Security Bulletin: Vulnerability in Node.js request affects IBM Cloud Pak System[CVE-2023-28155]

Summary Vulnerability in Node.js request affects IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side request forgery, caused by a cross-protocol redirect bypass flaw. By sending a specially crafted request, an attacker...

Security Bulletin: Multiple vulnerabilities in IBM Db2 for Linux, UNIX and Windows affect Cloud Pak System (CVE-2022-22389, CVE-2022-22390)

Summary IBM Db2 for Linux, UNIX and Windows is shipped with Cloud Pak System PSM and as PatternType pType . Cloud Pak System has addressed vulnerabilities. Vulnerability Details CVEID:CVE-2022-22389 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to ...

CVE-2022-47701

COMFAST Shenzhen Sihai Zhonglian Network Technology Co., Ltd CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting XSS...

Authentication flaw

COMFAST Shenzhen Sihai Zhonglian Network Technology Co., Ltd CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. Improper authentication allows requests to be made to back-end scripts without a valid session or authentication...

CVE-2022-47698

COMFAST Shenzhen Sihai Zhonglian Network Technology Co., Ltd CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting XSS via the URL filtering feature in the router...

CVE-2022-47699

COMFAST CF-WR623N Router firmware version V2.3.0.1 is affected by an Incorrect Access Control vulnerability (CVE-2022-47699). Root cause: access control error in the firmware. Impact: high severity across confidentiality, integrity, and availability; exploitable over network with no authenticatio...

CVE-2022-47700

The CVE-2022-47700 entry concerns COMFAST CF-WR623N Router firmware versions V2.3.0.1 and earlier, affected by Incorrect Access Control due to improper authentication that allows requests to back-end scripts without a valid session. The vulnerability has a high severity (CVSS v3.1 base score 7.5,...

CVE-2022-47699

COMFAST Shenzhen Sihai Zhonglian Network Technology Co., Ltd CF-WR623N Router firmware V2.3.0.1 is vulnerable to Incorrect Access Control...

PT-2023-15462 · Comfast · Comfast Cf-Wr623N

Name of the Vulnerable Software and Affected Versions: COMFAST CF-WR623N Router firmware version V2.3.0.1 Description: The issue is related to Incorrect Access Control. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents...

CVE-2022-47697

CVE-2022-47697 affects COMFAST CF-WR623N Router firmware versions V2.3.0.1 and earlier. The vulnerability leads to an account takeover by resetting the admin password. The connected sources corroborate the affected product and impact but do not provide a published fix version or patch details. So...

Security Bulletin: Multiple Vulnerabilities in VMware ESXi affect IBM Cloud Pak System (CVE-2021-21994, CVE-2021-21995)

Summary Vulnerabilties in VMware ESXi affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2021-21994 DESCRIPTION: VMware ESXI could allow a remote attacker to bypass security restrictions, caused by improper authentication in SFC...

Security Bulletin: Vulnerability in jackson-databind shipped with IBM Cloud Pak System

Summary Vulnerabilitiy identified in jackson-databind shipped with IBM Cloud Pak System. IBM Clous Pak System addresssed vulnerabilities. Vulnerability Details CVEID: CVE-2020-24616 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caus...