Medium Severity
Security Bulletin: Aspera on Cloud CVE-2020-8184
Sep 28, 2020 8:00 pm EDT
Categorized: Medium Severity
Share this post:
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. Prior to discovery of this vulnerability, Aspera on Cloud used rack gem V2.2.2. Once the vulnerability was identified the version of rack gem used was upgraded to V2.2.3, which does not contain this vulnerability. Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| Aspera on Cloud | All |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6338791
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring returns potentially sensitive information in headers which could lead to further attacks against the system.
Mar 8, 2021 7:00 pm EST | Medium Severity
IBM Cloud Pak for Multicloud Management Monitoring returns potentially sensitive information in headers which could lead to further attacks against the system. ...read more
Security Bulletin: Google Protocol Buffers as used by IBM QRadar SIEM is vulnerable to arbitrary code execution (CVE-2015-5237)
Mar 8, 2021 7:00 pm EST | Medium Severity
Google Protocol Buffers as used by IBM QRadar SIEM is vulnerable to arbitrary code execution ...read more
Security Bulletin: Information leakage vulnerability affect IBM Business Automation Workflow – CVE-2021-20358
Mar 8, 2021 7:00 pm EST | Medium Severity
IBM Business Automation Workflow may leak sensitive information in trace when emitting events for Business Automation Insights. ...read more