Security Bulletin: Due to the use of IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities

Summary Vulnerabilities found in IBM Db2 LUW that affect Foundation and IBM Tivoli Monitoring ITM pattern Types pTypes shipped with IBM Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System v2.3.6.0 has updated Foundation and ITM pTypes to Foundation versi...

EUVD-2007-5413

Malware in sbrugna...

EUVD-2007-5415

Malware in sbrugna...

EUVD-2019-14199

Malware in sbrugna...

EUVD-2023-53003

Malicious code in bioql PyPI...

CVE-2023-48978

An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...

CVE-2023-48978

An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...

CVE-2023-48978

CVE-2023-48978 affects NCR ITM Web terminal versions 4.4.0 and 4.4.4. The root cause is improper handling of specially crafted scripts by the IP camera URL component, enabling a remote attacker to execute arbitrary code. The CVSS-3.1 score is 9.8 (CRITICAL) with NETWORK attack vector, no privileg...

NCR Atleos ITM Web terminal 安全漏洞

NCR Atleos ITM Web terminal is a web terminal from NCR Atleos, Inc. A security vulnerability exists in NCR Atleos ITM Web terminal versions 4.4.0 and 4.4.4, which stems from improper handling of specially crafted scripts by the IP camera URL component, which could lead to the execution of arbitra...

PT-2025-26604 · Ncr · Ncr Itm Web Terminal

Name of the Vulnerable Software and Affected Versions: NCR ITM Web terminal versions 4.4.0 through 4.4.4 Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component. Recommendations: For versions 4.4.0 through 4.4.4, consider...

CVE-2023-48978

An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...

CVE-2023-48978

An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...

Security Bulletin: Due to use of IBM® SDK Java™ Technology Edition, IBM Tivoli Monitoring (ITM) components is vulnerable to a local authenticated attacker to bypass security restrictions.

Summary A vulnerabilitiy in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVE-2024-3933 Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions,...

CVE-2023-4801

An improper certification validation vulnerability in the Insider Threat Management ITM Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to...

CVE-2023-4828

The CVE-2023-4828 issue affects Proofpoint Insider Threat Management (ITM) Server versions prior to 7.14.3.69. The root cause is an improper check for an exceptional condition, enabling an attacker with valid agent credentials and hostname to reconfigure any registered agent so that future commun...

CVE-2023-4828 ITM Server Communications Hijack

An improper check for an exceptional condition in the Insider Threat Management ITM Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure...

CVE-2023-4803

CVE-2023-4803 is a reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of Proofpoint ITM Server’s web console. An authenticated administrator can inject and execute arbitrary JavaScript in another web console administrator’s browser. Affected are all ITM Server versions ...

CVE-2023-4803 ITM Server Cross-site Scripting in WriteWindowTitle Endpoint

A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management ITM Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69...

CVE-2023-4803 ITM Server Cross-site Scripting in WriteWindowTitle Endpoint

A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management ITM Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69...

CVE-2023-4802

The CVE-2023-4802 issue affects Proofpoint ITM Server (UpdateInstalledSoftware endpoint) prior to version 7.14.3.69. The vulnerability is a reflected cross-site scripting (XSS) that allows an authenticated administrator to execute arbitrary JavaScript in another web console administrator’s browse...