PT-2023-21475 · Hcl · Hcl Workload Automation

Name of the Vulnerable Software and Affected Versions: HCL Workload Automation versions 9.4 through 10.1 Description: The issue is related to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to expose sensitive information or consume memor...

Oracle Database Server (Apr 2023 CPU)

The 19c and 21c versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory. - Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficul...

Security Bulletin: IBM Workload Scheduler potentially affected by a vulnerability found in Json-smart library (CVE-2023-1370)

Summary IBM Workload Scheduler is potentially affected by a vulnerability found in Json-smart library that can cause a stack exhaustion stack overflow and software crash. Specifically, the following plugins can suffer from this issue: Azure Storage Job Executor, Azure Resource Manager Job Executo...

4 Tips for Better AWS Cloud Workload Security

Discover the challenges of AWS cloud workload security and the various technologies that can alleviate them...

The next wave of multicloud security with Microsoft Defender for Cloud, a Cloud-Native Application Protection Platform (CNAPP)

With digital transformation in the face of macroeconomic pressures, strategies to optimize both cloud environments and cloud security are increasingly appealing to enterprises. Organizations worry about vulnerabilities in code getting deployed, critical misconfigurations, overprivileged access to...

Security Bulletin: IBM Workload Scheduler is vulnerable to XML External Entity Injection (XXE) attack

Summary IBM Workload Scheduler is vulnerable to XML External Entity Injection XXE exploitation while handling uploaded XML configuration files. Vulnerability Details CVEID:CVE-2022-38389 DESCRIPTION: IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injectio...

Security Bulletin: IBM Workload Scheduler is vulnerable to XML External Entity Injection (XXE) attack

Summary IBM Workload Scheduler is vulnerable to XML External Entity Injection XXE exploitation in "Create Job on Broker" page. Vulnerability Details CVEID:CVE-2022-22486 DESCRIPTION: IBM Tivoli Workload Scheduler is vulnerable to an XML External Entity Injection XXE attack when processing XML dat...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Workload Scheduler.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition potentially affect IBM Workload Scheduler. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server...

Security Bulletin: Vulnerability in IBM WebSphere Application Server (CVE-2023-23477) shipped with IBM Workload Scheduler 9.4

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Workload Scheduler, which results in IBM Workload Scheduled being impacted by this vulnerability. IBM WebSphere Application Server traditional is vulnerable to a remote code execution vulnerability. This has been...

Privilege Escalation

github.com/hashicorp/nomad is vulnerable to Privilege Escalation. A remote attacker with the submit-job ACL permission is able to escalate to management-level privileges using the workload identity and task API by submitting a job without ACL policies...

Information Disclosure

github.com/hashicorp/nomad is vulnerable to Information Disclosure. The vulnerability is due to the ACL system failing to block access to sensitive information from remote authenticated attackers because the deny ACL capability could be bypassed exposing the workload's own variables...

GHSA-RQM8-Q8J9-662F Nomad Job Submitter Privilege Escalation Using Workload Identity

Summary A vulnerability was identified in Nomad and Nomad Enterprise “Nomad” such that a user with the submit-job ACL capability can submit a job that can escalate to management-level privileges. This vulnerability, CVE-2023-1299, was introduced in Nomad 1.5.0 and fixed in Nomad 1.5.1. Background...

Nomad Job Submitter Privilege Escalation Using Workload Identity

Summary A vulnerability was identified in Nomad and Nomad Enterprise “Nomad” such that a user with the submit-job ACL capability can submit a job that can escalate to management-level privileges. This vulnerability, CVE-2023-1299, was introduced in Nomad 1.5.0 and fixed in Nomad 1.5.1. Background...

CVE-2023-1299

HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...

CVE-2023-1299

HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...

UBUNTU-CVE-2023-1299

HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...

Denial of service

HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...

CVE-2023-1299

HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...

CVE-2023-1296

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1...

UBUNTU-CVE-2023-1296

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1...