Security Bulletin: IBM QRadar SIEM in a multi tenant configuration could be vulnerable to information disclosure (CVE-2018-1725)

Summary In a multi tenant configuration IBM QRadar SIEM could be vulnerable to sensitive information disclosure. Vulnerability Details CVEID: CVE-2018-1725 DESCRIPTION: IBM QRadar SIEM in a multi tenant configuration could be vulnerable to information disclosure CVSS Base score: 3.2 CVSS Temporal...

Security Bulletin: IBM Security QRadar Packet Capture has released 7.3.1 Patch 1, and 7.2.8 Patch 4 in response to the vulnerabilities known as Spectre and Meltdown.

Summary IBM has released the following 7.3.1 Patch 1, and 7.2.8 Patch 4 for IBM QRadar Packet Capture in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754. Vulnerability Details CVEID: CVE-2017-5753 CVEID: CVE-2017-5715 CVEID: CVE-2017-5754 Affected Products and Versions IBM QRadar Packe...

Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to Intel Microarchitectural Data Sampling (MDS) Vulnerabilites (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)

Summary A potential security vulnerability in CPUs may allow information disclosure. Vulnerability Details CVEID: CVE-2018-12126 Description: Microarchitectural Store Buffer Data Sampling MSBDS: Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user ...

Security Bulletin: IBM QRadar SIEM is vulnerable to deserialization of untrusted data

Summary IBM QRadar SIEM could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function Vulnerability Details CVEID: CVE-2020-4280 DESCRIPTION: IBM QRadar could allow a remote attacker to...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to Cross-frame scripting

Summary A Cross-frame scripting vulnerability was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2020-4727 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a...

Security Bulletin: Apache ZooKeeper as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2019-0201)

Summary Apache ZooKeeper as used by IBM QRadar SIEM is vulnerable to information disclosure. Vulnerability Details CVEID: CVE-2019-0201 DESCRIPTION: Apache ZooKeeper could allow a remote attacker to obtain sensitive information, caused by the failure to check permissions by the getACL command. By...

Veeam Service Provider Console v4 Patch 1 (build 4911)

Challenge Veeam Service Provider Console v4 Patch 1. This patch is superseded by the Patch 2 Cause Please confirm you are running version 4.0.0.4877 before installing this Patch 1. You can check this under Windows Programs and features. After upgrading, your build will be version 4.0.0.4911. As a...

CVE-2020-12021

In OSIsoft PI Web API 2019 Patch 1 1.12.0.6346 and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code...

CVE-2020-12021

CVE-2020-12021 affects OSIsoft PI Web API (2019 Patch 1, 1.12.0.6346) and earlier, with a cross-site scripting vulnerability that could enable a remote attacker to execute arbitrary JavaScript in a user’s browser, potentially leading to data view/modification/deletion under the victim’s permissio...

Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities (CVE-2017-3164)

Summary IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities Vulnerability Details CVEID: CVE-2017-3164 DESCRIPTION: Apache Solr is vulnerable to server-side request forgery, caused by not having corresponding allowlist mechanism in the shards parameter. By using a...

Security Bulletin: IBM QRadar SIEM is vulnerable to information exposure (CVE-2019-4593)

Summary IBM QRadar SIEM is vulnerable to information exposure Vulnerability Details CVEID: CVE-2019-4593 DESCRIPTION: IBM QRadar generates an error message that includes sensitive information that could be used in further attacks against the system. CVSS Base score: 4.3 CVSS Temporal Score: See:...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by IBM QRadar SIEM. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability ...

Veeam Backup & Replication 10 Cumulative Patch 1

More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Requirements Please confirm that you are running version 10 build 10.0.0.4461 prior to installing this update. You can check this under Help | About in the Veeam Backu...

CVE-2019-11318

Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS...

Cross site scripting

Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS...

CVE-2019-11318

Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS...

CVE-2019-11318

Zimbra Collaboration Server (before 8.8.12 Patch 1) is affected by a persistent cross-site scripting (XSS) vulnerability in the web application. The provided documents specify the issue as a persistent XSS but do not detail the vulnerable component, root-cause, exploit method, or affected version...

CVE-2019-12427

CVE-2019-12427 affects Zimbra Collaboration before 8.8.15 Patch 1, with a non-persistent XSS vulnerability in the Admin Console. The connected Red Hat/OSV/CVE entries corroborate the same description. No remediation/versioned mitigation details are provided in the documents.

Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a timing side channel attack (CVE-2018-0734)

Summary OpenSSL as used in IBM QRadar SIEM is vulnerable to a timing side channel attack Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing...

Veeam Availability Orchestrator v2 Patch 1 (build 1463)

Challenge This patch fixes the following issue found in VAO 2.0. The presence of backup job objects created by Veeam plug-in backup jobs cause VAO Restore Plans to fail locating valid restore points required for the restore process. The following example shows the issue found in the Readiness Che...