Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in snappy-java

Summary Multiple vulnerabilities in snappy-java used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in the hasNextChunk function. By sendi...

SOA VS MICROSERVICES – What’s the difference?

Unraveling the Code Landscape: Exploring SOA and Microservices Seamlessly The shifting sands of software development have elevated two pivotal architecture designs to influential pedestals: The Service-Oriented Architecture SOA and Microservices. Understanding their distinct characteristics,...

SQL Injection Vulnerability in SpringBlade of Shanghai Breadtech Co. Ltd (CNVD-2023-101321)

SpringBlade is a well-designed microservices architecture that provides a full suite of SpringCloud solutions. Ltd. SpringBlade suffers from a SQL injection vulnerability that can be exploited by an attacker to obtain sensitive database information...

What Is Microservices Architecture

Mastering the Essential Elements of Services-Focused Programming The methodology of programming using tiny, interdependent software units, often simplified to 'Microservices', has seen a marked uptick in usage in recent times. This distinct architectural paradigm shapes an application as a group ...

Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.2.2 release and security update

Red Hat AMQ Streams 2.2.2 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.5.1 release and security update

Red Hat AMQ Streams 2.5.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Unauthorized Access Vulnerability in SpringBlade of Shanghai Bred Technology Co. Ltd (CNVD-2023-94732)

SpringBlade is a microservices architecture upgraded and optimized from a commercial-grade project. An unauthorized access vulnerability exists in SpringBlade, which can be exploited by an attacker to obtain sensitive information...

A Bootiful Podcast: cloud native Chris Richardson

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to original cloud native Chris Richardson on microservices, architecture, and more...

Fedora: Security Advisory for grpc (FEDORA-2023-15b3e80753)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: grpc-1.48.4-8.fc38

gRPC is a modern open source high performance RPC framework that can run in a ny environment. It can efficiently connect services in and across data centers with pluggable support for load balancing, tracing, health checking and authentication. It is also applicable in last mile of distributed...

[SECURITY] Fedora 37 Update: grpc-1.48.4-8.fc37

gRPC is a modern open source high performance RPC framework that can run in a ny environment. It can efficiently connect services in and across data centers with pluggable support for load balancing, tracing, health checking and authentication. It is also applicable in last mile of distributed...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Cassandra (CVE-2023-30601)

Summary A vulnerability in Apache Cassandra used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-30601 DESCRIPTION: Apache Cassandra could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the FQL/Audit log...

Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in Apache Commons FileUpload and Tomcat (CVE-2023-24998)

Summary A denial of service vulnerability in Apache Commons FileUpload and Tomcat affects WebSphere Liberty that is used by IBM InfoSphere Information Server. The vulnerability was addressed. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerab...

Active Health Check strategies with Spring Cloud Gateway

Active health check strategies with Spring Cloud Gateway Nowadays, applications are built as a collection of small independent upstream services. This accelerates development and allows modules to be focused on specific responsibilities, increasing their quality. This is one of the main advantage...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a arbitrary code execution in SnakeYaml (CVE-2022-1471)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a arbitrary code execution in SnakeYaml due to an unsafe deserialization in the Constructor class.CVE-2022-1471. SnakeYaml is included as part of the java microservices in our speech services. This...

[SECURITY] Fedora 38 Update: dotnet7.0-7.0.107-1.fc38

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

How to Implement a Secure API Gateway

As you rely more on APIs to connect microservices in modern applications, these APIs become a lucrative target for bad actors. Learn how an API gateway provides an extra layer of security, helping protect your systems and data from unauthorized access...

Gaps in Azure Service Fabric’s Security Call for User Vigilance

In this blog post, we discuss different configuration scenarios that may lead to security issues with Azure Service Fabric, a distributed platform for deploying, managing, and scaling microservices and container applications...

How to Improve Your API Security Posture

APIs, more formally known as application programming interfaces, empower apps and microservices to communicate and share data. However, this level of connectivity doesn't come without major risks. Hackers can exploit vulnerabilities in APIs to gain unauthorized access to sensitive data or even ta...

Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.4.0 release and security update

Red Hat AMQ Streams 2.4.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...