Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM32960F1D849006D18E48C21ADC5640A2C64C89552852D1238715A3ACCD78A04F
HistoryMay 17, 2024 - 5:30 p.m.

Security Bulletin: IBM Java and IBM WebSphere Application Server used by ISVG - Identity Manager have multiple vulnerabilities

2024-05-1717:30:20
www.ibm.com
7
ibm
identify manager
java
websphere
security bulletins
vulnerabilities
updates

8.4 High

AI Score

Confidence

Low

JSON

Summary

IBM Security Verify Governance - Identity Manager ships with IBM Java SDK and IBM WebSphere Application Server traditional. Information about security vulnerabilities affecting these dependencies has been published in security bulletins.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Verify Governance, Identity Manager - Software component ISVG 10.0.2

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Principal Product and Version(s)

|

Affected Supporting Product and Version(s)

|

Affected Supporting Product Security Bulletin

—|—|—

ISVG 10.0.2

|

IBM Java v7.1.5.18 and earlier, v8.0.8.0 and earlier

|

IBM SDK, Java Technology Edition could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Security Bulletin: <https://www.ibm.com/support/pages/node/7017032&gt;

ISVG 10.0.2

|

WebSphere Application Server 9.0, 8.5

|

IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack.
Security Bulletin: <https://www.ibm.com/support/pages/node/7148426&gt;

ISVG 10.0.2

|

WebSphere Application Server 9.0, 8.5

|

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack.
Security Bulletin: <https://www.ibm.com/support/pages/node/7148380&gt;

ISVG 10.0.2

|

WebSphere Application Server 9.0, 8.5

|

An attacker with network access to HTTP listening ports behind the firewall, could start an HTTP request to a default server configuration and generate a specially crafted request that bypasses the limitFieldSize until OOM happens

Security Bulletin: <https://www.ibm.com/support/pages/node/7149330&gt;

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security verify governanceeq10.0.2

8.4 High

AI Score

Confidence

Low

JSON