EUVD-2014-6069

Malware in sbrugna...

EUVD-2013-5282

Malware in sbrugna...

Locating CVE-related bulletins for your Infrastructure Security product

Question How do you locate CVE-related bulletins for your IBM Infrastructure Security product? Answer Finding all CVEs covered in firmware releases for appliances 1. Access the IBM Support Portal. 2. Under Product finder, enter the name for the product you want to search for. For a list of all th...

Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM QRadar Network Security XGS 7100 appliance (CVE-2016-8106)

Summary A denial of service vulnerability CVE-2016-8106 has been discovered in 40-GbE network interface modules for the IBM QRadar Network Security XGS 7100 appliance. Vulnerability Details CVEID: CVE-2016-8106 DESCRIPTION: Intel Ethernet Controller X710/XL710 is vulnerable to a denial of service...

Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM Security Network Protection XGS 7100 appliance (CVE-2016-8106)

Summary A denial of service vulnerability CVE-2016-8106 has been discovered in 40-GbE network interface modules for the IBM Security Network Protection XGS 7100 appliance. Vulnerability Details CVEID: CVE-2016-8106 DESCRIPTION: Intel Ethernet Controller X710/XL710 is vulnerable to a denial of...

Security Bulletin: IBM Security Network Protection is vulnerable to Cross-Site Scripting. (CVE-2014-6189)

Summary IBM Security Network Protection contains a Cross-Site Scripting vulnerability. Vulnerability Details CVEID:CVE-2014-6189 DESCRIPTION: IBM Security Network Protection is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploi...

Security Bulletin: TLS padding vulnerability affects IBM Security Network Protection (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM Security Network Protection. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive informatio...

Security Bulletin: IBM Security Network Protection is affected by ClickJacking vulnerability CVE-2014-6197

Summary A ClickJacking also known as a "UI redress attack" vulnerability has been discovered in IBM Security Network Protection. Vulnerability Details CVE-ID: CVE-2014-6197 Description: A clickjacking vulnerability in IBM Security Network Protection could allow a remote attacker to hijack the...

Security Bulletin: IBM Security Network Protection is affected by Shell Command Injection vulnerability (CVE-2014-6183)

Summary A Shell Command Injection vulnerability has been discovered in IBM Security Network Protection. Vulnerability Details CVE-ID: CVE-2014-6183 Description: IBM Security Network Protection could allow a remote attacker to execute arbitrary commands on the system. An authenticated attacker cou...

Security Bulletin: Vulnerability in SSLv3 affects Network Protection (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in the IBM Security Network Protection Local Management Interface LMI. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allo...

Security Bulletin: IBM Security Network Protection System CPU Utilization (CVE-2014-0963)

Summary IBM Security Network Protection System is affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: IBM Security Network Protection System is affect...

Security Bulletin: Security Network Protection is affected by a cross-site scripting vulnerability (CVE-2013-5442)

Summary IBM Security Network Protection is affected by a cross-site scripting vulnerability that could be used to impersonate a legitimate user, allowing the impersonator to alter user records, and to perform transactions as that user. Vulnerability Details The IBM Security Network Protection Loc...

IBM Network Security Protection XGS Default Credentials

Nessus was able to login to the remote IBM Network Security Protection XGS device using a known set of default credentials. This allows a remote attacker to gain administrative access to the device. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

IBM Network Security Protection XGS WebUI Detection

Binary data ibmxgswebuidetect.nbin...

IBM Network Security Protection XGS Remote Code Execution (swg21690823) (credentialed attack)

Binary data ibmxgscmdexswg21690823.nbin...

IBM Network Security Protection XGS Remote Code Execution (swg21690823) (credentialed check)

The firmware version installed on the remote IBM XGS appliance does not properly sanitize certain user-supplied inputs which can allow a remote, authenticated attacker to execute shell commands with the privileges of the 'www-data' user via a standard HTTP request. C Tenable Network Security, Inc...

CVE-2014-6183

IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors...

Design/Logic Flaw

IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2014-6183

IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2014-6183

CVE-2014-6183 affects IBM Security Network Protection (XGS) models 3100/4100/5100/7100. A remote authenticated attacker could inject and execute arbitrary shell commands due to a shell command injection vulnerability in firmware ranges 5.1, 5.1.1, 5.1.2, 5.1.2.1, 5.2, and 5.3. Remediation consist...