Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

TIM’s Red Team Research (RTR) discovered a critical zero-day vulnerability in IBM InfoSphere Information Server

Researchers at TIM’s Red Team Research discovered a zero-day vulnerability in IBM InfoSphere Information Server. Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered a new critical vulnerability in IBM InfoSphere Information Server. The flaw has not addressed by IBM, because the product version 8.5.0.0 is in End-of-life. Today, TIM’s Red Team Research led […]

IBM API Connect

Researchers at TIM’s Red Team Research discovered a zero-day vulnerability in IBM InfoSphere Information Server.

Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered a new critical vulnerability in IBM InfoSphere Information Server. The flaw has not addressed by IBM, because the product version 8.5.0.0 is in End-of-life.

Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered a new critical vulnerability in IBM InfoSphere Information Server. The flaw has not addressed by IBM, because the product version 8.5.0.0 is in End-of-life.

IBM InfoSphere Information Server is a data management product.

According to the product description from the vendor page:

“IBM InfoSphere Information Server Enterprise Edition is an industry-leading, end-to-end data platform that provides a complete suite of capabilities. These capabilities include automated data discovery, policy-driven governance, self-service data preparation, data quality assessment and cleansing for data in flight and at rest, and advanced dynamic or batch data transformation and movement. It helps you deliver trusted business-ready data to your key business initiatives such as big data, data lakes, data warehouse modernization and master data management.”

Cybersecurity researchers identified a Deserialization of Untrusted Data (CWE-502), identified as CVE-2020-27583, has a CVSS3 score of 9.8. The vulnerability allows unrestricted remote code execution with root privileges, without requiring any authentication.

The laboratory has identified, from public sources available on the corporate website, vulnerabilities on vendors such as Oracle, Nokia, Siemens, Schneider Electric, QNAP, Selesta, WOWZA, MultiUX and recently WordPress, helping to improve overall IT security.

The complete list of CVEs discovered by TIM researchers (formerly Telecom Italia S.p.A.) are available on the TIM Corporate websites:

https://www.gruppotim.it/redteam

TIM is one of the main Italian telecommunications companies, it is one of the few Italian industrial companies that has devoted such an important effort to the search for undocumented vulnerabilities.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, IBM InfoSphere Information Server)

[adrotate banner=”5″]

[adrotate banner=”13″]