Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2022-34334: IBM Partner Engagement Manager vulnerable to authentication bypass (CVE-2022-34334)

IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704.

CVE
Open in Source
#vulnerability#linux#auth#ibm
CVE-2022-34308: Security Bulletin: IBM CICS TX Standard is vulnerable to a local user causing a denial of service. (CVE-2022-34308)

IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437.

CVE-2022-30613: IBM QRadar SIEM information disclosure CVE-2022-30613 Vulnerability Report

IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366.

CVE-2022-22493: IBM WebSphere Automation for Cloud Pak for Watson AIOps cross-site request forgery CVE-2022-22493 Vulnerability Report

IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449.

CVE-2022-22480: IBM QRadar SIEM information disclosure CVE-2022-22480 Vulnerability Report

IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889.

CVE-2022-41291: IBM InfoSphere Information Server session fixation CVE-2022-41291 Vulnerability Report

IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699.

CVE-2022-36772: IBM InfoSphere Information Server information disclosure CVE-2022-36772 Vulnerability Report

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user.

What is the Confidential Containers project?

Confidential Containers (CoCo) is a new sandbox project of the Cloud Native Computing Foundation (CNCF) that enables cloud-native confidential computing by taking advantage of a variety of hardware platforms and technologies.

RHSA-2022:6850: Red Hat Security Advisory: openvswitch2.11 security update

An update for openvswitch2.11 is now available for Fast Datapath for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

CVE-2022-38709: IBM Robotic Process Automation cross-site scripting CVE-2022-38709 Vulnerability Report

IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291.