IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID: 252292.

CVE-2023-30436: IBM Security Guardium cross-site scripting CVE-2023-30436 Vulnerability Report

IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  252291.

CVE-2023-30435: IBM Security Guardium cross-site scripting CVE-2023-30435 Vulnerability Report

IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request.  IBM X-Force ID:  252293.

  

**Summary**

IBM Security Guardium has addressed the following vulnerabilities.

**Vulnerability Details**

**CVEID:**   CVE-2023-30437  
**DESCRIPTION:**   IBM Security Guardium could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252293 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

**CVEID:**   CVE-2023-30436  
**DESCRIPTION:**   IBM Security Guardium is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  
CVSS Base score: 5.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252292 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L)

**CVEID:**   CVE-2023-30435  
**DESCRIPTION:**   IBM Security Guardium is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  
CVSS Base score: 8.9  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252291 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L)

**Affected Products and Versions**

**Affected Product(s)**

**Version(s)**

IBM Security Guardium

11.3

IBM Security Guardium

11.4

IBM Security Guardium

11.5

**Remediation/Fixes**

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

The vulnerability was reported to IBM by Dawid Bakaj & Michał Brzezicki.

**Change History**

23 Aug 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"11.3, 11.4, 11.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}\]

CVE-2023-30437: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-30435, CVE-2023-30436, CVE-2023-30437)

By Habiba Rashid
The Metropolitan Police Force faces a major security crisis as the contractor's IT system is breached.
This is a post from HackRead.com Read the original post: IT Contractor Data Breach Affects 47,000 Met Police Personnel

**key findings**

*   **The data breach exposed the personal information of all 47,000 Met Police officers and staff, including names, photographs, ranks, vetting levels, and identification numbers.**

*   **The data breach was caused by a cyber attack on the IT systems of a contractor responsible for printing warrant cards and staff passes.**

*   **The National Crime Agency (NCA) has been called in to investigate the data breach, as fears mount that organized criminal networks or even terrorists could exploit the stolen data.**

*   **High-ranking officials and officers involved in top-secret operations have been affected by the breach, including Commissioner Sir Mark Rowley and Deputy Commissioner Dame Lynne Owens.**

*   **The breach has raised questions about the security of law enforcement agencies across the UK and has led to calls for improved data security measures.**

The Metropolitan Police Force is currently dealing with an extensive data breach involving the personal information of its officers and staff. The breach has exposed the details of all 47,000 personnel, raising concerns about their safety and operational integrity.

The data breach was discovered after cybercriminals penetrated the IT systems of a contractor responsible for printing warrant cards and staff passes, and has left the Metropolitan Police Force on high alert.

The compromised information encompasses a range of sensitive data, including personnel names, photographs, ranks, vetting levels, and identification numbers. While personal details like addresses, phone numbers, and financial information were not accessed, the data breach has nevertheless sparked widespread concerns about the potential misuse of the exposed data.

Rick Prior, the vice-chair of the Metropolitan Police Federation, expressed deep concern over the breach, highlighting the vulnerability that the force’s officers and staff now face. Prior emphasized the crucial role that these personnel play in maintaining public safety and apprehending criminals, making the security of their personal information paramount.

While home to some of the best cybersecurity companies in the world, the state of cybersecurity in the country and employee training is becoming questionable with each passing day. In 2021, UK Police mistakenly deleted 150,000 arrest records due to a software glitch. The deleted data also included DNA and fingerprint records.

> “To have their personal details leaked out into the public domain in this manner will cause colleagues incredible concern and anger. We share that sense of fury… this is a staggering security breach that should never have happened.”
> 
> Rick Prior – Metropolitan Police Federation

The breach has far-reaching implications beyond just personal information exposure. The National Crime Agency (NCA) has been called in to investigate, as fears mount that organized criminal networks or even terrorists could exploit the stolen data.

The breach’s severity becomes evident as it’s revealed that even high-ranking officials and officers involved in top-secret operations have been impacted. Names such as Commissioner Sir Mark Rowley and Deputy Commissioner Dame Lynne Owens are among those affected.

Counter-terrorism units and officers assigned to protect the Royal Family have also fallen victim to this data breach, amplifying anxieties about potential threats arising from the compromised data.

The gravity of the situation is underscored by the possibility of undercover officers having to be withdrawn from ongoing operations due to compromised identities, potentially undermining critical police work.

This breach follows a series of similar incidents affecting law enforcement agencies across the UK. Just recently, data on 10,000 Northern Ireland police personnel was inadvertently disclosed, further highlighting the urgent need for improved data security measures across the board.

The situation has drawn sharp criticism from experts like ex-Met commander John O’Connor, who called the data breach “utterly outrageous.”

1.  Hackers can manipulate Police body cam footages
2.  D.C. Police Department suffers ransomware attack
3.  Ukraine National Police website down after hacker intrusion
4.  Hackers leak 296 GB worth of data from US Police & Fusion centers
5.  Police lose evidence to Ryuk ransomware attack; suspects walk free

IT Contractor Data Breach Affects 47,000 Met Police Personnel

A ramshackle team of American scientists scrambled to decode the Nazi cipher before the time ran out. Luckily, they had a secret weapon.

“What am I supposed to see?” Krutzler asks, staring at his screen and bouncing his knee like he has a baby on it. His T-shirt reads “Defense Nuclear Weapons School.”

“You’re supposed to see a little ladder,” explains Koeth. “Like DNA strands.”

A few minutes go by before the transmission begins again. This time, it sounds a bit different. Koeth gives the thumbs up. Holly Wilson, a student of Koeth’s who graduated with a bachelor’s in physics in 2023, gets enlisted to transcribe the code into a yellow-lined legal pad. She’s wearing a faded Fleetwood Mac T-shirt and has a massive tattoo of an octopus wrapping her arm. Wilson writes down OKTOBER 7 and DBK WSE before the signal fades.

“That’s it, that’s it!” shouts Koeth. He consults the page from the German Army Staff Machine Key Number 28 book, provided by MRHS in a link on its website. He’ll need to obtain the key setting for the Enigma machine, the first step in decoding the message. The team has been at it for almost an hour.

At last, Koeth opens the wood cover of the Enigma. Although it’s possible to purchase one for between $300,000 to $500,000, Koeth received his as a loan from a collector in California, a WWII buff who has an exact replica of Little Boy, the atomic bomb dropped on Hiroshima, in his backyard. (Ensuing calls from concerned neighbors.)

Koeth’s own workplace might be cause for similar concern. A faculty member at UMD since 2009, his second-floor office holds an impressive collection of radiological antiquities such as Fiestaware, Vaseline glass, and, under lock and key, some Lone Ranger Atomic Bomb Rings, cereal prizes from the 1950s that contained a small amount of polonium 210.

Koeth removes two rotors from the machine, turns one to 6 and the other to 12, and plops them back inside.

“We gotta do the plugboard next,” Koeth announces before closing the lid. He begins to plug and unplug a series of tubes in a way that recalls Ernestine, Lily Tomlin’s immortal phone operator.

“No wonder the Germans lost the war,” says Larry Westrick, an electrical engineer from Opelika, Alabama. “It takes too long to communicate.”

Luckily, tenacity is part of Koeth’s job description. When he was 10, Koeth laid out plans to build a nuclear reactor in his parents’ basement in Piscataway, New Jersey.

Next, entering the code in cyphertext, Koeth pushes some of Enigma’s buttons, which in turn moves the rotors like the inner workings of a clock; a lampboard lights up a corresponding letter in plaintext. “It’s a guessing game,” he says, turning quiet. “Just think,” he says after a while, “they had to do this every day.”

Krutzler, Westrick, and a few newcomers gather around Koeth and his machine. There are 100 letters in the message and so far, none of them seem to make any sense.

“Something is wrong,” they say in unison. A joke goes around that the secret message is “Drink more Ovaltine.”

Koeth refers to a set of instructions. “Basically, you key in the first set of letters, and they should match the second set of letters. Which they don’t.”

The Low-Stakes Race to Crack an Encrypted German U-Boat Message

An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf.

1 Year Warranty

Wireless

Wi-Fi Compatible

•    Have you ever dreamt of controlling your homes lighting and appliances remotely?  
•    Have you ever wanted to turn your homes lights and appliances off and activate your security system with the touch of one button?  
•    Have you ever been on holidays and wanted to check on your home via video and be updated via Email of any events?

**Security Alarm Function**  
•    Real Time / Emergency Notifications Via email  
•    Home Automation Control Timers, scene control, remote operation  
•    Video Surveillance IP cameras support for live video monitoring  
•    Cost Effective True wireless connectivity  
•    Easy Installation DIY simple installation

 **Security**  
Fully secure your home with the LA-5570 Wireless Gateway. Featuring a wide range of wireless accessories such as door and window switches, PIR motion detectors and smoke detectors.  You can easily build up a fully secure home environment to protect your home, family and property. Use either the wireless digital pulse input or the analogue input modules to connect a range of hard wired security sensors.  

**Real Time Event / Emergency Notification**  
The LA-5570 Wireless Gateway provides real time email notification allowing you to be immediately informed of a break in or panic notification.

**Automation**  
Your LA-5570 Wireless Gateway is more than a fancy security system.  It offers total control of your home appliances, lighting and power outlets. The LA-5570 can control your entire home allowing you to monitor and control appliances remotely via your iPhone or web browser.

Have you ever forgotten to turn off the iron?  Now you can simply pick up your phone and switch of the appliances off from anywhere in the world. Going on holidays?  Your LA-5570 can turn on and off lighting at various times so that it appears someone is at home. When you are at home and want to sit down and enjoy a movie on the big screen, at the press of a button, the lights will dim, the popcorn machine turns on and the movie begins.

**Video Surveillance**  
Need to check on the dog? Make sure the teenagers are behaving while out to dinner? Through the Web user interface or you iPhone you can easily monitor and control your IP cameras, allowing you to easily monitor live video footage of your home anytime anywhere.

**Cost Effective**  
Most professional home automation systems require your home to be pre wired costing many thousands of dollars just for the install! But with the LA-5570 Wireless Gateway, it can offer you  the same level of functionality and its all DIY! The system uses premium wireless technologies such as Wi-Fi, ZigBee® technologies to provide a very cost effective DIY solution.

**Easy Install**  
The system uses premium wireless technologies such as Wi-Fi and ZigBee® connecting all the devices such as the door sensors, PIR movement detectors, smoke detectors, temperature monitor, plug in appliance switch all remotely without wires . Providing a very cost effective, DIY solution.

CVE-2023-34723: Wireless Gateway Home Automation Controller

Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations.

**Find out whether your website is down**

Our free reachability tool gives you immediate insight into the availability of your website. All you have to do is enter the URL you would like to check. Our tool then tests your website to see whether visitors can easily access it.

**Identify what is causing the problem**

The results are displayed immediately. They help you verify whether your website is accessible, and if not - what is causing the problem.

*   You receive a status code and explanation (for example: ‘Everything is OK. HTTP 200’).
*   The results will also show you the response time, which is how long it took your website to respond (for example: ‘response time : 166.40223400000002 ms’).
*   We automatically check whether your connection is secure (for example: ‘SSL certificate is valid’).

These details help you understand whether issues are being caused by your server, a failing security certificate or something else entirely.

**How to interpret the HTTP status code**

When there is an issue with your website, the HTTP status code will help you understand what is going on. It is impossible to list all HTTP status codes here, but we can help you interpret the main ones.

Every status code belongs to one of five categories.

*   The ones that start with 1 are informative.
*   Status codes that begin with 2 indicate that there was no problem reaching the server. (That is why the ideal status code is 200).
*   An HTTP status code that starts with 3 indicates a redirection. For example, if you want to redirect visitors of your old web domain to the new one automatically. If that redirection is not working correctly, you will get an HTTP 3 status code.
*   The 400 range usually means that something went wrong processing the request. The most famous one is the 404-Not Found status code, which indicates that the page you are trying to find does not exist.
*   A status code that starts with a 5 is a server\-related error.

Need more help interpreting your HTTP status code? We collected a list of most common error HTTP status codes in our How-To section.

**What if the tool says that your connection is not secure?**

The connection between your web server and your web browser should be encrypted for security reasons. If you comply with this requirement, an HTTPS certificate (also called an SSL certificate) is attached to the domain to let visitors know that the connection is secure. But just like any certificate, an SSL certificate has an expiration date. If the reachability tool tells you that your connection is not secure or that you have HTTP issues, you should verify the validity and status of your HTTPS certificate.

Want to know more about HTTPS/SSL? Read about it in our blog.

**What if the tool confirms that your website _is_ down?**

If the reachability tool confirms that your website is down and returns an error code, there are some steps you can take:

*   Check the website of your>hosting company. If their website is not loading, the issue might be on their end. Their power might be down, or their network is having problems.
*   Check their status page if they have one. If they are having issues, this is the page where they will publish all the updates.

**What if the tool claims that your website _is not_ down?**

What if a site is down for you but not for our tool? Then the problem is local and probably not all users are affected. This knowledge helps you narrow down the cause:

*   Maybe your device is not working properly or there is something going on with your settings.
*   Try restarting your computer.
*   Try a different browser.
*   Open the URL on a different device, for example, your smartphone instead of your laptop.
*   Use a different network, like your mobile network (3G/LTE) or a different Wi-Fi network.

Need more detailed instructions? We created an easy checklist to help you figure out your next move.

**Why we check the availability from multiple locations**

Our reachability tool checks the availability of your website from 4 different locations: New York, San Francisco, Frankfurt and Amsterdam. Testing from multiple locations is important because your site might be fast on one side of the world, but slow or offline somewhere else. For example, your website might be hosted on multiple servers on different locations through a geo-optimised CDN. Then the content will run on the server location that is closest to the end user, to give your users the best possible experience. A different server means a different connection and possibly a different status code. By testing your website via multiple locations, we check the reachability on all the servers.

**Why checking once is not enough**

This free reachability tool is an excellent way to get a quick answer to the question 'Is my website down right now?' But in reality, you want to know the status of your website all the time. That is where Semonto comes in. Semonto is a monitoring tool that watches your website 24/7 and notifies you immediately of any issues. This way, you can fix them before anyone notices. Why not try it for yourself? We have a 14-day free trial period. No credit card required. Get started for free.

CVE-2023-41121: Free Website Reachability Check | Semonto

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.

The vulnerability is limited to the ROOT (default) web application.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2023-41080

**Apache Tomcat Open Redirect vulnerability**

High severity GitHub Reviewed Published Aug 25, 2023 to the GitHub Advisory Database • Updated Aug 25, 2023

**Package**

maven org.apache.tomcat:tomcat (Maven)

**Affected versions**

\>= 11.0.0-M1, < 11.0.0-M11

\>= 10.1.0-M1, < 10.1.13

\>= 9.0.0-M1, < 9.0.80

\>= 8.5.0, < 8.5.93

**Patched versions**

11.0.0-M11

10.1.13

9.0.80

8.5.93

**Description**

Published to the GitHub Advisory Database

Aug 25, 2023

Last updated

Aug 25, 2023

GHSA-q3mw-pvr8-9ggc: Apache Tomcat Open Redirect vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.

The vulnerability is limited to the ROOT (default) web application.

**Email display mode:**

Modern rendering  
Legacy rendering

CVE-2023-41080

Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.


**CVE-2023-2906: Wireshark CP2179 Parsing Divide By Zero DoS**

AHA! has discovered a deinal-of-service issue with \[Wireshark\] from The Wireshark Foundation, and is issuing this disclosure in accordance with AHA!’s standard disclosure policy today, on Thursday, August 24, 2023. CVE-2023-2906 has been assigned to this issue.

Any questions about this disclosure should be directed to **\[email protected\]**.

**Executive Summary**

Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. CVE-2023-2906 appears to be an instance of \[CWE-369\]. Note that, according to the patch notes, this effect can only be achieved when a user triggers the vulnerable code patch with the “Decode As…” functionality of Wireshark (or the -d option for tshark), so this vulnerability is unlikely to be triggerable in an automated way.

**Technical Details**

As can be seen in the below code from the dissect_response_frame function which handles parsing the different types of response frames as part of the SCADA protocol, PG&E 2179 Protocol.

When parsing a TIMETAG_INFO_RESPONSE message, a call is made to the Wireshark function tvb_get_guint8() (on line 723) which retrieves an 8 bit value from the pcap file. If a 0 value is provided within the TIMETAG_INFO_RESPONSE message for the value, a divide by zero error occurs (on line 724).

The relevant code snippet from epan/dissectors/packet-cp2179.c is:

     718                 case TIMETAG_INFO_RESPONSE:
     719                 {
     720                     proto_tree_add_item(cp2179_proto_tree, hf_cp2179_timetag_moredata, tvb, offset, 1, ENC_LITTLE_ENDIAN);
     721                     proto_tree_add_item(cp2179_proto_tree, hf_cp2179_timetag_numsets, tvb, offset, 1, ENC_LITTLE_ENDIAN);
     722 
     723                     num_records = tvb_get_guint8(tvb, offset) & 0x7F;
     724                     recordsize = (numberofcharacters-1) / num_records;
     725                     num_values = (recordsize-6) / 2;      /* Determine how many 16-bit analog values are present in each event record */
     726 
     727                     offset += 1;
    

**Payload**

A base64-encoded blob containing the pcap needed to trigger the vulnerability is provided below:

    1MOyoQIABAAAAAAAAAAAAP9/AAD6AAAAAAAAAAAAAAAMAAAADAAAAAMAAAADAAAAAAAAAAAAAAAA
    AAAAFAAAABQAAAABAAAAAQAAAAEAAAD5/wAAAAAAAAAAAAAAAAAADAAAAAwAAAADAAAAAwAAAAMA
    AAAAAAAAAAAAAAwAAAAMAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAVAAAAFQAAAAMAAAADAAAAAgAA
    APn/BACAAAAAAAAAAAAAAAAADAAAAAwAAAADAAAAAwAAAAQAAAA=
    

**Attacker Value**

By providing this poisoned set of packets, an attacker could crash the application (Wireshark, tshark, or possibly a custom application utilizing libwireshark) preventing further analysis. Many security appliances capture packets as a matter of course for later analysis, and Wireshark is a common tool used by incident responders. This leads to situations where a specially crafted packet could be used to prevent best incident response practices from taking place.

**Credit**

This issue is being disclosed through the AHA! CNA and is credited to: zenofex and WanderingGlitch

**Timeline**

*   2023-05-23 (Thu): Initial findings presented at AHA! Meeting 0x00c8
*   2023-07-08 (Sat): PoC validated and this disclosure drafted.
*   2023-07-17 (Mon): Disclosed to the vendor via email at \[email protected\] (per the vendor website).
*   2023-07-23 (Sun): Vendor acknowledged the vulnerability in issue 19229.
*   2023-08-23 (Wed): Vendor released fixed version 4.0.8.
*   2023-08-24 (Thu): Public disclosure of CVE-2023-2906.

Tag

#web