High Severity

Security Bulletin: Openstack Compute (Nova) noVNC proxy

Share this post:

Fix OpenStack Nova allowing a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the noVNC component. By modifying untrusted URL input using multiple backslashes, an attacker could exploit this vulnerability to redirect a victim to arbitrary website

CVE(s): CVE-2021-3654

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
PowerVC

1.4.4.2

2.0.0.0

2.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6508880
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/206478

More stories

Security Bulletin: Vulnerability in jsoup may affect Cúram Social Program Management (CVE-2021-37714)

Nov 25, 2021 7:01 pm EST | High Severity

IBM Cúram Social Program Management uses the jsoup libraries, for which there is a publicly known vulnerability. For this vulnerability jsoup is susceptible to a denial of service attack, caused by improper input validation. ...read more


Security Bulletin: Vulnerabilities affect IBM Netcool Agile Service Manager

Nov 25, 2021 7:00 pm EST | High Severity

Vulnerabilities exist in IBM Netcool Agile Service Manager, these have been addressed. ...read more


Security Bulletin: Vulnerabilities affect IBM Netcool Agile Service Manager

Nov 24, 2021 7:00 pm EST | High Severity

Vulnerabilities exist in IBM Netcool Agile Service Manager, these have been addressed. ...read more