CND News and Blog

New Vulnerabilities for Wednesday 23 November


New Alerts for Aveva, Aruba, HPE, Bosch, IBM, and SolarWinds.

Aveva 

AVEVA Edge (formerly known as InduSoft Web Studio) contains multiple security vulnerabilities. A remote attacker can insert malicious DLL files and trick the application into executing code. Highest CVSSv3 score of 9.8
More info. And here.

Aruba 

Aruba has released patches for Aruba EdgeConnect Enterprise that address multiple security vulnerabilities. Highest CVSSv3 score of 7.5
More info.

HPE 

Potential security vulnerabilities have been identified in the BMC of HPE CL2100 Gen10 and HPE CL2200 Gen10 servers. The vulnerabilities could be remotely exploited to perform remote code execution or gain elevated privilege. Highest CVSSv3 score of 9.9
More info.

Bosch 

Multiple vulnerabilities were found in the PRA-ES8P2S Ethernet-Switch including a buffer vulnerability. Highest CVSSv3 score of 9.8
Note that the CVEs date back to 2006.
More info.

IBM 

IBM has published 8 security bulletins for their products identifying vulnerabilities in Apache products. All rated Critical.
More info.

IBM InfoSphere DataStage is vulnerable to a command injection vulnerability due to improper neutralization of special elements. CVSSv3 score of 9.8
More info.

IBM QRadar Network Security is affected by multiple vulnerabilities. Highest CVSSv3 score of 9.8
More info.

IBM Security Verify Governance is vulnerable to multiple security threats due to use of XStream. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics - Log Analysis. Highest CVSSv3 score of 9.8
More info.

SolarWinds 

SolarWinds has published 8 new security bulletins. Highest CVSSv3 score of 8.8
More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, 08 December 2022

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Are You Ready To Find Out More?

Arrange a Chat With Our Friendly Service Delivery Team.