Meta Rolls Out New Tools to Protect WhatsApp and Messenger Users from Scams

Meta on Tuesday said it's launching new tools to protect Messenger and WhatsApp users from potential scams. To that end, the company said it's introducing new warnings on WhatsApp when users attempt to share their screen with an unknown contact during a video call so as to prevent them from givin...

Security Bulletin: IBM Spectrum Protect Server may not count invalid sign-on attempts from Operations Center (CVE-2022-22485)

Summary The IBM Spectrum Protect Server, in certain instances, may not increment the number of invalid sign-on attempts from Operations Center. This could allow an attacker to use brute force techniques to gain access to the IBM Spectrum Protect Server. Vulnerability Details CVEID:CVE-2022-22485...

Security Bulletin: Apache Log4j vulnerability (CVE-2021-4422) addressed in IBM Watson Machine Learning Accelerator

Summary Apache Log4j, which is used by and included with IBM Watson Machine Learning Accelerator , contains security vulnerability issue CVE-2021-44228. This bulletin provides mitigations for the Log4Shell vulnaribility CVE-2021-44228 by applying workaround steps to IBM Watson Machine Learning...

Security Bulletin: Insecure handling of TLS certificates by IBM Spectrum Protect Plus (CVE-2022-40234)

Summary IBM Spectrum Protect Plus incorrectly handles TLS certificates which can result in an attacker obtaining private key information for the uploaded certificate. Vulnerability Details CVEID:CVE-2022-40234 DESCRIPTION: Versions of IBM Spectrum Protect Plus prior to 10.1.12 excluding 10.1.12...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 are affected by multiple vulnerabilities

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their July 2024 Critical Patch Update, plus CVE-2024-27267. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed i...

Security Bulletin: Denial of service caused by jose4j in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center

Summary IBM Storage Protect Operations Center may be affected by denial of service caused by jose4j in IBM WebSphere Application Server Liberty. CVE-2023-51775. Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused by improper input validation...

Security Bulletin: IBM Security Verify Privilege could allow an unauthenticated actor to obtain sensitive information (CVE-2024-31887)

Summary IBM Security Verify Privilege could allow an unauthenticated actor to obtain sensitive information. The issue has been addressed in an update. Vulnerability Details CVEID:CVE-2024-31887 DESCRIPTION: IBM Security Verify Privilege could allow an unauthenticated actor to obtain sensitive...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a loss of confidentiality (CVE-2024-22356)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a loss of confidentiality. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-22356 DESCRIPTION: IBM App Connect Enterprise and IBM Integration Bus for...

CVE-2024-28163

Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration PI - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application...

PT-2024-22309 · Sap · Sap Netweaver Process Integration

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Process Integration PI version 7.50 Description: Under certain conditions, the Support Web Pages of SAP NetWeaver Process Integration PI allow an attacker to access information that would otherwise be restricted, causing low...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote authenticated attacker due to the electron module (CVE-2023-45143)

Summary IBM App Connect Enterprise is vulnerable to allowing a remote authenticated attacker to obtain sensitive information, due to the electron module. Electron is used for Discovery Connectors in IBM App Connect Enterprise. This bulletin identifies the steps to take to address the vulnerabilit...

Sql injection

ExamSys 9150244 allows SQL Injection via the /Support/action/Pages.php sscore2 parameter...

ExamSys Security Vulnerabilities

ExamSys is an online exam system for RYAN individual developers in China. A security vulnerability exists in ExamSys version 9150244, which originates from allowing SQL injection via the parameter sscore2 in /Support/action/Pages.php...

Security Bulletin: Vulnerability in Linux Kernel might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by a vulnerability in Linux Kernel. A locally authenticated attacker could exploit this vulnerability to gain elevated privileges on the system as described by the CVEs in the "Vulnerability Details" section. CVE-2023-2163 This bulletin...

Security Bulletin: IBM Storage Fusion HCI may be vulnerable to denial of service due to jackson-databind, okio (CVE-2022-42003, CVE-2023-35116, CVE-2023-3635)

Summary Java libraries jackson-databind and okio are used by IBM Storage Fusion HCI for logging. Vulnerabilities in these libraries could lead to Denial of Service as described the the CVEs listed in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION:...

Security Bulletin: Weaker than expected security in Liberty may affect IBM Business Automation Workflow - CVE-2023-46158

Summary WebSphere Application Server Liberty profile is shipped as a component of IBM Business Automation Workflow Process Federation Server and User Management Service. IBM Business Automation Workflow Containers builds upon WebSphere Liberty. Information about a security vulnerability affecting...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2023-38737)

Summary IBM Storage Protect Operations Center may be affected by vulnerabilities in IBM WebSphere Application Server Liberty such as denial of service caused by sending a specially-crafted request. Vulnerability Details CVEID:CVE-2023-38737 DESCRIPTION: IBM WebSphere Application Server Liberty...

Security Bulletin: Vulnerabilities in cryptography affect IBM Spectrum Sentinel Anomaly Scan Engine (239927)

Summary Vulnerabilities in python cryptography affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerabilities include: Python cryptography allowing remote attacker to overflow a buffer and execute arbitrary code on the system. This bulletin identifies the steps to take to address the...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM® SDK, Java™ Technology Edition is affected by multiple vulnerabilities (CVE-2023-22045, CVE-2023-22049)

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their July 2023 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization -...

Security Bulletin: IBM Spectrum Control is vulnerable to weakness related to Apache Kafka

Summary Vulnerability in Apache Kafka allow a remote authenticated attacker to execute arbitrary code may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-25194 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused b...