Lucene search
K

5 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/01/30 4:12 a.m.55 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager IDRM 2.0.6.19, which is the only supported version, is affected by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.20. Please see the remediation steps below to apply the fix. All customers are encouraged to act...

9.8CVSS10AI score0.04322EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/26 6:33 p.m.46 views

Security Bulletin: VMware Tanzu Spring for Apache Kafka is vulnerable to CVE-2023-34040 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring for Apache Kafka which is vulnerable to CVE-2023-34040. Vulnerability Details CVEID:CVE-2023-34040 DESCRIPTION: VMware Tanzu Spring for Apache Kafka could allow a local authenticated attacker to execute arbitrary co...

7.8CVSS7AI score0.02162EPSS
Exploits2Affected Software1
vulnersOsv
vulnersOsv
added 2023/08/24 3:31 p.m.4 views

cn.aradin:aradin-spring-actuator-starter (>=1.0.1 <=1.0.3), cn.fscode.common:common-kafka-spring-boot-starter (=0.0.1) +423 more potentially affected by CVE-2023-34040 via org.springframework.kafka:spring-kafka (>=2.8.1 <=2.9.10)

org.springframework.kafka:spring-kafka MAVEN version =2.8.1, =1.0.1, =0.0.2, =2.7.7.5, =2.7.0.0, =1.1.0, =1.0.3, =1.0.3, =3.16.2, =0.0.1, =0.0.11 - com.argusoft:medplatlms =0.0.1 - com.argusoft:medplatsecurity =0.0.1 - com.brihaspathee.zeus:account-processor =0.0.1 and more Source cves:...

7.8CVSS7.1AI score0.02162EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2023/08/24 12:59 p.m.23 views

CVE-2023-34040 Java Deserialization vulnerability in Spring-Kafka When Improperly Configured

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers...

5.3CVSS6.5AI score0.02162EPSS
Exploits2References1
CVE
CVE
added 2023/08/24 12:59 p.m.260 views

CVE-2023-34040

CVE-2023-34040 affects VMware Tanzu Spring for Apache Kafka (versions 3.0.9 and earlier; 2.9.10 and earlier). The issue is a deserialization attack via specially crafted DeserializationException headers in messages when an application does not use an ErrorHandlingDeserializer for keys/values and ...

7.8CVSS6AI score0.02162EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder