CVE-2022-23120

A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in...

CVE-2022-23119

CVE-2022-23119 affects Trend Micro Deep Security and Cloud One – Workload Security Agent for Linux (DS Agent) version 20 and earlier. The vulnerability is a directory traversal flaw in the agent/DSM workflow that could allow an attacker to read arbitrary files from the file system. Exploitation r...

CVE-2022-23119

A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security...

Security Bulletin: Vulnerability in Java Batch affects WebSphere Application Server Liberty (CVE-2021-20492)

Summary WebSphere Application Server Java Batch is vulnerable to an XML External Entity Injection XXE vulnerability. This has been addressed. Vulnerability Details CVEID: CVE-2021-20492 DESCRIPTION: IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML...

The vulnerability of the IBM Tivoli Workload Scheduler software arises from buffer overflows in the stack, allowing attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the IBM Tivoli Workload Scheduler software arises from buffer overflows in the stack. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44832) shipped with IBM Workload Scheduler

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Workload Scheduler, which results in IBM Workload Scheduled being impacted by this vulnerability. Information about security vulnerabilities affecting WAS have been published in security bulletins, and IBM recommends th...

Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Workload Scheduler (CVE-2021-4104, CVE-2021-45046)

Summary This bulletin provides information for addressing the Apache Log4j vulnerabilities CVE-2021-4104, CVE-2021-45046 in IBM Workload Scheduler by remediating the vulnerabilities in IBM WebSphere Application Server WAS and IBM WebSphere Application Server Liberty. Vulnerability Details Refer t...

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-45105) affects IBM Workload Scheduler 9.5

Summary Apache Log4j 2.16, that is affected by CVE-2021-45105, is installed with IBM Workload Scheduler 9.5.0.5 in jdbc driver for informix/Onedb rdbms. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect fro...

Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228) shipped with IBM Workload Scheduler

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Workload Scheduler, which results in IBM Workload Scheduled being impacted by this vulnerability. Information about security vulnerabilities affecting WAS have been published in security bulletins, and IBM recommends th...

CVE-2021-36779

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3...

Authentication flaw

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3...

HTCondor has unspecified vulnerabilities

HTCondor is a workload management system. HTCondor has a security vulnerability that could be exploited by an attacker to take control of other users' jobs or read secrets from their data...

IBM Spectrum Protect Plus Information Disclosure Vulnerability (CNVD-2022-05087)

IBM Spectrum Protect Plus is a data protection platform from IBM USA. The platform provides enterprises with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes.IBM Spectrum Protect Plus has a security vulnerability...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Cloud One - Workload Security Log4Shell This repo contains a q...

Stay Ahead of Threats With Cloud Workload Protection

When it comes to cloud-native applications, optimal security requires a modern, integrated, and automated approach that starts in development and extends to runtime protection. Cloud workload protection CWP helps make that goal possible by bringing major structural changes to software development...

IBM Spectrum Protect Plus 信任管理问题漏洞

IBM Spectrum Protect Plus is a data protection platform from IBM USA. The platform provides enterprises with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes.IBM Spectrum Protect Plus has a security vulnerability...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

CVE-2021-40860

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution IWD before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the qlexpression parameter, with which all data in the database can be extracted and OS command execution is possible...

Genesys Intelligent Workload Distribution SQL注入漏洞

Genesys Intelligent Workload Distribution Iwd is an application from Genesys, Inc. It can be used with the Genesys Customer Interaction Management Cim platform to assign tasks to the resources best suited to handle them. A SQL injection vulnerability exists in Genesys Intelligent Workload...