27 matches found
Security Bulletin: IBM Storage Ceph is vulnerable to CSRF in Grafana (CVE-2023-45857)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-45857 Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: An issue discovered in Axios 1.5.1 inadvertently reveals the confidential...
Linux Distros Unpatched Vulnerability : CVE-2023-45857
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every...
Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.13.10 Images security update
Red Hat OpenShift Virtualization release 4.13.10 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...
Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.16.0 Images security update
Red Hat OpenShift Virtualization release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which giv...
Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.12.12 Images security update
Red Hat OpenShift Virtualization release 4.12.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...
Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.14.6 Images security update
Red Hat OpenShift Virtualization release 4.14.6 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which giv...
Important: Red Hat Security Advisory: OpenShift Virtualization 4.15.2 Images security update
Red Hat OpenShift Virtualization release 4.15.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information CVE-2024-28849,...
Security Bulletin: IBM Storage Fusion HCI is vulnerable to phishing attacks and cross-site request forgery due to follow-redirects and Axios.
Summary follow-redirects and Axios are used by IBM Storage Fusion HCI as part of the Installer and may be vulnerable to the CVE listed below. CVE-2023-26159, CVE-2023-45857. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing...
Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-46234 DESCRIPTION: browserify...
Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Security Bulletin: IBM App Connect Enterprise is vulnerable to cross-site request forgery due to Axios ( CVE-2023-45857)
Summary IBM App Connect Enterprise is vulnerable to a a cross-site request forgery due to Axios. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper...
Security Bulletin: Axios is vulnerable to CVE-2023-45857 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses Axios which is vulnerable to CVE-2023-45857. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by...
Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Axios icross-site request forgery, vulnerability ( CVE-2023-45857)
Summary Potential Axios icross-site request forgery vulnerability has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios ...
Security Bulletin: App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.14 LTS and 11.2.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
Security Bulletin: Multiple vulnerabilities in nodejs packages affect IBM Business Automation Workflow - CVE-2023-26159, CVE-2023-45857
Summary IBM Business Automation Workflow Workflow Center user interfaces package vulnerable versions of open source dependencies. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an open redirect...
Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Assistant App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-38900 DESCRIPTION: decode-uri-component is...
Security Bulletin: IBM Event Processing is vulnerable to cross-site request forgery(XSS) due to the Axios (CVE-2023-45857).
Summary IBM Event Processing is vulnerable to cross-site request forgeryXSS due to axios-0.27.2.tgz. Axios is a library used in nodejs component which is used to build Event Processing UI. CVE-2023-45857 is applicable to all axios package before 1.6.0 which results in a xss vulnerability...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for December 2023.
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF028 and 23.0.1-IF006. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By...