Posts by contact@digitalyz.fr
Very large OpenSSH vulnerability (02/26/2024)
Hello, Very bad news today, following the publication of a major security alert with a CVSS index of 9.8. As a reminder, the CVSS index (Common Vulnerability Scoring System) is a system used to calculate a score assessing the criticality of a vulnerability. The system ranges from 0, virtually zero risk, to 10, critical risk.…
Read MoreFlaw in the OpenSSH connectivity tool and its SSH protocol (24/02/2024)
Hello everyone, today another OpenSSH security bulletin.OpenSSH is the first connectivity tool for remote connections using the SSH protocol. It uses traffic encryption to eliminate eavesdropping, connection hijacking and other attacks.As a result of this new vulnerability, OpenSSH is vulnerable to a machine-in-the-middle attack caused by a flaw in the protocol extension negotiation process. When…
Read MoreRDI IDE flaw (02/14/2024)
New vulnerability discovered in the IBM Rational Developer for i IDE. IBM Rational Developer for I allows you to create, manage and modernize applications on the IBM i platform.It integrates development tools such as search, modify, create, analyze and restructure capabilities.The IDE (integrated development environment) also contains several debuggers for the Eclipse framework, widely used…
Read MoreNew ACS vulnerability through NTLM protocol activation (08/02/2024)
Hello everyone, new security bulletin concerning IBM i Access Client Solutions (ACS).The platform/independent interface is vulnerable to the theft of remote credentials when NTLM is enabled on Windows workstations. NTLM (New Technology LAN Manager) is a suite of Microsoft security protocols designed to ensure user authentication, integrity and confidentiality. It is also the successor to…
Read More2 vulnerable components in Java SE and a flaw in Eclipse OpenJ9 (02/2024)
Three new vulnerabilities discovered in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i. These flaws can cause a denial of service and/or have a significant impact on its integrity (CVE-2023-22081 and CVE-2023-22067). Oracle Java SE (Oracle GraalVM) contains an unspecified vulnerability. The CVSS risk score is 5.3 for the…
Read MoreMultiple vulnerabilities in IBM® Runtime Environment java™ Version 8 (02/2024)
A new security bulletin has just been released at the beginning of February 2024! It turns out that a multitude of vulnerabilities are present in IBM® Runtime Environment java™ Version 8 used by IBM Installation manager and IBM Packaging utility. Firstly, an unspecified vulnerability in Java SE linked to the JSSE component could allow a…
Read More