Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
February 18, 2022Rewterz Threat Advisory – CVE-2022-22922 – TP-Link TL-WA850RE Wi-Fi Range Extender Vulnerability
February 21, 2022Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
February 18, 2022Rewterz Threat Advisory – CVE-2022-22922 – TP-Link TL-WA850RE Wi-Fi Range Extender Vulnerability
February 21, 2022Severity
Medium
Analysis Summary
CVE-2021-39026
IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVE-2021-38935
IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
Impact
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2021-39026
- CVE-2021-38935
Affected Vendors
IBM
Affected Products
- IBM Security Guardium Data Encryption 5.0.0.2
- IBM Security Guardium Data Encryption 5.0.0.3
- IBM Maximo Asset Management 7.6.1.2
Remediation
Refer to IBM Security Bulletin for patch, upgrade, or suggested workaround information.
CVE-2021-39026
CVE-2021-38935