Posts by Noe

Hello everyone, today another OpenSSH security bulletin.OpenSSH is the first connectivity tool for remote connection using the SSH protocol. It uses traffic encryption to eliminate eavesdropping, connection hijacking and other attacks. As a result of this new vulnerability, OpenSSH is vulnerable to a machine-in-the-middle attack caused by a flaw in the protocol’s extension negotiation process.…

Today’s security bulletin concerns the IBM HTTP server (powered by Apache), vulnerable to 2 major flaws that could cause malicious file downloads (CVE-2023-45802) and/or data theft (CVE-2023-31122). Firstly, arbitrary files can be downloaded via the stream management platform: Apache StreamPark. Within this development framework, an authenticated attacker could download these files by sending 2 HTTP…

IBM Rational Developer for I allows you to create, manage and modernize applications on the IBM i platform.It integrates development tools such as search, modify, create, analyze and restructure capabilities.The IDE (integrated development environment) also contains several debuggers for the Eclipse framework, widely used to simplify and accelerate application development and modernization. One of the…

Hello everyone, new security bulletin concerning IBM i Access Client Solutions (ACS).The platform/independent interface is vulnerable to the theft of remote credentials when NTLM is enabled on Windows workstations. NTLM (New Technology LAN Manager) is a suite of Microsoft security protocols designed to ensure user authentication, integrity and confidentiality. It is also the successor to…

Three new vulnerabilities discovered in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i. These flaws can cause a denial of service and/or have a significant impact on its integrity (CVE-2023-22081 and CVE-2023-22067). Oracle Java SE (Oracle GraalVM) contains an unspecified vulnerability. The CVSS risk score is 5.3 for the…

A new security bulletin has just been released at the beginning of February 2024! It turns out that a multitude of vulnerabilities are present in IBM® Runtime Environment java™ Version 8 used by IBM Installation manager and IBM Packaging utility. Firstly, an unspecified vulnerability in Java SE linked to the JSSE component could allow a…

At the end of November 2023, a new security bulletin has been issued for Java packages: IBM Java SDK and IBM Java Runtime for IBM i. The packages have an unspecified vulnerability ( in Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK ) linked to the Libraries component, which could enable a…

New security alert of very high severity (CVSS Base score 8.8), concerning the Samba server.A flaw in its system could enable an attacker to bypass the security restrictions (CVE-2023-4091) and (CVE-2023-4091). Samba is a server that uses TCP/IP on IBM i to interact with Microsoft® Windows® clients or servers as if it were a Windows…

New vulnerability detected in IBM’s security bulletin at the end of October (CVE-2023-40685, CVE-2023-40686).IBM i is vulnerable to local privilege escalation due to flaws in “Management Central”, and these vulnerabilities exist even when the centralized management software is not being used for system management tasks. A malicious actor with command-line access to the operating system…