24 matches found
Security Bulletin: Vulnerability with spring-security-crypto and jinja affect IBM Cloud Object Storage Systems (July 2025)
Summary Vulnerability with spring-security-crypto CVE-2025-22228 and jinja CVE-2025-27516 . This vulnerability has been addressed in the latest ClevOS release. Vulnerability Details CVEID:CVE-2025-22228 DESCRIPTION: BCryptPasswordEncoder.matchesCharSequence,String will incorrectly return true for...
Security Bulletin: XSS vulnerability affects IBM Cloud Object Storage System (CVE-2021-39014)
Summary XSS vulnerability affects IBM Cloud Object Storage System CVE-2021-39014. This vulnerability has been addressed in the latest ClevOS releases. Vulnerability Details CVEID:CVE-2021-39014 DESCRIPTION: IBM Cloud Object System is vulnerable to stored cross-site scripting. This vulnerability...
Security Bulletin: Vulnerability with NTP 4.2.8p15 affect IBM Cloud Object Storage Systems (March 2025)
Summary Vulnerability with NTP CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554 . This vulnerability has been addressed in the latest ClevOS release Vulnerability Details CVEID:CVE-2023-26552 DESCRIPTION: mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when...
Security Bulletin: Vulnerability with Eclipse Jetty, e2fsprogs, dnsjava , Apache Commons IO, Apache HTTP Server and Java SE affect IBM Cloud Object Storage Systems (Dec 2024)
Summary Vulnerability with Eclipse Jetty CVE-2024-9823, CVE-2024-6763, CVE-2024-8184, e2fsprogs CVE-2022-1304 dnsjava CVE-2024-25638, Apache Commons IO. CVE-2024-47554 , Apache HTTP ServerCVE-2024-40725 and Java SE CVE-2024-21217,CVE-2024-21235, CVE-2024-21210. This vulnerability has been address...
Security Bulletin: Vulnerability with Apache HTTP, OpendJDK, python3 and spring-web affect IBM Cloud Object Storage Systems (Sept 2024v1)
Summary Vulnerability with Apache HTTP CVE-2024-38474, CVE-2024-39573,CVE-2024-38477,CVE-2024-38473,CVE-2024-38476,CVE-2024-38475, OpenJDK CVE-2024-21131, CVE-2024-21147, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145, python3 CVE-2024-37891,CVE-2024-39689,CVE-2024-6345,CVE-2024-3651 and SpringWe...
Security Bulletin: Vulnerability with The Bouncy Castle Crypto affect IBM Cloud Object Storage Systems (July 2024v2)
Summary Vulnerability with The Bouncy Castle CryptoCVE-2024-29857, , Snappy CVE-2024-36124, CVE-2024-30171, CVE-2024-30172, This vulnerability has been addressed in the latest ClevOS release Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is...
Security Bulletin: Vulnerability with Perl, Snappy, Psf Request, spring-web-5.3.33.jar , Apache HTTP Server, OpenJDK, affect IBM Cloud Object Storage Systems (July 2024v1)
Summary Vulnerability with Perl CVE-2023-47038, Snappy CVE-2024-36124, Psf Request CVE-2024-35195, spring-web-5.3.33.jar CVE-2024-22262 , Apache HTTP Server, CVE-2024-24795, CVE-2023-38709 OpenJDK CVE-2024-21094, CVE-2024-21011, CVE-2024-21085, CVE-2024-21068, CVE-2024-21012,. This vulnerability...
Security Bulletin: Vulnerability with OpenJDK, commons-compress and spring-web-5.3.27/spring-web-5.3.32 affect IBM Cloud Object Storage Systems (April 2024v1)
Summary Vulnerability with OpenJDK- CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20945, CVE-2024-20932, CVE-2024-20919, CVE-2024-20926, commons-compress CVE-2024-25710, CVE-2024-26308 , spring-web-5.3.27 CVE-2024-22243, spring-web-5.3.32CVE-2024-22259. This vulnerability has been...
Security Bulletin: Vulnerability with Kernel affect IBM Cloud Object Storage Systems (Jan 2024v1)
Summary Vulnerability with Kernel - CVE-2023-45871 This vulnerability has been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-45871 DESCRIPTION: Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the IGB driver in...
Security Bulletin: Vulnerability with MariaDB and OpenJDK affect IBM Cloud Object Storage Systems (Dec2023v1)
Summary Vulnerability with MariaDB - CVE-2022-47015 and OpenJDK CVE-2023-22081 & CVE-2023-22025 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2022-47015 DESCRIPTION: MariaDB is vulnerable to a denial of service, caused by a NULL pointer...
Security Bulletin: Vulnerability with urlib3 affect IBM Cloud Object Storage Systems (Nov2023v2)
Summary Vulnerability with urllib3 - CVE-2023-43804 and CVE-2023-45803 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw...
Security Bulletin: Vulnerability with GNU glibc & libcURL affect IBM Cloud Object Storage Systems (Nov2023v1)
Summary Vulnerability with GNU glibc - CVE-2023-4911 and libcURL CVE-2023-38545 & CVE-2023-38546 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-4911 DESCRIPTION: glibc could allow a local authenticated attacker to gain elevated privileges...
Security Bulletin: Vulnerability with snappy-java affect IBM Cloud Object Storage Systems (Oc2023v1)
Summary Vulnerability with snappy-java CVE-2023-43642 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a...
Security Bulletin: Vulnerability with Certifi affect IBM Cloud Object Storage Systems (Sept2023v3)
Summary Vulnerability with Certifi CVE-2023-37920 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in Certifi has an unknown impact and attack vector. CVSS...
Security Bulletin: Vulnerability with Python affect IBM Cloud Object Storage Systems (Sept2023v2)
Summary Vulnerability with Python CVE-2023-40217 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-40217 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by a race condition in the SSLSocket module...
Security Bulletin: Vulnerability with kernel , OpenJDK jna-platform affect IBM Cloud Object Storage Systems (Sept2023)
Summary Vulnerability with kernel CVE-2023-2269, CVE-2023-34256, OpenJDK CVE-2023-22041 CVE-2023-22043 CVE-2023-22044 CVE-2023-22006 CVE-2023-22045 CVE-2023-22036 CVE-2023-22049, jna-platform 240628 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details...
Security Bulletin: Vulnerability with bcprov-jdk affect IBM Cloud Object Storage Systems (Sept2023)
Summary Vulnerability with bcprov-jdk CVE-2023-33201 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Package For Java bc-java could allow a remote attacker to obtain sensitive information, caused...
CVE-2021-39014 IBM Cloud Object Storage System cross-site scripting
IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213650...
Security Bulletin: Security vulnerability affects IBM Cloud Object Storage SDK Java (February 2020 Bulletin)
Summary Security vulnerability affects IBM Cloud Object Storage SDK Java. The vulnerability has been addressed in the latest SDK 2.6.1 release. Vulnerability Details CVEID: CVE-2019-20330 DESCRIPTION: A lacking of certain net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact...
Security Bulletin: Security vulnerabilities affect IBM Cloud Object Storage SDK Java (November 2019 Bulletin)
Summary Security vulnerabilities affect IBM Cloud Object Storage SDK Java. These vulnerabilities have been addressed in the latest SDK 2.5.5 release. Vulnerability Details CVEID: CVE-2019-16335 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It ...