Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

New Cross-Industry Group Launches Open Cybersecurity Framework

Eighteen companies, led by Amazon and Splunk, announced the OCSF framework to provide a standard way for sharing threat detection telemetry among different monitoring tools and applications.

DARKReading
Open in Source
#web#amazon#apache#js#git#aws#ibm
Ubuntu Security Notice USN-5566-1

Ubuntu Security Notice 5566-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

CVE-2022-38161: BIRDWATCH program: Ghost in the Orlan: demystifying a military drone platform

The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA.

CVE-2022-2457: admin console prone to brute force attack

A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts.

CVE-2022-2458: Possible XML External Entity Injection attack

XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, XML external entity injection lead to External Service interaction & Internal file read in Business Central and also Kie-Server APIs.

CVE-2022-22369: IBM Workload Scheduler denial of service CVE-2022-22369 Vulnerability Report

IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwrite key system files which would cause the system to crash. IBM X-Force ID: 221187.

CVE-2022-22411: IBM Spectrum Scale script injection CVE-2022-22411 Vulnerability Report

IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. IBM X-Force ID: 223016.

CVE-2022-22490: Security Bulletin: IBM Robotic Process Automation is vulnerable to exposure of Azure bot credentials (CVE-2022-22490)

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. IBM X-Force ID: 226342.

CVE-2022-35280: Security Bulletin: IBM Robotic Process Automation is vulnerable to disclosing sensitive information due to improper privilege management for storage provider types (CVE-2022-34338)

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634.

CVE-2022-35715: IBM InfoSphere Information Server information disclosure CVE-2022-35715 Vulnerability Report

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 231202.