2991 matches found
Security Bulletin: A vulnerability in GSKit affects IBM Security Network Protection (CVE-2015-1788)
Summary A security vulnerability has been discovered in GSKit used with IBM Security Network Protection. Vulnerability Details CVE ID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Security Network Protection (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Security Network Protection. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to...
Security Bulletin: Vulnerabilities in unzip affect IBM Security Network Protection (CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, and CVE-2014-9636 )
Summary The unzip utility is used to list, test, or extract files from a zip archive. Security vulnerabilities have been discovered in unzip used with IBM Security Network Protection. Vulnerability Details CVE ID: CVE-2014-8139 DESCRIPTION: Info-ZIP UnZip is vulnerable to a heap-based buffer...
Security Bulletin: Vulnerabilities in GNU glibc affect IBM Security Network Protection (CVE-2013-7423, and CVE-2015-1781)
Summary The GNU glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the Name Server Caching Daemon nscd used by multiple programs on the system. Security vulnerabilities have been discovered in glibc used with IBM Security...
Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Security Network Protection
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 that is used by IBM Security Network Protection. These issues were disclosed as part of the IBM Java SDK updates in June 2015. CVE-2015-0138, CVE-2015-0192, CVE-2015-0204, CVE-2015-0458,...
Security Bulletin: IBM Security Network Protection contains a Cross-Site Request Forgery vulnerability.
Summary IBM Security Network Protection is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request. An attacker could exploit this...
Security Bulletin: Vulnerability in GSKit affects IBM Security Network Protection (CVE-2015-0138)
Summary GSKit is an IBM component that is used by IBM Security Network Protection. The GSKit that is shipped with IBM Security Network Protection contains multiple security vulnerabilities including the FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. IBM...
Security Bulletin: IBM Security Network Protection is vulnerable to Cross-Site Scripting. (CVE-2014-6189)
Summary IBM Security Network Protection contains a Cross-Site Scripting vulnerability. Vulnerability Details CVEID:CVE-2014-6189 DESCRIPTION: IBM Security Network Protection is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploi...
Security Bulletin: IBM Security Network Protection is affected by a NSS vulnerability (CVE-2014-3566)
Summary A security vulnerability has been discovered in Network Security Services NSS used with IBM Security Network Protection. This update adds support for the TLS Fallback Signaling Cipher Suite Value TLSFALLBACKSCSV, which can be used to prevent protocol downgrade attacks against applications...
Security Bulletin: IBM Security Network Protection is affected by OpenSSL vulnerabilities (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, and CVE-2015-0206)
Summary Security vulnerabilities have been discovered in OpenSSL used with IBM Security Network Protection. Vulnerability Details CVEID:CVE-2014-3569 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use unsupported protocols by the...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection (CVE-2014-6512, CVE-2014-6457, CVE-2014-6558, CVE-2014-3065)
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7 that is used by IBM Security Network Protection. These issues were disclosed as part of the IBM Java SDK updates in October 2014. Vulnerability Details CVEID:CVE-2014-6512 DESCRIPTION:An...
Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Network Protection (CVE-2015-0235)
Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM Security Network Protection. Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION: The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted,...
Security Bulletin: Multiple vulnerabilities in IBM Security Network Protection (CVE-2014-3567, CVE-2014-4877, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568)
Summary An OpenSSL and a Wget vulnerability have been discovered in IBM Security Network Protection. Vulnerability Details CVEID: CVE-2014-4877 DESCRIPTION: GNU Wget could allow a remote attacker to launch a symlink attack. Temporary files are created insecurely. A remote attacker could exploit...
Security Bulletin: TLS padding vulnerability affects IBM Security Network Protection (CVE-2014-8730)
Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM Security Network Protection. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive informatio...
Security Bulletin: IBM Security Network Protection is affected by Shell Command Injection vulnerability (CVE-2014-6183)
Summary A Shell Command Injection vulnerability has been discovered in IBM Security Network Protection. Vulnerability Details CVE-ID: CVE-2014-6183 Description: IBM Security Network Protection could allow a remote attacker to execute arbitrary commands on the system. An authenticated attacker cou...
Security Bulletin: Network Protection is affected by multiple OpenSSL vulnerabilities (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3511)
Summary Multiple security vulnerabilities have been discovered in OpenSSL version used by IBM Security Network Protection. Vulnerability Details CVE-ID: CVE-2014-3505 Description: OpenSSL is vulnerable to a denial of service, caused by a double-free error when handling DTLS packets. A remote...
Security Bulletin: IBM Security Network Protection System CPU Utilization (CVE-2014-0963)
Summary IBM Security Network Protection System is affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: IBM Security Network Protection System is affect...
Security Bulletin: IBM Security Network Protection is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470
Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...
Security Bulletin: IBM Security Network Protection System CPU utilization (CVE-2014-0963)
Summary IBM Security Network Protection System is affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: IBM Security Network Protection System is affect...
Security Bulletin: Security Network Protection is affected by a cross-site scripting vulnerability (CVE-2013-5442)
Summary IBM Security Network Protection is affected by a cross-site scripting vulnerability that could be used to impersonate a legitimate user, allowing the impersonator to alter user records, and to perform transactions as that user. Vulnerability Details The IBM Security Network Protection Loc...