248 matches found
Security Bulletin: A security vulnerability in react-scripts affects IBM Cloud Pak for Multicloud Management Managed Services
Summary A security vulnerability in react-scripts affects IBM Cloud Pak for Multicloud Management Managed Services Vulnerability Details IBM X-Force ID: 217312 DESCRIPTION: Node.js istanbul-reports module could allow a remote attacker to obtain sensitive information, caused by a reverse tabnabbin...
One Microsoft manager’s entrepreneurial vision for multicloud identity and access
In July 2021, Microsoft acquired CloudKnox, a leader in cloud infrastructure entitlement management CIEM. Over the past two years, I’ve had the pleasure of getting to know the founder and chief executive officer CEO, Balaji Parimi, who is now the Partner General Manager of Permissions Management ...
Connect with Microsoft Security experts at the 2022 Gartner Identity & Access Management Summit
The transition to a remote and hybrid workforce happened fast during a time of uncertainty, and IT professionals rose to the challenge with ingenuity and dedication. But two years in, many IT teams are still responding with patchwork solutions to enforce identity and access management IAM across ...
Collaboration Drives Secure Cloud Innovation: Insights From AWS re:Inforce
This year's AWS re:Inforce conference brought together a wide range of organizations that are shaping the future of the cloud. Last week in Boston, cloud service providers CSPs, security vendors, and other leading organizations gathered to discuss how we can go about building cloud environments...
Security Bulletin: A security vulnerability in Node.js node-forge affects IBM Cloud Pak for Multicloud Management Managed Services
Summary A security vulnerability in Node.js node-forge affects IBM Cloud Pak for Multicloud Management Managed Services. Vulnerability Details CVEID:CVE-2022-24772 DESCRIPTION: Node.js node-forge module could allow a remote attacker to bypass security restrictions, caused by improper signature...
Security Bulletin: A security vulnerability in Node.js node-forge affects IBM Cloud Pak for Multicloud Management Managed Services
Summary A security vulnerability in Node.js node-forge affects IBM Cloud Pak for Multicloud Management Managed Services. Vulnerability Details CVEID:CVE-2022-24771 DESCRIPTION: Node.js node-forge module could allow a remote attacker to bypass security restrictions, caused by improper signature...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to information disclosure due to its use of Apache Hadoop (CVE-2017-15713)
Summary Vulnerability in Apache Hadoop allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history serv...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to information leakage due to its use of Java (CVE-2022-35550)
Summary Java is used by several components in IBM Cloud Pak for Multicloud Management Monitoring to interact with the operating system and for functional utilities. Vulnerability Details CVEID:CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to a denial server due to its use of Google's Gson
Summary GSON is used by several components in IBM Cloud Pak for Multicloud Management Monitoring to serialize/deserialize data. Vulnerability Details IBM X-Force ID: 217225 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to a DoS attack due to its use of Apache Parquet (CVE-2021-41561)
Summary Apache Parquet is used by its spark component in IBM Cloud Pak for Multicloud Management Monitoring in support of the predictive insights function. This vulnerability is limited to a malicous insider with access to the spark component. Vulnerability Details CVEID:CVE-2021-41561 DESCRIPTIO...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is potentially vulnerable to execution of arbitrary code due to its use of Apache Log4j (CVE-2022-23305)
Summary Apache Log4j is used by IBM Cloud Pak for Multicloud Management Monitoring as part of its logging infrastructure. Apache Log4j v1.2 has been removed and replaced by Log4j v2.17.1. Components that use Apache Log4j v1.2 are not exposed outside the cluster and are not configured to use the...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has multiple vulnerabilities associated with the Go runtime (CVE-2021-29923, CVE-2021-31525, CVE-2021-33194, CVE-2021-33195, CVE-2021-33196, CVE-2021-33197, CVE-2021-33198)
Summary The Go runtime is used by several components in IBM Cloud Pak for Multicloud Management Monitoring to interact with the operating system and provide utility functions. Vulnerability Details CVEID:CVE-2021-34558 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by the...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is potentially vulnerable to execution of arbitrary code due to its use of Apache Log4j (CVE-2022-23302)
Summary Apache Log4j is used by IBM Cloud Pak for Multicloud Management Monitoring as part of its logging infrastructure. Apache Log4j v1.2 has been removed and replaced by Log4j v2.17.1. Components that use Apache Log4j v1.2 are not exposed outside the cluster and are not configured to use the...
How Microsoft Purview and Priva support the partner ecosystem
Today, many enterprise organizations are multicloud and multiplatform. Critical enterprise data is located across clouds and platforms, requiring security and compliance no matter where it lives. To solve the complexity that comes with these environments, organizations have invested in multiple...
How Microsoft Security partners are helping customers do more with less
There has never been a greater demand for specialized cybersecurity expertise—or a greater opportunity for our partners to support our customers with new services and solutions. Over the last year, the permanent shift to hybrid work has empowered businesses to be remote and mobile. Increased...
How Microsoft Security partners are helping customers do more with less
There has never been a greater demand for specialized cybersecurity expertise—or a greater opportunity for our partners to support our customers with new services and solutions. Over the last year, the permanent shift to hybrid work has empowered businesses to be remote and mobile. Increased...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities due to its use of IBM JAVA (CVE-2021-35560, CVE-2021-35578, CVE-2021-35565, CVE-2021-35603)
Summary IBM Java is the runtime environment used by several components in IBM Cloud Pak for Multicloud Management Monitoring and contains several security vulnerabilities. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to a denial server due to its use of Apache Xerces2 (CVE-2022-23437)
Summary Apache Xerces2 is used by several components in IBM Cloud Pak for Multicloud Management Monitoring to process internal configuration files. This vulnerability is limited to a malicious insider who can find and manipulate these files. Vulnerability Details CVEID: CVE-2022-23437 DESCRIPTION...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple security vulnerabilities due to its use of NodeJS (CVE-2021-22918, CVE-2021-22960, CVE-2021-22959)
Summary NodeJS is used by multiple components of IBM Cloud Pak for Multicloud Management Monitoring as a runtime environment. Vulnerability Details CVEID: CVE-2021-22959 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by an error related to a space in headers. A remote attack...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is potentially vulnerable to execution of arbitrary code due to its use of Apache Log4j (CVE-2021-4104)
Summary Apache Log4j is used by IBM Cloud Pak for Multicloud Management Monitoring as part of its logging infrastructure. Apache Log4j v1.2 has been removed and replaced by Log4j v2.17.1. Components that use Apache Log4j v1.2 are not exposed outside the cluster and are not configured to use the...