

APT29 aka Nobelium – Active IOCs
June 10, 2024
Multiple GitHub Enterprise Server Vulnerabilities
June 10, 2024
APT29 aka Nobelium – Active IOCs
June 10, 2024
Multiple GitHub Enterprise Server Vulnerabilities
June 10, 2024Severity
Medium
Analysis Summary
CVE-2024-22326 CVSS:5
IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection.
CVE-2023-45192 CVSS:8.2
IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE-2022-35718 CVSS:3.7
IBM Sterling Partner Engagement Manager 6.2.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
Impact
- Security Bypass
- Information Obtain
Indicators of Compromise
CVE
- CVE-2024-22326
- CVE-2023-45192
- CVE-2022-35718
Affected Vendors
Affected Products
- IBM DS8900F 89.30.68.0
- IBM DS8900F 89.32.40.0
- IBM DS8900F 89.33.48.0
- IBM DS8900F 89.22.19.0
- IBM DS8900F 89.40.83.0
- IBM DS8900F 89.40.93.0
- IBM Engineering Requirements Management DOORS Next 7.0.2
- IBM Engineering Requirements Management DOORS Next 7.0.3
- IBM Sterling Partner Engagement Manager 6.2.3
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.