IBM Security Verify Information Queue 加密问题漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. A weak cryptographic algorithm vulnerability exists in IBM Security Verify Information Queue. An attacker could exploi...

IBM Security Verify Information Queue 安全漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. An information disclosure vulnerability exists in IBM Security Verify Information Queue. The vulnerability stems from...

Security Bulletin: IBM Security Verify Information Queue does not properly encode error messages sent to web users (CVE-2021-20405)

Summary When an error occurs while using the IBM Security Verify Information Queue ISIQ web application, the status messages sent back to the user are not properly encoded. This could lead to information disclosure, which could then be leveraged in a phishing attack. As of v10.0.0, the ISIQ web...

Security Bulletin: IBM Security Verify Information Queue still supports older browsers that don't enforce CSRF token protections (CVE-2021-20403)

Summary The IBM Security Verify Information Queue ISIQ web application protects against cross-site request forgery CSRF attacks by using the SameSite cookie attribute. However, ISIQ's web browser requirements are not current enough to ensure that this cookie attribute gets consistently used. As o...

Security Bulletin: IBM Security Verify Information Queue does not sufficiently protect its session cookies (CVE-2021-20404)

Summary IBM Security Verify Information Queue ISIQ does not sufficiently protect its session cookies from malicious modification. Consequently, a denial-of-service attack could cause ISIQ logins to fail with an invalid token. As of v10.0.0, ISIQ has strengthened the safeguards of session cookies...

Security Bulletin: IBM Security Verify Information Queue could reveal sensitive data in application error messages (CVE-2021-20402)

Summary In response to certain application errors, IBM Security Verify Information Queue ISIQ could output messages that contain sensitve data, which could then be used to gain unauthorized system access. As of v10.0.0, ISIQ no longer includes sensitve data when outputting error messages...

Security Bulletin: IBM Security Verify Information Queue uses a Node.js package with known vulnerabilities (CVE-2020-11023, CVE-2020-11022)

Summary The web server in IBM Security Verify Information Queue ISIQ uses an older version of the jQuery package that has two cross-site scripting vulnerabilities. As of v10.0.0, ISIQ has upgraded to a newer, secure version of jQuery. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuer...

Security Bulletin: IBM Security Verify Information Queue uses a Node.js package with a cross-site scripting vulnerability (CVE-2020-7676)

Summary The web server in IBM Security Verify Information Queue ISIQ uses an older version of the angular.js package that has a cross-site scripting vulnerability. As of v10.0.0, ISIQ has upgraded to a newer, secure version of angular.js. Vulnerability Details CVEID: CVE-2020-7676 DESCRIPTION:...

Security Bulletin: IBM Security Verify Information Queue uses a Node.js package with multiple vulnerabilities

Summary The web server in IBM Security Verify Information Queue ISIQ uses an older version of the node-sass package that has multiple vulnerabilities. As of v10.0.0, ISIQ has upgraded to a newer, secure version of node-sass. Vulnerability Details CVEID: CVE-2018-11697 DESCRIPTION: LibSaas could...

IBM Security Verify Information Queue 信息泄露漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. An information disclosure vulnerability exists in IBM Security Verify Information Queue. A remote attacker could explo...

IBM Security Verify Information Queue 授权问题漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. An elevation of privilege vulnerability exists in IBM Security Verify Information Queue. The vulnerability stems from...

IBM Security Verify Information Queue 安全漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. A denial of service vulnerability exists in IBM Security Verify Information Queue. The vulnerability stems from an...

IBM Security Verify Information Queue 跨站请求伪造漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. A cross-site request forgery vulnerability exists in IBM Security Verify Information Queue. An attacker could exploit...

CVE-2021-25274

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ Microsoft Message Queue and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon...

CVE-2021-25274

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ Microsoft Message Queue and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon...

Vulnerability fixed in IBM MQ

A vulnerability has been fixed in IBM MQ. The vulnerability allows a remote malicious person to execute arbitrary code. execute. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6408626...

CVE-2021-21294

Http4s http4s-blaze-server is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its...

Qualcomm WLAN HOST Resource Management Error Vulnerability

Qualcomm WLAN HOST is a Qualcomm Incorporated USA wireless LAN component used in Qualcomm products. A resource management error vulnerability exists in the Qualcomm WLAN HOST, which arises from the possibility that an entry in the hash table could be deleted before a frame is placed in the PE que...

PRTG Network Monitor Authenticated RCE

Notifications can be created by an authenticated user and can execute scripts when triggered. Due to a poorly validated input on the script name, it is possible to chain it with a user-supplied command allowing command execution under the context of privileged user. The module uses provided...

IBM MQ 代码问题漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A remote code execution vulnerability exists in IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD, which is caused ...