23 matches found
EUVD-2016-7422
Malware in sbrugna...
EUVD-2008-3525
Malware in sbrugna...
EUVD-2011-1683
Malware in sbrugna...
Approach to mainframe penetration testing on z/OS. Deep dive into RACF
In our previous article we dissected penetration testing techniques for IBM z/OS mainframes protected by the Resource Access Control Facility RACF security package. In this second part of our research, we delve deeper into RACF by examining its decision-making logic, database structure, and the...
CVE-2011-1683
IBM WebSphere Application Server WAS 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors...
Continuous Security Hardening and Monitoring for IBM® z/OS® Mainframes and Databases Using Qualys Policy Compliance
Mainframes are a key infrastructure component for many enterprises worldwide. Arguably the most secure, reliable, and efficient computing platform, mainframes hold some 70% of the worlds business-critical data. Even though they are highly secure and resilient, it’s a common misconception that...
JCL to Escalate Privileges
Elevate privileges for user. Adds SYSTEM SPECIAL and BPX.SUPERUSER to user profile. Does this by using an unsecured/updateable APF authorized library APFLIB and updating the user's ACEE using this program/library. Note: This privesc only works with z/OS systems using RACF, no other ESM is...
ForgeRock OpenIDM and OpenICF RACF Connector Component Arbitrary Code Execution Vulnerability
ForgeRock OpenIDM and OpenICF are both products of ForgeRock, USA. The former is a set of enterprise identity management software, the latter is a set of frameworks used to build or help develop a variety of connectors.RACF Connector is one of the security management connection components. A...
CVE-2016-6500
Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning...
CVE-2016-6500
Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning...
Code injection
Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning...
CVE-2016-6500
CVE-2016-6500 affects ForgeRock OpenIDM and OpenICF, specifically the RACF Connector component prior to version 1.1.1.0. The underlying issue is an improper call to the SearchControls constructor with returnObjFlag set to true, which enables an attacker to trigger arbitrary code execution by send...
[Racfsnow] Password cracker for RACF (IBM mainframe)
RACFSNOW is a highly optimised PC program for performing a dictionary attack against a RACF database, with the option of using a database unload IRRDBU00 to validate the User IDs to attack. It uses an ini file to control various parameters to enable focusing the attack on certain user IDs and or...
IBM WebSphere Application Server 7.0 < Fix Pack 17 Multiple Vulnerabilities
IBM WebSphere Application Server 7.0 before Fix Pack 17 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - Use of an insecure XML encryption algorithm could allow for decryption of JAX-RPC or JAX-WS Web Services requests. PM34841 - A...
Design/Logic Flaw
IBM WebSphere Application Server WAS 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors...
CVE-2011-1683
CVE-2011-1683 concerns IBM WebSphere Application Server on z/OS when using a Local OS user registry or Federated Repository with a RACF adapter. The vulnerability allows remote attackers to obtain unspecified application access via unknown vectors in WAS 6.0.x (up to 6.0.2.43), 6.1.x (before 6.1....
CVE-2011-1683
IBM WebSphere Application Server WAS 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors...
IBM WebSphere Application Server未验证访问漏洞
CVE ID: CVE-2010-4476 IBM WebSphere Application Server WAS是由IBM遵照开放标准,例如Java EE, XML 还有Web Services,开发并发行的一种应用服务器。与其兼容的Web服务器包括:Apache HTTP Server,Netscape Enterprise Server,Microsoft Internet Information Services IIS以及IBM HTTP Server。 运行z/OS的IBM WAS在实现上存在安全漏洞,未授权用户可利用此漏洞访问WebSphere应用程序。...
CVE-2011-1321
The AuthCache purge implementation in the Security component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group...
Code injection
The AuthCache purge implementation in the Security component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group...