Redhat: Security Vulnerabilities
IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-02-06
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-02-02
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-02-01
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
CVSS Score
8.8
EPSS Score
0.001
Published
2023-02-01
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-01-27
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-01-26
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.
CVSS Score
4.0
EPSS Score
0.0
Published
2023-01-18
IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075.
CVSS Score
4.6
EPSS Score
0.001
Published
2023-01-18
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-01-18
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-01-18