Security Bulletin: Tivoli Storage Productivity Center affected by vulnerabilities in OpenSSL (CVE-2013-0169, CVE-2012-2686, CVE-2013-0166)

Summary A number of security vulnerabilities have been discovered in the OpenSSL libraries included in Tivoli Storage Productivity Center. These libraries are used for communications with the Storage Resource agent and some storage systems. Vulnerability Details VULNERABILITY DETAILS: DESCRIPTION...

Shared Server Compatibility of Veeam Backup for Microsoft 365 and Veeam Backup & Replication

Purpose It is important to remember that Veeam Backup for Microsoft 365 and Veeam Backup & Replication are separate backup products designed to operate separately from each other. However, both Veeam Backup for Microsoft 365 and Veeam Backup & Replication utilize Veeam Explorers as secondary...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2022:2422-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2422-1 advisory. - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in...

"Loss protection disabled" Warning in GUI

Challenge When configuring backup file encryption, the following warning is shown: Loss protection disabled Creating Encrypted Configuration Backups Backup Job Encryption Cause This warning appears when the Veeam Backup & Replication installation is not managed by a Veeam Backup Enterprise Manage...

The vulnerability of the Red Database database management system lies in the improper handling of unexpected data types, which allows attackers to trigger service failures.

The vulnerability of the Red Database database management system is related to the improper handling of unexpected data types. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure by sending an incorrect page number to the server during replication...

USN-5231-1 389-ds-base vulnerabilities

It was discovered that 389 Directory Server presented to users, during authentication, an error message which could be used to discover if a certain LDAP DN existed or not. A remote unauthenticated attacker could possibly use this to check the existence of an entry in a LDAP database and expose...

The JSM Mail Handler functionality creates tickets from incoming emails in wrong projects

h3. Issue Summary When multiple Jira Service Management JSM projects are configured with a Mail Handler|https://confluence.atlassian.com/servicemanagementserver/receiving-requests-by-email-939926303.html via Project Settings Email Requests, the following issue happens: - the JSM Mail Handler...

Atlassian Jira < 8.6.0 / 8.7.x < 8.13.12 / 8.14.x < 8.20.1 / 8.21.0 (JRASERVER-72940)

The version of Atlassian Jira installed on the remote host is prior to 8.6.0 / 8.7.x 8.13.12 / 8.14.x 8.20.1 / 8.21.0. It is, therefore, affected by a vulnerability as referenced in the JRASERVER-72940 advisory. - Non-administrators can edit the File Replication settings - CVE-2021-41308...

Release Information for NEC Storage V Series Plug-In for Veeam Backup & Replication

This plug-in leverages the Veeam Universal Storage API, which enables storage OEMs to allow Veeam Backup & Replication integration to the arrays for backup and replication jobs. Requirements Before installing NEC V Series Plug-In v2.1.225, make sure that you are running Veeam Backup & Replication...

Detecting malicious key extractions by compromised identities for Azure Cosmos DB

Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog post, we describe security practices for...

Virtuozzo Hybrid Infrastructure 5.1 Update 1 (5.1.1-61)

This update provides bug fixes and improvements. Vulnerability id: VSTOR-54473 The network orchestration service does not restart after an update. Vulnerability id: VSTOR-54265 Fixes the root cause of the alert "Cluster had blocked or slow replication." Vulnerability id: VSTOR-54066 Fixes the...

Malicious code in amazon-s3-data-replication-hub-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e4ca6ae6edf3790eb5efb9ad36e153e033bf826c074090d9d9cb473b1c56b5d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-957 Malicious code in amazon-s3-data-replication-hub-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e4ca6ae6edf3790eb5efb9ad36e153e033bf826c074090d9d9cb473b1c56b5d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1195 Malicious code in aws-data-replication-hub (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3144f2bcaaeb7484fb947374032c2b2444a2450702d11f3ed47cbb0e18706cf1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in aws-data-replication-hub (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3144f2bcaaeb7484fb947374032c2b2444a2450702d11f3ed47cbb0e18706cf1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in amazon-ecr-data-replication-hub-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a32deab8300fe35db0ea930f79cccefb774d8da37e8bb3cd231a3658cd492189 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-953 Malicious code in amazon-ecr-data-replication-hub-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a32deab8300fe35db0ea930f79cccefb774d8da37e8bb3cd231a3658cd492189 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

How to Connect to an Object Storage Repository via Google Cloud Private Access

Purpose This article documents how to configure Veeam Backup & Replication to use Google Cloud Private Access to connect to a GCS bucket instead of the public IPs for Scale-Out Backup Repository offload to Capacity Tier or Archive Tier or to connect to an Object Storage Repository in Veeam Backup...

CVE-2022-32560

An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings...

PT-2022-21372 · Couchbase · Couchbase Server

Name of the Vulnerable Software and Affected Versions: Couchbase Server versions prior to 7.0.4 Description: An issue was discovered in Couchbase Server where XDCR lacks role checking when changing internal settings. Recommendations: For versions prior to 7.0.4, update to version 7.0.4 or later t...