Lucene search
K

27 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 8:56 p.m.3 views

Security Bulletin: IBM Storage Ceph is vulnerable to CSRF in Grafana (CVE-2023-45857)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-45857 Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: An issue discovered in Axios 1.5.1 inadvertently reveals the confidential...

6.5CVSS7.1AI score0.00556EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-45857

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every...

6.5CVSS6.9AI score0.00556EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/08/13 3:13 p.m.20 views

Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.13.10 Images security update

Red Hat OpenShift Virtualization release 4.13.10 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

6.5CVSS6.8AI score0.00556EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/07/10 12:40 p.m.35 views

Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.16.0 Images security update

Red Hat OpenShift Virtualization release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which giv...

7.5CVSS6.7AI score0.01956EPSS
Exploits1References177
RedHat Linux
RedHat Linux
added 2024/07/02 3:0 p.m.22 views

Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.12.12 Images security update

Red Hat OpenShift Virtualization release 4.12.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

6.5CVSS6.8AI score0.00556EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/05/29 3:48 p.m.36 views

Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.14.6 Images security update

Red Hat OpenShift Virtualization release 4.14.6 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which giv...

6.5CVSS6.8AI score0.00556EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/05/23 6:29 a.m.36 views

Important: Red Hat Security Advisory: OpenShift Virtualization 4.15.2 Images security update

Red Hat OpenShift Virtualization release 4.15.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...

7.5CVSS7AI score0.91969EPSS
Exploits3References20
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/16 8:23 p.m.43 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information CVE-2024-28849,...

9.8CVSS10AI score0.08515EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:54 p.m.33 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to phishing attacks and cross-site request forgery due to follow-redirects and Axios.

Summary follow-redirects and Axios are used by IBM Storage Fusion HCI as part of the Installer and may be vulnerable to the CVE listed below. CVE-2023-26159, CVE-2023-45857. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing...

7.3CVSS6.8AI score0.00797EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/09 6:54 p.m.33 views

Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-46234 DESCRIPTION: browserify...

7.5CVSS7.2AI score0.00797EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2024/04/02 7:34 p.m.86 views

Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS6.9AI score0.76875EPSS
Exploits21References13
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/02 3:54 p.m.23 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to cross-site request forgery due to Axios ( CVE-2023-45857)

Summary IBM App Connect Enterprise is vulnerable to a a cross-site request forgery due to Axios. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper...

6.5CVSS6.5AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/27 4:13 p.m.61 views

Security Bulletin: Axios is vulnerable to CVE-2023-45857 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Axios which is vulnerable to CVE-2023-45857. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by...

6.5CVSS6.5AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/14 6:50 p.m.39 views

Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper...

9.3CVSS8.3AI score0.02761EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/05 8:9 p.m.39 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Axios icross-site request forgery, vulnerability ( CVE-2023-45857)

Summary Potential Axios icross-site request forgery vulnerability has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios ...

6.5CVSS6.8AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/02 2:15 p.m.54 views

Security Bulletin: App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.14 LTS and 11.2.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

7.8CVSS9.5AI score0.03944EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/02 10:47 a.m.33 views

Security Bulletin: Multiple vulnerabilities in nodejs packages affect IBM Business Automation Workflow - CVE-2023-26159, CVE-2023-45857

Summary IBM Business Automation Workflow Workflow Center user interfaces package vulnerable versions of open source dependencies. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an open redirect...

7.3CVSS6.8AI score0.00797EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/01 7:13 p.m.29 views

Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Assistant App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-38900 DESCRIPTION: decode-uri-component is...

7.5CVSS7AI score0.24928EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/24 9:58 a.m.35 views

Security Bulletin: IBM Event Processing is vulnerable to cross-site request forgery(XSS) due to the Axios (CVE-2023-45857).

Summary IBM Event Processing is vulnerable to cross-site request forgeryXSS due to axios-0.27.2.tgz. Axios is a library used in nodejs component which is used to build Event Processing UI. CVE-2023-45857 is applicable to all axios package before 1.6.0 which results in a xss vulnerability...

6.5CVSS6.4AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/17 7:18 a.m.54 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for December 2023.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF028 and 23.0.1-IF006. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By...

9.8CVSS10AI score0.99999EPSS
Exploits20Affected Software1
Rows per page
Query Builder