Security Bulletin: Vulnerability in Google Guava affects IBM watsonx.data

Summary Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default temporary directory for file creation in FileBackedOutputStream. By sending a specially crafted request, an attacker could exploit this vulnerability to acce...

Security Bulletin: Vulnerability in Google Guava affects IBM watsonx.data

Summary Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default temporary directory for file creation in FileBackedOutputStream. By sending a specially crafted request, an attacker could exploit this vulnerability to acce...

Security Bulletin: Google Guava vulnerability affect IBM Spectrum Control

Summary Google Guava could allow a local authenticated attacker to obtain sensitive information. This vulnerability affect IBM Spectrum Control. CVE-2023-2976. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive...

Use of temporary directory for file creation in `FileBackedOutputStream` in Guava

...

ROS-20240507-03

A vulnerability in the FileBackedOutputStream feature of the Google Guava Java library suite is related to the use of files and directories accessible to external parties. Exploitation of the vulnerability could allow an attacker to Gain unauthorized access to protected information...

Updated guava packages fix security vulnerabilities

A bug that could allow an attacker with access to the machine to potentially access data in a temporary directory created by the Guava. CVE-2020-8908 Predictable temporary files and directories used in FileBackedOutputStream. CVE-2023-2976...

MGASA-2024-0159 Updated guava packages fix security vulnerabilities

A bug that could allow an attacker with access to the machine to potentially access data in a temporary directory created by the Guava. CVE-2020-8908 Predictable temporary files and directories used in FileBackedOutputStream. CVE-2023-2976...

Atlassian Jira Service Management Data Center and Server < 5.4.16 / 5.5.x < 5.12.3 / 5.13.x < 5.13.1 / 5.14.0 (JSDSERVER-15111)

The version of Atlassian Jira Service Management Data Center and Server running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15111 advisory. - Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to...

Atlassian Confluence 4.0 < 7.19.19 / 7.20.x < 8.5.4 / 8.6.x < 8.6.1 / 8.7.x < 8.7.1 (CONFSERVER-94510)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-94510 advisory. - Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and...

com.google.guava:guava Dependency in Confluence Data Center and Server

This High severity com.google.guava:guava Dependency vulnerability was introduced in versions 4.0 of Confluence Data Center and Server. This com.google.guava:guava Dependency vulnerability, with a CVSS Score of 7.1 and a CVSS Vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N allows an...

Security Bulletin: IBM Spectrum Conductor with Google Guava versions 1.0 to 31.1 is vulnerable to access Java temporary directory

Summary IBM Spectrum Conductor with with Google Guava versions 1.0 to 31.1 is vulnerable to access Java temporary directory Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using...

Security Bulletin: IBM Spectrum Symphony with Google Guava versions 1.0 to 31.1 is vulnerable to access Java temporary directory

Summary IBM Spectrum Symphony with with Google Guava versions 1.0 to 31.1 is vulnerable to access Java temporary directory Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using...

Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. This update addresses these CVEs. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused...

Security Bulletin: IBM Security Guardium is affected by a guava-18.0.jar vulnerability (CVE-2023-2976)

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default temporary directory for file creation in...

Medium: guava

Issue Overview: Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Google Guava (CVE-2023-2976)

Summary A vulnerability in Google Guava used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default temporary...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to information disclosure due to Google Guava (CVE-2023-2976)

Summary Google Guava is shipped with IBM Tivoli Netcool Impact as part of it's backend infrastructure. Information about a security vulnerability affecting Google Guava has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a loc...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Google Guava [CVE-2023-2976]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Google Guava, caused by a flaw with using Java's default temporary directory for file creation in FileBackedOutputStream CVE-2023-2976. Google Guava is a Java utilities...

Security Bulletin: Due to use of, IBM Application Performance Management is vulnerable to a local authenticated attacker to obtain sensitive information.

Summary Google Guava is used within IBM Application Performance Management. CVE-2023-2976. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default temporary directory...

Security Bulletin: Google Guava component is vulnerable to CVE-2023-2976 is used by IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Google Guava package which is vulnerable to CVE-2023-2976. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default temporary...