Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-2654

Malicious code in bioql PyPI...

7.4CVSS7.8AI score0.00448EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/20 5:8 p.m.33 views

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 10 Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by a flaw during JWE Decryption operations. By sending a...

7.5CVSS10AI score0.99298EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/20 3:31 p.m.47 views

Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities

Summary Security Bulletin: IBM Analytics Content Hub is affected, but not classified as vulnerable, based on current information, to vulnerabilities in Open Source Software. IBM Analytics Content Hub has addressed the applicable CVEs by upgrading the vulnerable libraries. Vulnerability Details...

8CVSS8.1AI score0.01858EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/07 7:52 p.m.40 views

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2023-41080 DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...

8.8CVSS9.4AI score0.7848EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/19 3:24 p.m.22 views

Security Bulletin: Multiple vulnerabilities affect Apache Solr, Apache Zookeeper and Logstash shipped with IBM Operations Analytics - Log Analysis

Summary The following security issues have been identified in Netty component included as part of Apache Solr, Apache Zookeeper and Logstash product Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of...

7.4CVSS7.7AI score0.02459EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/24 10:4 a.m.20 views

Security Bulletin: IBM Event Streams is vulnerable to a man-in-the-middle attack due to the Hot Rod Client (CVE-2023-4586).

Summary IBM Event Streams is vulnerable to a man-in-the-middle attack due to the netty-handler-4.1.86.Final.jar component of Hot Rod client. Hot Rod is a binary, platform-independent protocol that was developed in the open as a part of Infinispan. Infinispan is as a shared store for stateful data...

7.4CVSS7.1AI score0.00448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/24 9:56 a.m.27 views

Security Bulletin: IBM Event Processing is vulnerable to a man-in-the-middle attack due to the Hot Rod Client (CVE-2023-4586).

Summary Operator of IBM Event Processing is vulnerable to a man-in-the-middle attack due to netty-handler-4.1.94.Final.jar with CVE-2023-4586. Hot Rod is a binary, platform-independent protocol that was developed in the open as a part of Infinispan. Infinispan is as a shared store for stateful...

7.4CVSS7.1AI score0.00448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/24 9:24 a.m.25 views

Security Bulletin: IBM Event Endpoint Management is vulnerable to a man-in-the-middle (MITM) attack due to the Hot Rod Client (CVE-2023-4586).

Summary Operator of IBM Event Endpoint Management is vulnerable to a man-in-the-middle MITM attack in Netty-handler-4.1.94.Final.jar in the Hot Rod client. Hot Rod is a binary, platform-independent protocol that was developed in the open as a part of Infinispan. Infinispan is as a shared store fo...

7.4CVSS7.1AI score0.00448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/09 3:39 p.m.37 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a man-in-the-middle attack (CVE-2023-4586)

Summary There is a vulnerability in Netty used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-4586 DESCRIPTION: Hot Rod client is vulnerable to a man-in-the-middle...

7.4CVSS7.1AI score0.00448EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2023/12/06 7:3 p.m.4 views

hotrod-client: Hot Rod client does not enable hostname validation when using TLS that lead to a MITM attack

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack...

7.4CVSS7.3AI score0.00448EPSS
Exploits0References4
OSV
OSV
added 2023/10/04 11:15 a.m.18 views

CVE-2023-4586

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack...

7.4CVSS7.2AI score0.00448EPSS
Exploits0References3
NVD
NVD
added 2023/10/04 11:15 a.m.14 views

CVE-2023-4586

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack...

7.4CVSS7.3AI score0.00448EPSS
Exploits0References3
Prion
Prion
added 2023/10/04 11:15 a.m.36 views

Security feature bypass

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack...

4CVSS7.4AI score0.00448EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/10/04 10:46 a.m.24 views

CVE-2023-4586 Hotrod-client: hot rod client does not enable hostname validation when using tls that lead to a mitm attack

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack...

7.4CVSS7.5AI score0.00448EPSS
Exploits0References3
CVE
CVE
added 2023/10/04 10:46 a.m.619 views

CVE-2023-4586

CVE-2023-4586 (Hot Rod client) is described as a vulnerability where the Hot Rod client does not enable hostname validation when using TLS, which could enable a man-in-the-middle (MITM) attack and compromise the confidentiality of communications. The connected materials reaffirm the same issue an...

7.4CVSS7.2AI score0.00448EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2023/08/29 5:15 a.m.743 views

CVE-2023-4586

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack. Mitigation No current mitigation is yet available for this vulnerability...

7.4CVSS7.4AI score0.00448EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/29 12:0 a.m.2 views

PT-2023-6590 · Netty +1 · Netty +1

Name of the Vulnerable Software and Affected Versions: Hot Rod client versions affected versions not specified Netty versions affected versions not specified Description: A security issue occurs as the Hot Rod client and Netty do not enable hostname validation when using TLS, possibly resulting i...

7.4CVSS7.5AI score0.00448EPSS
Exploits0References24
Rows per page
Query Builder