5 matches found
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
Summary IBM Data Risk Manager IDRM 2.0.6.19, which is the only supported version, is affected by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.20. Please see the remediation steps below to apply the fix. All customers are encouraged to act...
Security Bulletin: VMware Tanzu Spring for Apache Kafka is vulnerable to CVE-2023-34040 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring for Apache Kafka which is vulnerable to CVE-2023-34040. Vulnerability Details CVEID:CVE-2023-34040 DESCRIPTION: VMware Tanzu Spring for Apache Kafka could allow a local authenticated attacker to execute arbitrary co...
cn.aradin:aradin-spring-actuator-starter (>=1.0.1 <=1.0.3), cn.fscode.common:common-kafka-spring-boot-starter (=0.0.1) +423 more potentially affected by CVE-2023-34040 via org.springframework.kafka:spring-kafka (>=2.8.1 <=2.9.10)
org.springframework.kafka:spring-kafka MAVEN version =2.8.1, =1.0.1, =0.0.2, =2.7.7.5, =2.7.0.0, =1.1.0, =1.0.3, =1.0.3, =3.16.2, =0.0.1, =0.0.11 - com.argusoft:medplatlms =0.0.1 - com.argusoft:medplatsecurity =0.0.1 - com.brihaspathee.zeus:account-processor =0.0.1 and more Source cves:...
CVE-2023-34040 Java Deserialization vulnerability in Spring-Kafka When Improperly Configured
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers...
CVE-2023-34040
CVE-2023-34040 affects VMware Tanzu Spring for Apache Kafka (versions 3.0.9 and earlier; 2.9.10 and earlier). The issue is a deserialization attack via specially crafted DeserializationException headers in messages when an application does not use an ErrorHandlingDeserializer for keys/values and ...