Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: Kiuwan SAST on-premise KOP & cloud/SaaS Kiuwan Local Analyzer KLA vulnerable version: Kiuwan SAST 2.8.2402.3 Kiuwan Local...

agentic-devops (>=0.0.5 <=0.0.9), aiconsole (>=0.2.0 <=0.2.13) +67 more potentially affected by CVE-2024-5225 via litellm (>=0.11.1 <=1.38.8)

litellm PYPI version =0.11.1, =0.0.5, =0.2.0, =0.29.0, =0.1.5, =1.3.0, =0.1.0, =0.0.1, =0.0.0, =0.114.0, =0.0.1, =0.6.3, =4.5.263, =4.6.221 and more Source cves: CVE-2024-5225 Source advisory: OSV:GHSA-H6M6-JJ8V-94JJ...

PCI DSS 4.0: Get Audit-Ready for the New Requirements

The Payment Card Industry Data Security Standard PCI DSS originated in 2004 and is managed by the PCI Security Standards Council to ensure security for the global payment industry. This mandate applies to all entities worldwide that store, process, or transmit payment cardholder data or sensitive...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2023-51775, CVE-2024-22354)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?

Introduction The Colonial Pipeline ransomware attack 2021 and SolarWinds supply chain attack 2020 were pivotal moments in cybersecurity, starting a new challenge for Chief Information Security Officers CISOs. These attacks highlighted the importance of collaboration between CISOs and DevOps teams...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Netty (CVE-2024-29025)

Summary Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. Vulnerability Details CVEID:CVE-2024-2902...

Security Bulletin:  IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Nimbus-JOSE-JWT (CVE-2023-52428)

Summary Connect2id Nimbus-JOSE-JWT is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the openid authentication options. Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user requests by the PasswordBasedDecrypter PBKDF2 component. ...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.5 security update

An update is now available for Red Hat OpenShift GitOps v1.10.5 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.2 security update

An update is now available for Red Hat OpenShift GitOps v1.12.2 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.11.4 security update

An update is now available for Red Hat OpenShift GitOps v1.11.4 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Cross-Site Scripting vulnerability (CVE-2024-28781)

Summary IBM UrbanCode Deploy UCD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details...

Introducing the Wallarm Q1 2024 API ThreatStats™ Report

As we have in previous editions of the ThreatStats report, we highlight the industry’s top API-related attacks and trends. New to this version, however, is a detailed analysis of API attacks targeting AI-based applications, representing a new and rapidly expanding threat vector. And while we...

IBM DevOps Deploy and IBM UrbanCode Deploy Access Control Error Vulnerability

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...

CVE-2024-23558

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

CVE-2024-23561

HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values...

CVE-2024-23558

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

CVE-2024-23558 HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

CVE-2024-23558

The CVE-2024-23558 entry concerns HCL DevOps Deploy / HCL Launch where logout does not invalidate the user session, enabling an authenticated user to impersonate another user on the system. Connected documents confirm the issue origin as a session invalidation failure after logout, with CVSS deta...

CVE-2024-23558 HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

CVE-2024-23561 HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability

HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values...