Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Workload Scheduler.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition potentially affect IBM Workload Scheduler. These issues were disclosed as part of the Oracle July 2022 Critical Patch Update. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Workload Scheduler.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition potentially affect IBM Workload Scheduler. These issues were disclosed as part of the Oracle April 2022 Critical Patch Update. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An...

Security Bulletin: IBM Workload Scheduler potentially affected by vulnerability CVE-2022-27664

Summary A Denial of Service vulnerability CVE-2022-27664 has been found in Golang and potentially affects IBM Workload Scheduler 9.5 and IBM Workload Scheduler 10.1 Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http...

Security Bulletin: IBM Workload Scheduler potentially affected by vulnerability CVE-2022-32149

Summary A Denial of Service vulnerability CVE-2022-32149 has been found in Golang and potentially affects IBM Workload Scheduler 9.5 and IBM Workload Scheduler 10.1 Vulnerability Details CVEID:CVE-2022-32149 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input...

Microsoft Security innovations from 2022 to help you create a safer world today

The start of a new year is always a great time for reflection—to be grateful for all we have and the progress security teams have made as well as look ahead to how we can reshape the security landscape. I use this time to think about goals for the future, and to reflect on the highlights,...

Workload Injection

github.com/weaveworks/weave-gitops is vulnerable to workload injection. The library uses an S3 bucket for synchronising files, with no security controls to block unauthorised access in its endpoint, which allows local users on the same machine to see and alter the bucket content...

CVE-2022-23508 GitOps Run allows for Kubernetes workload injection

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses...

Security Bulletin: Vulnerability in IBM WebSphere Application Server (CVE-2022-35282) shipped with IBM Workload Scheduler 9.4

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Workload Scheduler, which results in IBM Workload Scheduled being impacted by this vulnerability. IBM WebSphere Application Server is vulnerable to a server-side request forgery vulnerability. This has been addressed...

Careful Workload Placement Can Create Cloud Cost Savings

Optimizing the cost-effectiveness of cloud infrastructure requires the careful placement of workloads in the environments best suited to their execution...

CVE-2022-38661

HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash...

CVE-2022-38661

HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash...

Code injection

HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash...

Not Every Cloud Is Meant for Every Workload

Understanding which cloud platforms are the best fit for which workloads can maximize your return on investment and your customers’ output...

CVE-2022-3866

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...

Denial of service

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...

UBUNTU-CVE-2022-3866

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...

CVE-2022-3866 Nomad Workload Identity Token Can List Non-sensitive Metadata for Paths Under nomad/

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...

CVE-2022-3866 Nomad Workload Identity Token Can List Non-sensitive Metadata for Paths Under nomad/

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...

CVE-2022-3866

Removed by vendor...

CVE-2022-3866

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...