Posts by Noe

IBM recently published a major security bulletin concerning Node.js and the OpenSSL library. In this first part, we’ll focus on the vulnerabilities related to Node.js, while a second part will cover those concerning OpenSSL. 🛠️ Node.js on IBM i : Main vulnerabilities On IBM i, Node.js is mainly used as runtime & SDK for Apache…

Hello ! New security alert concerning the IBM® Performance Tools for i licensed program. IBM® Performance Tools for i includes numerous additional applications that complement or extend the capabilities of the basic performance tools available in the operating system, such as performance data collection, analysis and reporting functions. However, following the publication of the security…

Hello everyone, today IBM has published a new vulnerability in the IBM i Management Central. As a reminder, Management Central allows you to manage one or more systems from a single core system.The module works by groups of similar or related end systems, making it easy to manage, plan or monitor your systems. Today’s vulnerability…

IBM has issued another important security alert concerning its IDE.IBM informs us that RDI (i IBM Rational Development Studio for i) is vulnerable to a local elevation of user privileges due to the call of a CL command without library qualification in the compiler infrastructure.An arbitrary actor can then cause user-controlled code to execute with…

New security bulletin: IBM i Access Client Solutions is vulnerable to a remote attacker bypassing integrity checks in Apache Mina SSHD Common. Apache MINA SSHD is a 100% pure Java library that supports both client-side and server-side SSH protocols, and is used by IBM i Access Client Solutions’ Open Source Package Manager functionality when authenticating…

New vulnerability discovered in IBM i Access Client Solutions due to vulnerabilities in the Apache Commons Compress library. IBM has identified 2 main forms of attack for this flaw, index 5.5, and they both involve the same practice.In fact, by persuading a victim to open a certain type of specially designed file, an attacker can…

📢 New IBM security bulletin – Java vulnerabilities 🚨 IBM has identified 6 security vulnerabilities affecting IBM Java SDK and IBM Java Runtime for IBM i.These vulnerabilities could compromise the confidentiality of users 🛑 and are mainly caused by components external to the program. 🔎 As a reminder: IBM Java SDK and IBM Java Runtime…

New vulnerability discovered in the IBM i HTTP Server (powered by Apache)!It turns out that this server is vulnerable to a denial-of-service attack due to poor management of multiplexed streams in the HTTP/2 protocol. The protocol allows developers to customize the hierarchy or order in which Web resources are loaded.And the sending of numerous HTTP/2…

Hello everyone, another important security alert has just been published by IBM, directly concerning the Db2 infrastructure for IBM i. According to IBM, this infrastructure could allow a local user to gain elevated privileges through an unqualified library call. Following this manipulation, a malicious actor could cause arbitrary code to execute with administrator privileges. We…

Hello very bad news today, following the publication of a major security alert with a CVSS index of 9.8. As a reminder, the CVSS index (Common Vulnerability Scoring System) is a system used to calculate a score evaluating the criticality of a vulnerability. This system ranges from 0, an almost zero risk, to 10, a…