects is used by IBM Storage Fusion as part of the Installer and may be vulnerable to the CVE listed below. CVE-2023-26159. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an open...
Security Bulletin: IBM Storage Fusion HCI is vulnerable to phishing attacks and cross-site request forgery due to follow-redirects and Axios.
Summary follow-redirects and Axios are used by IBM Storage Fusion HCI as part of the Installer and may be vulnerable to the CVE listed below. CVE-2023-26159, CVE-2023-45857. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server
Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2023-26159, CVE-2024-25015, CVE-2024-25048, CVE-2024-20952, CVE-2023-33850, CVE-2023-6237, CVE-2024-0727 Vulnerability Details Ref...
IBM MQ 9.2 <= 9.2.0.25 / 9.3 < 9.3.5 CD / 9.3 <= 9.3.0.17 (7123135)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7123135 advisory. - Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse function. When n...
Security Bulletin: IBM MQ is vulnerable to an issue in follow-redirects due to open redirect (CVE-2023-26159)
Summary IBM MQ has addressed an issue in follow-redirects. Follow-redirects is used by IBM MQ as part of the MQ Console. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An...
Security Bulletin: IBM Event Processing is vulnerable to conduct phishing attacks, caused by an open redirect vulnerability (CVE-2023-26159).
Summary There is a vulnerability in follow-redirects used by IBM Event Processing which is categorized as an Improper Input Validation vulnerability due to the improper handling of URLs by the url.parse function. This vulnerability can be exploited by manipulating the hostname when new URL throws...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.1 security update
Red Hat OpenShift Service Mesh Containers for 2.5.1 This update has a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...
Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-46234 DESCRIPTION: browserify...
Security Bulletin: IBM Maximo Application Suite uses follow-redirects-1.15.2.tgz which is vulnerable to CVE-2023-26159
Summary IBM Maximo Application Suite uses follow-redirects-1.15.2.tgz which is vulnerable to CVE-2023-26159. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to...