Rewterz Threat Advisory – Multiple IBM Products Vulnerabilities

Rewterz Threat Alert – Bifrost Malware Deceives Linux Users with New Tactic – Active IOCs

March 5, 2024

Rewterz Threat Advisory – CVE-2023-43318 – TP-Link JetStream Smart Switch Vulnerability

March 5, 2024

Rewterz Threat Advisory – Multiple IBM Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-50312 CVSS:5.3

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration.

CVE-2023-50305 CVSS:5.1

IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users have strong passwords by default, which makes it easier for attackers to compromise user accounts.

CVE-2023-47716 CVSS:6.3

IBM CP4BA – Filenet Content Manager Components 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user to gain the privileges of another user under unusual circumstances.

CVE-2023-38366 CVSS:5.3

IBM Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.

CVE-2023-28949 CVSS:6.5

IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

CVE-2023-28525 CVSS:4.8

IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.