Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2022-22476: Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476)

IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604.

CVE
Open in Source
#vulnerability#web#mac#windows#linux#auth#ibm
CVE-2022-34160: Security Bulletin: IBM CICS TX Advanced is vulnerable to HTML injection (CVE-2022-34160)

IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330.

CVE-2022-34166: IBM CICS TX Standard is vulnerable to cross-site scripting (CVE-2022-34166)

IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229430.

CVE-2022-34167: IBM CICS TX Standard is vulnerable to a stored cross-site scripting attack (CVE-2022-34167)

IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229432.

CVE-2022-34306: IBM CICS TX HTML injection CVE-2022-34306 Vulnerability Report

IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229435.

Will These Algorithms Save You From Quantum Threats?

Quantum-proof encryption is here—decades before it can be put to the test.

In Switch, Trickbot Group Now Attacking Ukrainian Targets

Latest campaigns are a break from its usual financially motivated attacks and appear aligned with Russian interests, security researchers say.

TrickBot Malware Shifted its Focus on "Systematically" Targeting Ukraine

In what's being described as an "unprecedented twist," the operators of the TrickBot malware have resorted to systematically targeting Ukraine since the onset of the war in late February 2022. The group is believed to have orchestrated at least six phishing campaigns aimed at targets that align with Russian state interests, with the emails acting as lures for delivering malicious software such

RHSA-2022:5526: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46784: squid: DoS when processing gopher server responses