Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-4690: Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2021-20377, CVE-2020-4690)

IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.

CVE

Related news

CVE-2021-29735: Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting in Guardium STAP vulnerability

IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Cloud Data Security Startup Launches

TrustLogix aims to streamline and simplify data governance in the cloud.

Privacy Management for Microsoft 365 Now Generally Available

The tool is designed to automatically discover personal data in organizations' Microsoft 365 environments.

CVE-2021-29912: IBM X-Force Exchange

IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.

CVE-2021-29912: IBM Security Risk Manager on CP4S cross-site scripting CVE-2021-29912 Vulnerability Report

IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.

SonicWall Secures Mix of Cloud, Hybrid and Traditional Networks

Company’s virtual offerings, cloud services match with on-premises deployments to solve real-world security challenges for SMBs, enterprises, governments, and MSSPs.

CVE-2021-38862: IBM X-Force Exchange

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980.

CVE-2021-38915: Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.

CVE-2021-38862: IBM Data Risk Manager information disclosure CVE-2021-38862 Vulnerability Report

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980.

CVE-2021-20561: IBM Sterling File Gateway cross-site scripting CVE-2021-20561 Vulnerability Report

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230.

CVE-2021-20481: Security Bulletin: Cross-Site Scripting Vulnerability Affects IBM Sterling File Gateway (CVE-2021-20481)

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197503.

CVE-2021-29908: Security Bulletin: IBM Virtualization Engine TS7700 Management Interface (CVE-2021-29908)

The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747.

CVE-2021-38925: Security Bulletin: Weaker Cryptographic Algorithm Vulnerability Affects IBM Sterling B2B Integrator (CVE-2021-38925)

IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171.

CVE-2021-29836: Security Bulletin: Cross-Site Scripting Vulnerablity Affects the Dashboad UI of IBM Sterling B2B Integrator (CVE-2021-29836)

IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204912.

CVE-2021-29764: IBM Sterling B2B Integrator Standard Edition cross-site scripting CVE-2021-29764 Vulnerability Report

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 202268.

CVE-2021-29855: IBM Sterling B2B Integrator Standard Edition cross-site scripting CVE-2021-29855 Vulnerability Report

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205684.

Misconfigured Apache Airflow Platforms Threaten Organizations

Security researchers found thousands of credentials for popular cloud-hosted services exposed on insecure instances of the popular workflow management technology.

CVE-2021-20554: IBM Sterling Order Management cross-site scripting CVE-2021-20554 Vulnerability Report

IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199179.

CVE-2021-20554: IBM X-Force Exchange

IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199179.

CVE-2021-29894: IBM X-Force Exchange

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320.

CVE-2021-41299: TWCERT/CC台灣電腦網路危機處理暨協調中心-ECOA BAS controller - Use of Hard-coded Credentials

ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in.

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor

Microsoft is warning that the Nobelium APT is compromising single-sign-on servers to install a post-exploitation backdoor that steals data and maintains network persistence.

Cloudflare Ventures into Simplifying Email Security

The company adds complex email security technologies — including the alphabet soup of SPF, DKIM, and DMARC — as part of its service.

CVE-2021-20484: Security Bulletin: Cross-Site Scripting Vulnerability Affects IBM Sterling File Gateway (CVE-2021-20484)

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197666.

CVE-2021-20484: Security Bulletin: Cross-Site Scripting Vulnerability Affects IBM Sterling File Gateway (CVE-2021-20484)

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197666.

CVE-2020-4690: Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2021-20377, CVE-2020-4690)

IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.

CVE-2021-38899: Security Bulletin: IBM Cloud Pak for Data could allow a local user with special privileges to obtain highly sensitive information

IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575.

OMIGOD: Azure Users Warned of Critical OMI Vulnerabilities

Security researchers share the details of four flaws in Open Management Infrastructure, which is deployed on a large number of Linux virtual machines in Azure.

CVE-2021-29750: Security Bulletin: IBM QRadar SIEM is vulnerable to using weaker than expected cryptographic algorithms (CVE-2021-29750)

IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201778.

ECOA Building Automation System Hard-coded Credentials SSH Access

The BAS controller is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device.

CVE-2021-20562: Security Bulletin: XSS Security Vulnerabilty Affects Mailbox UI of IBM Sterling B2B Integrator (CVE-2021-20562)

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199232.

CVE-2021-20511: IBM Security Verify Access Docker information disclosure CVE-2021-20511 Vulnerability Report

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300.

CVE-2021-20496: IBM Security Verify Access Docker security bypass CVE-2021-20496 Vulnerability Report

IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907