PT-2021-23990 · Styra · Styra Open Policy Agent (Opa) Gatekeeper

Name of the Vulnerable Software and Affected Versions: Styra Open Policy Agent OPA Gatekeeper versions 3.7.0 and earlier Description: The issue arises from the mishandling of concurrency, which can result in incorrect access control. This occurs because the data replication mechanism, allowing...

CVE-2021-37842

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...

Security Bulletin: IBM Data Replication Java SDK Update

Summary This bulletin covers common Java SDK vulnerability findings in the IBM Java SDK packaged with this offering. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain...

Security Bulletin: IBM Data Replication Java SDK Update

Summary This bulletin covers common Java SDK vulnerability findings in the IBM Java SDK packaged with this offering. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause...

Security Bulletin: IBM Data Replication Java SDK Update

Summary This bulletin covers common Java SDK vulnerability findings in the IBM Java SDK packaged with this offering. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause...

Security Bulletin: IBM Data Replication Java SDK Update

Summary This bulletin covers common Java SDK vulnerability findings in the IBM Java SDK packaged with this offering. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from...

CVE-2020-4821

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...

CVE-2020-4821

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...

Authentication flaw

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...

CVE-2020-4821

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...

CVE-2020-4821

This CVE-2020-4821 affects IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1. The vulnerability allows authentication bypass when configured to use LDAP with anonymous binding, via an empty password. IBM bulletins (Security Bulletin: IBM Data Replication ...

Security Bulletin: IBM Data Replication Affected by Vulnerabilities in IBM Java SDK (CVE-2020-2654)

Summary This bulletin covers common Java SDK vulnerability findings in the IBM Java SDK packaged with this offering. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker t...

Security Bulletin: IBM Data Replication Support Tool Information Collection on Sybase Platform

Summary This bulletin covers an incorrect behaviour of the Support Information tool running against Sybase databases where the tool may capture database credential information in support traces. Vulnerability Details Third Party Entry: PSIRT-ADV0024332 DESCRIPTION: Created from Advisory: ADV00243...

Security Bulletin: IBM Data Replication Management Console Authentication Affected by Annonymous Binding (CVE-2020-4821)

Summary This bulletin covers a vulnerability found in the Management Console client under which authentication may be by-passed if configured to authenticate against LDAP directories allowing anonymous binding. Vulnerability Details CVEID: CVE-2020-4821 DESCRIPTION: IBM Cognos Controller, under...

Security Bulletin: IBM Data Replication Management Console Authentication By-pass against LDAP directories using anonymous binding

Summary This bulletin covers a vulnerability found in the Management Console client under which authentication may be by-passed if configured to authenticate against LDAP directories allowing anonymous binding. Vulnerability Details CVEID: CVE-2020-4821 DESCRIPTION: IBM Cognos Controller, under...

Security Bulletin: IBM Data Replication Affected by IBM Java SDK Vulnerability (CVE-2019-4732)

Summary This bulletin covers common Java SDK vulnerability findings in the IBM Java SDK packaged with this offering. Vulnerability Details CVEID: CVE-2019-4732 DESCRIPTION: IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0...

Security Bulletin: IBM Data Replication Affected by Multiple Vulnerabilities in IBM Java SDK

Summary This bulletin covers common Java SDK vulnerability findings in the IBM Java SDK packaged with this offering. Vulnerability Details CVEID: CVE-2019-11771 DESCRIPTION: Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the inclusion of unused...

Security Bulletin: IBM Data Replication Affected by Multiple Vulnerabilities in IBM Java SDK

Summary Java SDK vulnerability findings in the IBM Java SDK packaged with this offering are addressed Vulnerability Details CVEID: CVE-2018-1890 DESCRIPTION: IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege...

CVE-2021-27905 SSRF vulnerability with the Replication handler

The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability,...

Security Bulletin: IBM Data Replication Java SDK Update

Summary This bulletin covers common Java SDK vulnerability findings in the IBM Java SDK packaged with this offering. Vulnerability Details CVEID: CVE-2018-3180 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow ...