Last year, 71% of enterprise breaches were pulled off quietly, with legitimate tools, research shows.
Related Posts
Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher
Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher
A researcher has shown how malicious actors can create custom GPTs that can phish for credentials and exfiltrate them to external servers.
The post Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher appeared first on SecurityWeek.
SecurityWeek RSS Feed
Vulnerability in IBM Security Verify Let Attacker Extract Sensitive Information
Vulnerability in IBM Security Verify Let Attacker Extract Sensitive Information
Multiple Information Disclosure vulnerabilities were discovered in the IBM Security Verify Information Queue, which can reveal several internal product details. This information can then be used to conduct further attacks.
IBM Security Verify Information Queue is a pub/sub-based product integrator that can be used for integrating data between IBM products.
It uses Kafka technology for integration, a distributed data store ingestion, and processing data in real time.
CVE-2023-33833, CVE-2023-33834, CVE-2023-33835: IBM Information Queue Disclosure
This vulnerability affects IBM Information Queue (ISIQ) versions prior to 10.0.4 and 10.0.5 as they store sensitive information in plaintext that can be read by a local user.
The vulnerabilities CVE-2023-33834 and CVE-2023-33835 allow a remote attacker to access sensitive information, which assists in further attacks.
The CVSS score for these vulnerabilities has been given as CVE-2023-33833 (2.9), CVE-2023-33834 (5.3), and CVE-2023-33835 (5.3). All these vulnerabilities have the severity as Medium.
Affected Products and Fixed in Version
As per the security advisory of IBM, Products that are affected by these vulnerabilities and their fixed versions are given below.
Affected Product(s)Version(s)Fixed in VersionIBM Security Verify Information Queue10.0.410.0.6IBM Security Verify Information Queue10.0.5
Users of these products are recommended to upgrade to the latest version of IBM Security Verify Information Queue (10.0.6) to fix these vulnerabilities and prevent them from getting exploited by threat actors.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
The post Vulnerability in IBM Security Verify Let Attacker Extract Sensitive Information appeared first on Cyber Security News.
Cyber Security News