Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Financial Transaction Manager for Corporate Payment Services. The applicable CVEs have been addressed. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate yo...

Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential Cross-Site Scripting (Reflected) vulnerability (CVE-2020-4560)

Summary This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details CVEID: CVE-2020-4560 DESCRIPTION: IBM Financial Transaction Manager is...

The vulnerability of Junos router operating systems of the EX4300-MP, EX4600, and QFX5K series is related to an uncontrolled resource consumption, which allows a attacker to cause service interruptions.

The vulnerability of Junos operating system routers of the EX4300-MP, EX4600, and QFX5K series is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by using specially crafted channel layer...

Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential logout session timeout (CVE-2020-4555)

Summary Login session may not be invalidated in a timely manner on timeout. Vulnerability Details CVEID: CVE-2020-4555 DESCRIPTION: IBM Financial Transaction Manager for High Value Payments for Multi-Platform does not invalidate session after logout which could allow an authenticated user to...

Juniper Junos OS EX4300-MP/EX4600/QFX5K Series DoS (JSA11086)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11086 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. TRUSTED...

fence security update

CentOS Errata and Security Advisory CESA-2020:5003 An update for fence-agents is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to denial of service DoS. The vulnerability exists as InventoryTransactionPackets can be used to cause an exponential computation to occur through InventoryTransaction-findResultItem...

CVE-2020-1687

On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in Ethernet VPN EVPN-Virtual Extensible LAN VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffi...

Design/Logic Flaw

On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could lead to traffic interruption. This issue does not occur when the device is deployed in Stand Alone...

Design/Logic Flaw

On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in Ethernet VPN EVPN-Virtual Extensible LAN VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffi...

CVE-2020-1689

The CVE-2020-1689 entry affects Junos OS on Juniper EX4300-MP, EX4600, and QFX5K Series deployed in Virtual Chassis. It describes a DoS-like high CPU load caused by receipt of a stream of specific Layer 2 frames from within the broadcast domain, potentially leading to traffic interruption. The is...

CVE-2020-1689 Junos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames when deployed in a Virtual Chassis configuration

On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could lead to traffic interruption. This issue does not occur when the device is deployed in Stand Alone...

CVE-2020-1687 Junos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames in EVPN-VXLAN deployment.

On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in Ethernet VPN EVPN-Virtual Extensible LAN VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffi...

CVE-2020-7591

A vulnerability has been identified in SIPORT MP All versions 3.2.1. Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform potentially administrative actions on behalf of those users if the single sign-on feature "Allow logon...

Design/Logic Flaw

A vulnerability has been identified in SIPORT MP All versions 3.2.1. Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform potentially administrative actions on behalf of those users if the single sign-on feature "Allow logon...

CVE-2020-7591

A vulnerability has been identified in SIPORT MP All versions 3.2.1. Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform potentially administrative actions on behalf of those users if the single sign-on feature "Allow logon...

CVE-2020-7591

CVE-2020-7591 affects SIPORT MP (all versions prior to 3.2.1). The flaw is described as Use of client-side authentication (CWE-603), enabling an authenticated attacker to impersonate other users and perform (potentially administrative) actions on behalf of those users if the single sign-on featur...

Siemens SIPORT MP

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPORT MP Vulnerability : Use of client-side authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to impersonate...

Cisco IOS Software MP BGP EVPN DoS (cisco-sa-ios-bgp-evpn-dos-LNfYJxfF)

According to its self-reported version, IOS is affected by a denial of service DoS vulnerability in the Multiprotocol Border Gateway Protocol MP-BGP for the Layer 2 VPN L2VPN Ethernet VPN EVPN address family. An unauthenticated, remote attacker can exploit this, by sending BGP update messages wit...

Cisco IOS XE Software MP BGP EVPN DoS (cisco-sa-ios-bgp-evpn-dos-LNfYJxfF)

According to its self-reported version, IOS-XE is affected by a denial of service DoS vulnerability in the Multiprotocol Border Gateway Protocol MP-BGP for the Layer 2 VPN L2VPN Ethernet VPN EVPN address family. An unauthenticated, remote attacker can exploit this, by sending BGP update messages...