Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-20435: Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Bridge (CVE-2021-20434, CVE-2021-38864, CVE-2021-20435)

IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355.

CVE

Related news

CVE-2020-4160: IBM QRadar Network Security information disclosure CVE-2020-4160 Vulnerability Report

IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174340.

Update now! Mozilla fixes security vulnerabilities in Firefox 94

Mozilla has issued patches for several vulnerabilities in the Firefox browser. We discuss some of the high impact issues. Categories: Exploits and vulnerabilities Tags: cloud clipboard cve-2021-38504 cve-2021-38505 cve-2021-38506 cve-2021-38507 firefox memory safety bugs mozilla QR code xslt *( Read more... ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/11/update-now-mozilla-fixes-security-vulnerabilities-in-firefox-94/ ) )* The post Update now! Mozilla fixes security vulnerabilities in Firefox 94 appeared first on Malwarebytes Labs.

CVE-2021-20526: Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 198755.

Microsoft Oct. Patch Tuesday Squashes 4 Zero-Day Bugs

Microsoft's October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is an actively exploited zero-day.

CVE-2020-4654: Security Bulletin: Access Control Vulnerability Affects the User Interface of IBM Sterling File Gateway (CVE-2020-4654)

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090.

CVE-2021-20552: Security Bulletin: Information Disclosure Vulnerabilty Affects IBM Sterling File Gateway User Interface (CVE-2021-20552)

IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170.

CVE-2021-20584: Security Bulletin: Access Control Vulnerability Affects Myfilegateway User Interface of IBM Sterling File Gateway (CVE-2021-20584)

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397.

CVE-2021-29700: Security Bulletin: Informaton Disclosure Vulnerability Affects the Dashboard User Interface of IBM Stelring B2B Integrator (CVE-2021-29700)

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656.

CVE-2021-20375: Security Bulletin: Access Security Control Vulnerability Affects IBM Sterling File Gateway (CVE-2021-20375)

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567.

CVE-2021-20376: Security Bulletin: Access Control Vulnerability Affects IBM Sterling File Gateway (CVE-2021-20376)

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568.

CVE-2021-29761: Security Bulletin: Access Control Vulnerabilities Affects the Dashboard User Interface of IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. IBM X-Force ID: 202265.

CVE-2021-29758: Security Bulletin: Access Control Vulnerabilities Affects the Dashboard User Interface of IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to perform actions that they should not be able to access due to improper access controls. IBM X-Force ID: 202169.

CVE-2021-29903: Security Bulletin: SQL Injection Vulnerability Affects B2B API of IBM Sterling B2B Integrator (CVE-2021-29903)

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506.

CVE-2021-29798: Security Bulletin: SQL Injection Vulnerability Affects Docker Container of IBM Sterling B2B Integrator (CVE-2021-29798)

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734.

CVE-2021-29760: Security Bulletin: Access Control Vulnerabilities Affects the Dashboard User Interface of IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213.

Apple Patches Zero-Days in iOS, Known Vuln in macOS

One of the iOS vulnerabilities was discovered by Citizen Lab; the Google Threat Analysis Group reported iOS and macOS flaws.

CVE-2021-20563: IBM Sterling File Gateway information disclosure CVE-2021-20563 Vulnerability Report

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a specially crafted request, the user could disclose a valid filepath on the server which could be used in further attacks against the system. IBM X-Force ID: 199234.

CVE-2021-38864: IBM Security Verify Bridge information disclosure CVE-2021-38864 Vulnerability Report

IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. IBM X-Force ID: 208155.

CVE-2020-4941: IBM Edge information disclosure CVE-2020-4941 Vulnerability Report

IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941.

CVE-2021-20377: Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2021-20377, CVE-2020-4690)

IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.

CVE-2021-20435: Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Bridge (CVE-2021-20434, CVE-2021-38864, CVE-2021-20435)

IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355.

CVE-2021-20485: Security Bulletin: Information Disclosure Vulnerabilities Affect IBM Sterling B2B File Gateway User Interface (CVE-2021-20485, CVE-2021-20563)

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667.

CVE-2021-20377: Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2021-20377, CVE-2020-4690)

IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.

CVE-2021-33693: SAP Security Patch Day – August 2021 - Product Security Response at SAP - Community Wiki

SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution.

CVE-2021-33694: SAP Security Patch Day – August 2021 - Product Security Response at SAP - Community Wiki

SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting.

CVE-2021-20433: Security Bulletin: IBM Security Guardium is affected by an Information Exposure vulnerability

IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345.

CVE-2021-29773: Security Bulletin: IBM Security Guardium is affected by the following vulnerabilities ( CVE-2021-29773, CVE-2021-2161)

IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 202865.

CVE-2021-20508: IBM Security Secret Server information disclosure CVE-2021-20508 Vulnerability Report

IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322.

CVE-2021-20569: IBM Security Secret Server information disclosure CVE-2021-20569 Vulnerability Report

IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243.

Apple Patches Zero-Days in iOS 14.8 Update

An important security update addresses vulnerabilities in CoreGraphics and WebKit that may have been actively exploited.

CVE-2021-20499: IBM Security Verify Access Docker information disclosure CVE-2021-20499 Vulnerability Report

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973

CVE-2021-20500: IBM Security Verify Access Docker information disclosure CVE-2021-20500 Vulnerability Report

IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.

CVE-2021-20511: IBM Security Verify Access Docker information disclosure CVE-2021-20511 Vulnerability Report

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300.

CVE-2021-20497: IBM Security Verify Access Docker information disclosure CVE-2021-20497 Vulnerability Report

IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969

CVE-2021-20498: IBM Security Verify Access Docker information disclosure CVE-2021-20498 Vulnerability Report

IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requets that could be used in further attacks against the system. IBM X-Force ID: 197972.

CVE-2021-20496: IBM Security Verify Access Docker security bypass CVE-2021-20496 Vulnerability Report

IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966.

CVE-2019-3588: McAfee Security Bulletin - VirusScan Enterprise update fixes three vulnerabilities (CVE-2019-3585, CVE-2019-3588, and CVE-2020-7280)

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.

CVE-2019-3585: McAfee Security Bulletin - VirusScan Enterprise update fixes three vulnerabilities (CVE-2019-3585, CVE-2019-3588, and CVE-2020-7280)

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907