14 matches found
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 10 Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by a flaw during JWE Decryption operations. By sending a...
Security Bulletin: Multiple vulnerabilities affect Apache Solr, Apache Zookeeper and Logstash shipped with IBM Operations Analytics - Log Analysis
Summary The following security issues have been identified in Netty component included as part of Apache Solr, Apache Zookeeper and Logstash product Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to man-in-the-middle attack due to Hot Rod (CVE-2023-4586)
Summary IBM Sterling Connect:Direct Web Services uses Hot Rod. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-4586 DESCRIPTION: Hot Rod client is vulnerable to a man-in-the-middle attack, caused by the failure to enable hostname...
Security Bulletin: IBM Event Streams is vulnerable to a man-in-the-middle attack due to the Hot Rod Client (CVE-2023-4586).
Summary IBM Event Streams is vulnerable to a man-in-the-middle attack due to the netty-handler-4.1.86.Final.jar component of Hot Rod client. Hot Rod is a binary, platform-independent protocol that was developed in the open as a part of Infinispan. Infinispan is as a shared store for stateful data...
Security Bulletin: IBM Event Processing is vulnerable to a man-in-the-middle attack due to the Hot Rod Client (CVE-2023-4586).
Summary Operator of IBM Event Processing is vulnerable to a man-in-the-middle attack due to netty-handler-4.1.94.Final.jar with CVE-2023-4586. Hot Rod is a binary, platform-independent protocol that was developed in the open as a part of Infinispan. Infinispan is as a shared store for stateful...
Security Bulletin: IBM Event Endpoint Management is vulnerable to a man-in-the-middle (MITM) attack due to the Hot Rod Client (CVE-2023-4586).
Summary Operator of IBM Event Endpoint Management is vulnerable to a man-in-the-middle MITM attack in Netty-handler-4.1.94.Final.jar in the Hot Rod client. Hot Rod is a binary, platform-independent protocol that was developed in the open as a part of Infinispan. Infinispan is as a shared store fo...
Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a man-in-the-middle attack (CVE-2023-4586)
Summary There is a vulnerability in Netty used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-4586 DESCRIPTION: Hot Rod client is vulnerable to a man-in-the-middle...
Security Bulletin: Vulnerability in Netty affects IBM Process Mining CVE-2023-4586
Summary There is a vulnerability in Netty that could allow an attacker to launch a man-in-the-middle attack and gain access to the communication channel between endpoints in the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the...
Security Bulletin: Due to the use of Netty, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to a man-in-the-middle attack.
Summary Netty is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-4586 Vulnerability Details CVEID:CVE-2023-4586 DESCRIPTION: Netty is vulnerable to a man-in-the-middle attack, caused by the failure of the Hot Rod client to enable hostname validation when...
Security Bulletin: Netty is vulnerable to CVE-2023-4586 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses netty which is vulnerable to CVE-2023-4586. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-4586 DESCRIPTION: Netty is vulnerable to a man-in-the-middle attack, caused by th...
CVE-2023-4586 vulnerabilities
Vulnerabilities for packages: keycloak, wavefront-proxy...
CVE-2023-4586 vulnerabilities
Vulnerabilities for packages: keycloak, wavefront-proxy, elasticsearch...
CVE-2023-4586
CVE-2023-4586 (Hot Rod client) is described as a vulnerability where the Hot Rod client does not enable hostname validation when using TLS, which could enable a man-in-the-middle (MITM) attack and compromise the confidentiality of communications. The connected materials reaffirm the same issue an...
CVE-2023-4586
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack. Mitigation No current mitigation is yet available for this vulnerability...