A former employee of Discovery Bay Water Treatment Facility in California was indicted by a federal grand jury for intentionally attempting to cause malfunction to the facility’s safety and protection systems. […] Read More
BleepingComputer
Related Posts
Vulnerability in IBM Security Verify Let Attacker Extract Sensitive Information
Vulnerability in IBM Security Verify Let Attacker Extract Sensitive Information
Multiple Information Disclosure vulnerabilities were discovered in the IBM Security Verify Information Queue, which can reveal several internal product details. This information can then be used to conduct further attacks.
IBM Security Verify Information Queue is a pub/sub-based product integrator that can be used for integrating data between IBM products.
It uses Kafka technology for integration, a distributed data store ingestion, and processing data in real time.
CVE-2023-33833, CVE-2023-33834, CVE-2023-33835: IBM Information Queue Disclosure
This vulnerability affects IBM Information Queue (ISIQ) versions prior to 10.0.4 and 10.0.5 as they store sensitive information in plaintext that can be read by a local user.
The vulnerabilities CVE-2023-33834 and CVE-2023-33835 allow a remote attacker to access sensitive information, which assists in further attacks.
The CVSS score for these vulnerabilities has been given as CVE-2023-33833 (2.9), CVE-2023-33834 (5.3), and CVE-2023-33835 (5.3). All these vulnerabilities have the severity as Medium.
Affected Products and Fixed in Version
As per the security advisory of IBM, Products that are affected by these vulnerabilities and their fixed versions are given below.
Affected Product(s)Version(s)Fixed in VersionIBM Security Verify Information Queue10.0.410.0.6IBM Security Verify Information Queue10.0.5
Users of these products are recommended to upgrade to the latest version of IBM Security Verify Information Queue (10.0.6) to fix these vulnerabilities and prevent them from getting exploited by threat actors.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
The post Vulnerability in IBM Security Verify Let Attacker Extract Sensitive Information appeared first on Cyber Security News.
Cyber Security News
The Week in Ransomware – September 8th 2023 – Conti Indictments
The Week in Ransomware – September 8th 2023 – Conti Indictments
It started as a slow ransomware news week but slowly picked up pace with the Department of Justice announcing indictments on TrickBot and Conti operations members. […] Read More
BleepingComputer
Putting a dent in the cybersecurity workforce gap.
Putting a dent in the cybersecurity workforce gap.
In this special edition of Solution Spotlight, N2K President, Simone Petrella is talking with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap through empowerment, breaking down barriers and expanding DE&I initiatives. Read More
The CyberWire