PT-2024-33693 · Ibm · Ibm Security Guardium Key Lifecycle Manager

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium Key Lifecycle Manager versions 4.1, 4.1.1, 4.2.0, and 4.2.1 Description: The issue concerns the storage of potentially sensitive information in log files by IBM Security Guardium Key Lifecycle Manager. This information...

PT-2024-33696 · Ibm · Ibm Security Guardium Key Lifecycle Manager

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium Key Lifecycle Manager versions 4.1, 4.1.1, 4.2.0, and 4.2.1 Description: The issue allows a remote attacker to obtain sensitive information in cleartext in a communication channel that can be detected by unauthorized...

Rockwell Automation Discontinued Devices Detection

The current plugin identifies Rockwell devices that are currently discontinued. Rockwell Lifecycle Statuses: - Active: Most current offering within a product category. - Active Mature: Product is fully supported, but a newer product or family exists. Gain value by migrating. - End of Life:...

Rockwell Automation Active Devices Detection

The current plugin identifies Rockwell devices that are still under active support. Rockwell Lifecycle Statuses: - Active: Most current offering within a product category. - Active Mature: Product is fully supported, but a newer product or family exists. Gain value by migrating. - End of Life:...

Rockwell Automation End-of-Life Devices Detection

The current plugin identifies Rockwell devices that are end-of-life, i.e., still supported but have a discontinued date announced. Rockwell Lifecycle Statuses: - Active: Most current offering within a product category. - Active Mature: Product is fully supported, but a newer product or family...

The vulnerability of the SAP Product Lifecycle Costing Client software lies in its uncontrolled search mechanism, which allows attackers to disclose sensitive information.

The vulnerability of the SAP Product Lifecycle Costing Client software is related to an uncontrollable element in the search process. Exploiting this vulnerability can allow attackers to disclose sensitive information...

CVE-2024-47576

SAP Product Lifecycle Costing Client versions below 4.7.1 application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execut...

CVE-2024-47576 DLL Hijacking vulnerability in SAP Product Lifecycle Costing

SAP Product Lifecycle Costing Client versions below 4.7.1 application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execut...

CVE-2024-47576 DLL Hijacking vulnerability in SAP Product Lifecycle Costing

SAP Product Lifecycle Costing Client versions below 4.7.1 application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execut...

CVE-2024-47576

CVE-2024-47576 concerns the SAP Product Lifecycle Costing Client (versions

SAP Lifecycle Costing Client 代码问题漏洞

SAP Lifecycle Costing Client is a product lifecycle costing software from SAP, Germany. A code issue vulnerability exists in SAP Lifecycle Costing Client versions prior to 4.7.1, which stems from the presence of a DLL substitution vulnerability that could lead to the theft of sensitive informatio...

Authorized Agility: Wiz adds Code Security in the FedRAMP offering (Wiz for Gov)

Wiz is excited to announce the addition of Wiz Code into our Wiz for Gov offering, enabling organizations to visualize attack paths from cloud-to-code and bring guardrails into the software development lifecycle...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons-Codec version less than 1.13

Summary A vulnerability has been identified in Apache Commons-Codec version less than 1.13, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details IBM X-Force ID: 177835...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Jdom-1.0

Summary A vulnerability has been identified in Jdom version 1.0, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager

Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

kernel: drm/amdgpu: change vm->task_info handling

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: change vm-taskinfo handling This patch changes the handling and lifecycle of vm-taskinfo object. The major changes are: - vm-taskinfo is a dynamically allocated ptr now, and its uasge is reference counted. - introduci...

The vulnerability of the Linux operating system’s kernel cgroup component, which allows a hacker to cause a service failure

The vulnerability of the Linux operating system’s kernel cgroup component is related to the lack of memory release after the effective lifespan of the component has ended. Exploiting this vulnerability can allow an attacker to cause a service failure...

A Guide to Securing AI App Development: Join This Cybersecurity Webinar

Artificial Intelligence AI is no longer a far-off dream—it's here, changing the way we live. From ordering coffee to diagnosing diseases, it's everywhere. But while you're creating the next big AI-powered app, hackers are already figuring out ways to break it. Every AI app is an opportunity—and a...

Security Bulletin: The IBM® Engineering Lifecycle Management is vulnerable to cross-site scripting

Summary A cross-site scripting vulnerability has been identified on the URL "/jts/auth/authrequired". The web-url does not properly sanitise and escape xss payload before out-putting a 'layout' parameter that users supply to the response body leading to a Cross Site Scripting attack. This bulleti...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Repodebug

Summary Repodebug shows Oracle password in the plain text. This only occurs with Oracle DB. Customer observed that repodebug shows the database username and password for Oracle jdbc connections which is a vulnerability. This bulletin contains information regarding the remediation actions...