Lucene search
K

14 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/20 5:8 p.m.33 views

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 10 Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by a flaw during JWE Decryption operations. By sending a...

7.5CVSS10AI score0.99298EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/19 3:24 p.m.22 views

Security Bulletin: Multiple vulnerabilities affect Apache Solr, Apache Zookeeper and Logstash shipped with IBM Operations Analytics - Log Analysis

Summary The following security issues have been identified in Netty component included as part of Apache Solr, Apache Zookeeper and Logstash product Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of...

7.4CVSS7.7AI score0.02459EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/16 4:57 a.m.35 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to man-in-the-middle attack due to Hot Rod (CVE-2023-4586)

Summary IBM Sterling Connect:Direct Web Services uses Hot Rod. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-4586 DESCRIPTION: Hot Rod client is vulnerable to a man-in-the-middle attack, caused by the failure to enable hostname...

7.4CVSS7.1AI score0.00448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/24 10:4 a.m.20 views

Security Bulletin: IBM Event Streams is vulnerable to a man-in-the-middle attack due to the Hot Rod Client (CVE-2023-4586).

Summary IBM Event Streams is vulnerable to a man-in-the-middle attack due to the netty-handler-4.1.86.Final.jar component of Hot Rod client. Hot Rod is a binary, platform-independent protocol that was developed in the open as a part of Infinispan. Infinispan is as a shared store for stateful data...

7.4CVSS7.1AI score0.00448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/24 9:56 a.m.27 views

Security Bulletin: IBM Event Processing is vulnerable to a man-in-the-middle attack due to the Hot Rod Client (CVE-2023-4586).

Summary Operator of IBM Event Processing is vulnerable to a man-in-the-middle attack due to netty-handler-4.1.94.Final.jar with CVE-2023-4586. Hot Rod is a binary, platform-independent protocol that was developed in the open as a part of Infinispan. Infinispan is as a shared store for stateful...

7.4CVSS7.1AI score0.00448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/24 9:24 a.m.25 views

Security Bulletin: IBM Event Endpoint Management is vulnerable to a man-in-the-middle (MITM) attack due to the Hot Rod Client (CVE-2023-4586).

Summary Operator of IBM Event Endpoint Management is vulnerable to a man-in-the-middle MITM attack in Netty-handler-4.1.94.Final.jar in the Hot Rod client. Hot Rod is a binary, platform-independent protocol that was developed in the open as a part of Infinispan. Infinispan is as a shared store fo...

7.4CVSS7.1AI score0.00448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/09 3:39 p.m.38 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a man-in-the-middle attack (CVE-2023-4586)

Summary There is a vulnerability in Netty used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-4586 DESCRIPTION: Hot Rod client is vulnerable to a man-in-the-middle...

7.4CVSS7.1AI score0.00448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 3:15 p.m.30 views

Security Bulletin: Vulnerability in Netty affects IBM Process Mining CVE-2023-4586

Summary There is a vulnerability in Netty that could allow an attacker to launch a man-in-the-middle attack and gain access to the communication channel between endpoints in the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the...

7.4CVSS7.6AI score0.00448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 8:56 a.m.19 views

Security Bulletin: Due to the use of Netty, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to a man-in-the-middle attack.

Summary Netty is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-4586 Vulnerability Details CVEID:CVE-2023-4586 DESCRIPTION: Netty is vulnerable to a man-in-the-middle attack, caused by the failure of the Hot Rod client to enable hostname validation when...

7.4CVSS7.2AI score0.00448EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/01 7:18 p.m.54 views

Security Bulletin: Netty is vulnerable to CVE-2023-4586 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses netty which is vulnerable to CVE-2023-4586. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-4586 DESCRIPTION: Netty is vulnerable to a man-in-the-middle attack, caused by th...

7.4CVSS7.3AI score0.00448EPSS
Exploits0Affected Software1
Wolfi
Wolfi
added 2023/10/04 11:15 a.m.245 views

CVE-2023-4586 vulnerabilities

Vulnerabilities for packages: keycloak, wavefront-proxy...

7.4CVSS7AI score0.00448EPSS
Exploits0
Chainguard
Chainguard
added 2023/10/04 11:15 a.m.146 views

CVE-2023-4586 vulnerabilities

Vulnerabilities for packages: keycloak, wavefront-proxy, elasticsearch...

7.4CVSS7AI score0.00448EPSS
Exploits0
CVE
CVE
added 2023/10/04 10:46 a.m.619 views

CVE-2023-4586

CVE-2023-4586 (Hot Rod client) is described as a vulnerability where the Hot Rod client does not enable hostname validation when using TLS, which could enable a man-in-the-middle (MITM) attack and compromise the confidentiality of communications. The connected materials reaffirm the same issue an...

7.4CVSS7.2AI score0.00448EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2023/08/29 5:15 a.m.744 views

CVE-2023-4586

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack. Mitigation No current mitigation is yet available for this vulnerability...

7.4CVSS7.4AI score0.00448EPSS
Exploits0References3
Rows per page
Query Builder