Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2023-30993: IBM Cloud Pak for Security information disclosure CVE-2023-30993 Vulnerability Report

IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. IBM X-Force ID: 254136.

CVE
Open in Source
#vulnerability#ibm
CVE-2023-23468: IBM Robotic Process Automation access control CVE-2023-23468 Vulnerability Report

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500.

CVE-2023-22593: Security Bulletin: IBM Robotic Process Automation for Cloud Pak is vulnerable to security misconfiguration which may result in elevated privileges (CVE-2023-22593).

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.

RHSA-2023:3888: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.4 for OpenShift image security enhancement update

A new image is available for Red Hat Single Sign-On 7.6.4, running on OpenShift Container Platform 3.10 and 3.11, and 4.12.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4361: Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. * CVE-2023...

Most Enterprise SIEMs Blind to MITRE ATT&CK Tactics

Organizations are largely deluded about their own security postures, according to an analysis, with the average SIEM failing to detect a whopping 76% of attacker TTPs.

CVE-2023-26273: Security Bulletin: IBM QRadar SIEM is vulnerable to Hazardous Input Validation (CVE-2023-26273)

IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 248134.

CVE-2023-26274: Security Bulletin: IBM QRadar SIEM is vulnerable to Cross Site Scripting (XSS) (CVE-2023-26274)

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248144.

CVE-2023-26276: IBM QRadar information disclosure CVE-2023-26276 Vulnerability Report

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147.

CVE-2022-34352: Security Bulletin: IBM QRadar SIEM is vulnerable to information disclosure between tenants (CVE-2022-34352)

IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. IBM X-Force ID: 230403.

CVE-2023-32339

IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587.