179 matches found
The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
...
Security Bulletin: Multiple security vulnerabilities have been Identified In Jackson Databind library shipped with IBM Global Mailbox
Summary Multiple security vulnerabilities have been Identified In Jackson Databind library shipped with IBM Global Mailbox Vulnerability Details CVEID: CVE-2020-8840 DESCRIPTION: An unspecified error with the lack of certain xbean-reflect/JNDI blocking in FasterXML jackson-databind has an unknown...
CVE-2020-4367
IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001...
CVE-2020-4350
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424...
Security Bulletin: A Security vulnerability in Apache Tomcat used by Rational Build Forge (CVE-2017-15706)
Summary There is a potential security vulnerability in the Apache Tomcat used by Rational Build Forge. Vulnerability Details CVEID: CVE-2017-15706 DESCRIPTION: Apache Tomcat could provide weaker than expected security, caused by the incorrect documentation of the CGI search algorithm used by the...
Security Bulletin: Multiple Security Vulnerabilities in Expat affect IBM Netezza Analytics
Summary Expat vulnerabilities were disclosed August and September 2016. Expat is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2012-6702 DESCRIPTION: Expat, when used in a parser that has not called XMLSetHashSalt or passe...
DEBIAN-CVE-2019-15941
OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the...
UBUNTU-CVE-2019-15941
OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the...
Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities
Summary IBM Security Privileged Identity Manager has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-1137 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive...
Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple IBM WebSphere Application Server vulnerabilities(CVE-2017-1137, CVE-2018-1567, CVE-2017-1194)
Summary IBM Security Privileged Identity Manager has addressed the following vulnerabilities related to IBM WebSphere Application Server. Vulnerability Details CVEID: CVE-2018-1567 DESCRIPTION: IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code through th...
PT-2019-16931 · Ibm · Ibm Security Access Manager
Name of the Vulnerable Software and Affected Versions: IBM Security Access Manager versions 9.0.1 through 9.0.6 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: Fo...
Friday Squid Blogging: Climate Change Could be Good for Squid
Basically, they thrive in a high CO2 environment, because it doesn't bother them and makes their prey weaker. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Security Bulletin: Weaker than expected security in WebSphere Application Server (shipped with Jazz for Service Management) with SP800-131 transition mode (CVE-2018-1996)
Summary There is a potential for weaker than expected security in WebSphere Application Server with SP800-131 transition mode and SSLTLSv2. Vulnerability Details CVEID: CVE-2018-1996 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security, caused by the improper...
Security Bulletin: Weaker than expected security in WebSphere Application Server with SP800-131 transition mode shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2018-1996).
Summary WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager SKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the Security Bulletin: Weake...
Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud
Summary There are multiple security vulnerabilities that affect the IBM WebSphere Application Server in the IBM Cloud. There is a timing window where there could be a privilege escalation vulnerability in WebSphere Application Server. There is a potential remote code execution vulnerability in...
Security Bulletin: IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect for Virtual Environments allow legacy SSL/TLS protocols and ciphers to be used (CVE-2018-1545)
Summary The IBM Spectrum Protect formerly Tivoli Storage Manager Client and IBM Spectrum Protect for Virtual Environments formerly Tivoli Storage Manager for Virtual Environments, allow legacy SSL/TLS protocols and ciphers to be used. This can result in the use of weaker than expected cryptograph...
Security Bulletin: Vulnerabilities in OpenSSL affect MegaRAID Storage Manager
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by MegaRAID Storage Manager. MegaRAID Storage Manager has addressed the applicable CVEs...
Security Bulletin: Vulnerabilities in OpenSSL affect MegaRAID Storage Manager
Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by MegaRAID Storage Manager. MegaRAID Storage Manager has addressed the applicable CVEs. Vulnerability Details Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL...
Security Bulletin: Multiple Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Tivoli Access Manager for e-business
Summary IBM WebSphere Application Server is shipped as a component of Tivoli Access Manager for e-business. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in Security Bulletins. Vulnerability Details Consult the security bulletins listed...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway
Summary IBM WebSphere Application Server is shipped as a component of IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server have been published in security...