5 matches found
CVE-2021-29785
IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID:...
Information disclosure
IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID:...
CVE-2021-29785
IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID:...
CVE-2021-29785
CVE-2021-29785 affects IBM Security SOAR. The root cause is the product’s failure to properly enable HTTP Strict-Transport-Security (HSTS) headers on some endpoints, which could allow an attacker to obtain sensitive information through man-in-the-middle techniques. IBM’s security bulletin confirm...
Security Bulletin: IBM® Security SOAR is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046).
Summary Apache Log4j, a dependency of Elasticsearch as used in IBM® Security SOAR, has known vulnerabilities CVE-2021-45105, CVE-2021-45046. These are addressed by upgrading IBM Security SOAR to the latest build of v42 or latest build of v43. The fix packages include Apache Log4j 2.17...