Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

Confidential computing use cases

This article is the third in a six-part series (see our previous blog), where we present various usage models for confidential computing, a set of technologies designed to protect data in use—for example using memory encryption—and the requirements to get the expected security and trust benefits from t​​he technology. In this third article, we consider the four most important use cases for confidential computing: confidential virtual machines, confidential workloads, confidential containers and confidential clusters. This will allow us to better understand the trade-offs between the

Red Hat Blog
Open in Source
#ios#mac#microsoft#linux#red_hat#git#kubernetes#intel#amd#alibaba#ibm
CVE-2023-27863: IBM Spectrum Protect Plus Server information disclosure CVE-2023-27863 Vulnerability Report

IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325.

CVE-2023-25927: IBM Security Verify Access denial of service CVE-2023-25927 Vulnerability Report

IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635.

'Very Noisy': For the Black Hat NOC, It's All Malicious Traffic All the Time

Black Hat Asia's NOC team gives a look inside what's really happening on the cyberfront during these events.

CVE-2023-28522: Security Bulletin: IBM API Connect is impacted by an improper access control vulnerability (CVE-2023-28522)

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585.

CVE-2023-28520

IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454.

CVE-2021-39036

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213966.

CVE-2023-27870: IBMid credentials may be exposed when directly downloading code onto IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Spectrum Virtualize products [CVE-2023-27870]

IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518.

CVE-2023-27870

IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518.

CVE-2023-27554: IBM WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2023-27554)

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185.