20 matches found
EUVD-2023-2654
Malicious code in bioql PyPI...
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 10 Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by a flaw during JWE Decryption operations. By sending a...
Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities
Summary Security Bulletin: IBM Analytics Content Hub is affected, but not classified as vulnerable, based on current information, to vulnerabilities in Open Source Software. IBM Analytics Content Hub has addressed the applicable CVEs by upgrading the vulnerable libraries. Vulnerability Details...
Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2
Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2023-41080 DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...
Security Bulletin: Multiple vulnerabilities affect Apache Solr, Apache Zookeeper and Logstash shipped with IBM Operations Analytics - Log Analysis
Summary The following security issues have been identified in Netty component included as part of Apache Solr, Apache Zookeeper and Logstash product Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to man-in-the-middle attack due to Hot Rod (CVE-2023-4586)
Summary IBM Sterling Connect:Direct Web Services uses Hot Rod. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-4586 DESCRIPTION: Hot Rod client is vulnerable to a man-in-the-middle attack, caused by the failure to enable hostname...
Security Bulletin: IBM Event Streams is vulnerable to a man-in-the-middle attack due to the Hot Rod Client (CVE-2023-4586).
Summary IBM Event Streams is vulnerable to a man-in-the-middle attack due to the netty-handler-4.1.86.Final.jar component of Hot Rod client. Hot Rod is a binary, platform-independent protocol that was developed in the open as a part of Infinispan. Infinispan is as a shared store for stateful data...
Security Bulletin: IBM Event Processing is vulnerable to a man-in-the-middle attack due to the Hot Rod Client (CVE-2023-4586).
Summary Operator of IBM Event Processing is vulnerable to a man-in-the-middle attack due to netty-handler-4.1.94.Final.jar with CVE-2023-4586. Hot Rod is a binary, platform-independent protocol that was developed in the open as a part of Infinispan. Infinispan is as a shared store for stateful...
Security Bulletin: IBM Event Endpoint Management is vulnerable to a man-in-the-middle (MITM) attack due to the Hot Rod Client (CVE-2023-4586).
Summary Operator of IBM Event Endpoint Management is vulnerable to a man-in-the-middle MITM attack in Netty-handler-4.1.94.Final.jar in the Hot Rod client. Hot Rod is a binary, platform-independent protocol that was developed in the open as a part of Infinispan. Infinispan is as a shared store fo...
Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a man-in-the-middle attack (CVE-2023-4586)
Summary There is a vulnerability in Netty used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-4586 DESCRIPTION: Hot Rod client is vulnerable to a man-in-the-middle...
hotrod-client: Hot Rod client does not enable hostname validation when using TLS that lead to a MITM attack
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack...
CVE-2023-4586
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack...
CVE-2023-4586
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack...
Security feature bypass
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack...
CVE-2023-4586 Hotrod-client: hot rod client does not enable hostname validation when using tls that lead to a mitm attack
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack...
CVE-2023-4586
CVE-2023-4586 (Hot Rod client) is described as a vulnerability where the Hot Rod client does not enable hostname validation when using TLS, which could enable a man-in-the-middle (MITM) attack and compromise the confidentiality of communications. The connected materials reaffirm the same issue an...
CVE-2023-4586
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack. Mitigation No current mitigation is yet available for this vulnerability...
PT-2023-6590 · Netty +1 · Netty +1
Name of the Vulnerable Software and Affected Versions: Hot Rod client versions affected versions not specified Netty versions affected versions not specified Description: A security issue occurs as the Hot Rod client and Netty do not enable hostname validation when using TLS, possibly resulting i...
Hot Rod 信任管理问题漏洞
Hot Rod is a wired protocol used by Infinispan clients to communicate with remote grids from the Infinispan organization. A security vulnerability exists in Hot Rod that stems from not enabling hostname authentication when using TLS, which could lead to a man-in-the-middle attack...
Red Hat Infinispan Code Execution Vulnerability
Red Hat Infinispan is a distributed caching and key-value NoSQL data storage software from Red Hat Red Hat. A security vulnerability exists in Infinispan version 10 that stems from allowing local access to the control via REST and HotRod api. An attacker could exploit the vulnerability to perform...