Oracle WebCenter Portal Multiple Vulnerabilities (January 2018 CPU)

2018-02-12T00:00:00

Description

The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the January 2018 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities. - A vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Install (Bouncy Castle Java package)). Supported versions that are affected are 9.1 and 9.2. An unauthenticated attacker with network access via HTTP can exploit the vulnerability to compromise PeopleSoft Enterprise HCM Human Resources. A successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. (CVE-2015-7940) - A vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Security Framework (Apache Struts 1)). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. An unauthenticated attacker with network access via HTTP can exploit the vulnerability to compromise Oracle WebCenter Portal. A successful attacks of this vulnerability can result in a complete Denial-of-Service of Oracle WebCenter Portal including the update, insert or delete access to some of Oracle Web Portal accessible data. (CVE-2016-1182) - A vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. An unauthenticated attacker with network access via HTTP can exploit the vulnerability to compromise Oracle WebCenter Portal. A successful attack require humans interaction to be effective and can result in unauthorized creation, deletion or modification access to Oracle WebCenter Portal data. (CVE-2018-2713)

{"id": "ORACLE_WEBCENTER_PORTAL_CPU_JAN_2018.NBIN", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Oracle WebCenter Portal Multiple Vulnerabilities (January 2018 CPU)", "description": "The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the January 2018 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities.\n\n - A vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Install (Bouncy Castle Java package)).\n Supported versions that are affected are 9.1 and 9.2.\n An unauthenticated attacker with network access via HTTP can exploit the vulnerability to compromise PeopleSoft Enterprise HCM Human Resources.\n A successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data.\n (CVE-2015-7940)\n\n - A vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Security Framework (Apache Struts 1)). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. An unauthenticated attacker with network access via HTTP can exploit the vulnerability to compromise Oracle WebCenter Portal. A successful attacks of this vulnerability can result in a complete Denial-of-Service of Oracle WebCenter Portal including the update, insert or delete access to some of Oracle Web Portal accessible data. (CVE-2016-1182)\n\n - A vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. An unauthenticated attacker with network access via HTTP can exploit the vulnerability to compromise Oracle WebCenter Portal.\n A successful attack require humans interaction to be effective and can result in unauthorized creation, deletion or modification access to Oracle WebCenter Portal data.\n (CVE-2018-2713)", "published": "2018-02-12T00:00:00", "modified": "2023-09-25T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/106759", "reporter": "This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2713", "http://www.nessus.org/u?ae82f1b1", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1182", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7940"], "cvelist": ["CVE-2015-7940", "CVE-2016-1182", "CVE-2018-2713"], "immutableFields": [], "lastseen": "2023-09-26T14:52:58", "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-70686", "JRASERVER-70686"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-1082"]}, {"type": "cve", "idList": ["CVE-2015-7940", "CVE-2016-1182", "CVE-2018-2713"]}, {"type": "debian", "idList": ["DEBIAN:DLA-361-1:E2323", "DEBIAN:DSA-3417-1:682B4", "DEBIAN:DSA-3417-1:D5725"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-7940"]}, {"type": "f5", "idList": ["F5:K04403302", "F5:K10105323", "SOL04403302"]}, {"type": "fedora", "idList": ["FEDORA:4B961604A720", "FEDORA:8830E6049DEB", "FEDORA:97D036078C28"]}, {"type": "github", "idList": ["GHSA-4MV7-CQ75-3QJM", "GHSA-5GGR-MPGW-3MGX"]}, {"type": "ibm", "idList": ["104BE807C8577FF816DF414B5A588FABB581711BB54758F6F49C7CAC17CD68BE", "107B029DD56A2199A3A87E51461350D452A0422C3E3D25CE9E1B91F71C36131B", "12780044E1A62D25F913723FBCBD5B926E91CC9AC8CA8FAA1DCE18D02D152689", "1815BD265DEB0EE550962E1526DA1FE75BACA3823A20A4BCDA8ED078F9EC9C8D", "1A977E1D46AE4CB4B7068DB341125931FAD75C28D6703503973FFF9BE917887F", "1D6C51DC7D1DD9D1A9F07B9737CE12B7F8F933D3089EBCB68A0BBCF75680D250", "233226C0332001C81596C237819F64BB35F4B49297346F216B4DC90C72D26485", "23F8C1E67922626C0589CA86ED9B40D441D494E8B56CD8FF4A2EF76F18E6861F", "286378C830B748E29DFAEAB7AC19693EE4565D1CAB6189EAA20A975B835DFAD6", "29036B6FEB00571E2FBC00E867150134E5DF9C08AD44F9670B7C8B0109F99570", "2DD38E427DB50FDA5C4D07F52BDC62BA35206BA44BC185595E39ACAE88DD41C5", "35774A12657731256610BEB1ACB2AE99C105060354AA560F82DED28AE65A8B24", "366FA55EE0B09B40AABB041DB433F5E49FC0E42F7988440387EBE3EED9DBAE91", "39D4A3024CD82E0AB1412C8F0B7DE6C9C896CC59E99FBAB7A5A61175586A3211", "3C630E87CC8A98E980FC5838CF94096C676B99FA65014F79A0F1057053EEB9E0", "3CFF13ADA1D4912594BB3AC9D0D9ACB17881A208B1AD8998A1E8BD64DD6C5268", "3D8540513E9389E52505EF4CCF99C1FC5DC8928BFA49128170D48087D1264725", "3DAB255772B5C0465CD2A50FC27BF93D482025FE8D7247F3C147E19AC9F9AFD2", "3E3AF8AC7BA63076BEE8FFB670B3A3F27E0903C83526E54496E50EB2DF74B875", "4C800D760232A012AE25AED7F8AFCFF9E3EF3D9D48D3614E764CC6588F221519", "55C6EB16408836E84C4255320770BC4F60934779CE325008D25B4951C20115C1", "615E4369D0B07E7BA358AF447BD05A3ACC0720A255109ADB57E2A2080DB3607A", "637F608901EF8B9FD34455682320A8EBC1B665D4F6B5C7F53F3E57AE66C9AAAA", "65DC12D6E8E0D53E6ED0AF1F356647C749F500509AAE6E4435FC95F00517F01C", "6858032AD0022691AF88FEDCEF29BB4CEA50172EAD995CAB6463B91C16637C1C", "68E7DB3D7E398B2706226213F9B1A94ACD374A065EE9538BCE2CF140B065CB08", "691466DAEE06683E49687F1AD61B1DE274EE44CA9F6E86B9BF8D7D76D6346999", "6AB5B24B612744A794E7F28CC88F04C811F4BB9710FE31917EFCB65EDDDF7C9A", "6F2C088BF5D78FB804760981ACFE38C9CC104BC5F9390812E5D324682512AD45", "71A473993D401FAFDA20A063C958EB3785E06B0F2833BBEB5FA0B1E2E3123139", "7B7FB00293A8F53E25D4A2A19DB3E7DD5613C6E483518C6A9ED7EE3CF79E76F5", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "8585A81D2C6357431DB37ADDF4189DBBFAC913BE555A9B6483BF16E8E8705C85", "867D9ECEAB40B111EE25A99AD07419623F566D5212284F0A2C5C9E2D13C72DF2", "8731F85B75BA77CC3784CD784E98484D53CD189EA60F1F57A3A4EE351FF62B39", "88E396C29AABC664ACC3D5B0A3797EDDA0587772D5D9F452A2E356E7CC5BCD5D", "8AECCBE0CD244EF2C1818D4560A2112EBDDE17CF922BC7869D4367156735AD72", "915F25F9D4BBEE1CAACAA6F5FD6ACC3E18033BE658B9A06B8B13ACD613C9B6FD", "9CC98367A213309185EDA7DC75FCDBBA5D5754142F33E0C8ED1B454D10CF416E", "9E3B1F6158EF5703EF54F7C3064A7EB99BF9523B8A6CCF05475346791179C879", "A09274BA1A31537EA391724E8C52797113E094AE9E4EAA66FB5A50D995921587", "A38279E551792BA29F1FA34034CD64E94266819C4862EDC7B206E7A748D269FD", "A49F8E92510CDD96D8127764BC310529CF44A60596DB14352FF329575652A707", "A4FDFC527D8A765D6247DDB806EE98612DA0FE7BCB4E133A742D7FA9A06E39DC", "A94F39CD0E79745E3D615E6D91574F4476A22300F2013BDD63662E44D9BBDF03", "A9C254F86614D2334E5A1624EEBD7497A5FA74BEC3159FA2530927B6C4A89585", "AAE50909D8058934D5CCB989B4CEA17B72CABD2BC4CF08576581EC909FE087A7", "B236D3400A0C6106EC62C77931DC3654EEBAB6EEA563B3344ECFF477FD634E81", "B4BA991763253D738BCAA9AB61AE50E1AA4C20D6F3366D5551C3051C29FEADB2", "BE523D88E9070A2DC41C20554C070BC6A203CA40E3C999CC7B9D52C82AF77DEF", "C24D4FCC97FD95E90382A4216040099F16203ABF61AF30281EF1C2E136253A42", "C270008C47088F4AB45570D101436BB116E08F304CC36AF51E0823C68AFCAAE8", "C6D76168198B9EF24D77F1D04BA06E30D33B0C7D71C8457114E69E1A43BB68AD", "C9594147E388237928595F1CF759F8EC355015BE6AC29A030A2FA3207D9B6DE4", "C9B215C2E990733679984F0C6E86DB20EA1ED143683D79CFE88293360577ED49", "C9D56908C5941D51F8B700D0AEB133B65A72D4A5D3A7FAA2D989A477B71C954D", "CD1AEA82D347BCF45C817F297F91F17B63798AE3055B653759D8342B9405F1E0", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D75C787D719F6B509B47AAA92C0EBBE969DDCD2CD7BAA1800C224FD759790609", "D9F3546932BD432766323A6E9A562D656E3EAC77AAB6EE3AAADFF6008E59BC30", "DEAFA2DB54593AA80919E191E6F6089E8FC07DD6414224DF7420DF6F55DF4BC8", "E31CD1CAA68AD6659A7C459337F50C896A6D30B1CC25BEF6FC361000F2ACE0D4", "E3BD856982B27C3FE93EC13A76D5806B5BB18B95DD328F70706B73BE68D790ED", "E762499CA15D11429E743982AA3F2FC12E2E921DDF0F5987384DC6653A95B9A2", "EA4BC9A6E1BC28B39AE0C360DA599139777EC05EDFDC5120E91AC3051300D3E7", "EB488D986A623E81C07D5F38DFFA754649938084B72DDAA698DEA6B41BB73C49", "F2A538AF2ED1CAABCF5F0891DB02363ECADA659FE7F2989D3CCD7668E4585622", "F5BAF336C0FFA1A9715652B899383A9C6D730D8ADE9E07CAD68C90971C7F8249", "F5D5AAF38F45575DCEBF7AD5E9B3D25AA8678ED2972A091BF0082B881BDC74A4", "F7297DEE78789012F7802C00A7D437B06424929237D39542808A1D9905687922", "F936FE55F38C08867ADBDA8E6F3802EAC3CA57726D86C3FDB2C0BC8583619B6F", "F9A935F07F0C2592550406829A333AA17FFA9DE5B312BF55A008E03FEAC4C43E", "FFF1402575E7BE1F32E231DF470BEDA94544D3C346FFE024F98E6A628264A23E"]}, {"type": "ics", "idList": ["ICSMA-20-184-01"]}, {"type": "jvn", "idList": ["JVN:65044642"]}, {"type": "mageia", "idList": ["MGASA-2015-0487", "MGASA-2016-0244"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-361.NASL", "DEBIAN_DSA-3417.NASL", "FEDORA_2015-7D95466EDA.NASL", "FEDORA_2016-21BD6A33AF.NASL", "FEDORA_2016-D717FDCF74.NASL", "OPENSUSE-2015-705.NASL", "ORACLE_BI_PUBLISHER_APR_2020_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_JAN_2017_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "ORACLE_JDEVELOPER_CPU_JUL_2018.NASL", "SOLARIS10_142824-29.NASL", "SUN_JAVA_WEB_SERVER_7_0_27.NASL", "UBUNTU_USN-3727-1.NASL", "WEBSPHERE_711865.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310131170", "OPENVAS:1361412562310703417", "OPENVAS:1361412562310808523", "OPENVAS:1361412562310808530", "OPENVAS:1361412562310808538", "OPENVAS:1361412562310809478", "OPENVAS:1361412562310843603", "OPENVAS:1361412562310851127", "OPENVAS:703417"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017", "ORACLE:CPUAPR2018", "ORACLE:CPUAPR2019", "ORACLE:CPUAPR2020", "ORACLE:CPUJAN2017", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2019", "ORACLE:CPUJAN2020", "ORACLE:CPUJUL2016", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2020", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2017", "ORACLE:CPUOCT2018"]}, {"type": "osv", "idList": ["OSV:DLA-361-1", "OSV:GHSA-4MV7-CQ75-3QJM", "OSV:GHSA-5GGR-MPGW-3MGX"]}, {"type": "redhat", "idList": ["RHSA-2016:2035", "RHSA-2016:2036"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-1182"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1911-1"]}, {"type": "ubuntu", "idList": ["USN-3727-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-7940", "UB:CVE-2016-1182"]}]}, "score": {"value": 2.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-70686"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-1082"]}, {"type": "cve", "idList": ["CVE-2015-7940", "CVE-2016-1182"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3417-1:682B4"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-7940"]}, {"type": "f5", "idList": ["F5:K10105323"]}, {"type": "fedora", "idList": ["FEDORA:97D036078C28"]}, {"type": "ibm", "idList": ["EB488D986A623E81C07D5F38DFFA754649938084B72DDAA698DEA6B41BB73C49", "F5D5AAF38F45575DCEBF7AD5E9B3D25AA8678ED2972A091BF0082B881BDC74A4"]}, {"type": "ics", "idList": ["ICSMA-20-184-01"]}, {"type": "nessus", "idList": ["FEDORA_2016-21BD6A33AF.NASL", "FEDORA_2016-D717FDCF74.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703417", "OPENVAS:703417"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2018"]}, {"type": "redhat", "idList": ["RHSA-2016:2035"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-7940"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2015-7940", "epss": 0.0026, "percentile": 0.62228, "modified": "2023-05-07"}, {"cve": "CVE-2016-1182", "epss": 0.33413, "percentile": 0.96424, "modified": "2023-05-07"}, {"cve": "CVE-2018-2713", "epss": 0.00286, "percentile": 0.64049, "modified": "2023-05-07"}], "vulnersScore": 2.1}, "_state": {"dependencies": 1695742154, "score": 1695742547, "epss": 0}, "_internal": {"score_hash": "fab1f9ec2d353e83f5d514d6df100d86"}, "pluginID": "106759", "sourceData": "Binary data oracle_webcenter_portal_cpu_jan_2018.nbin", "naslFamily": "Misc.", "cpe": ["cpe:/a:oracle:fusion_middleware"], "solution": "Apply the appropriate patch according to the January 2018 Oracle Critical Patch Update advisory.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2016-1182", "vendor_cvss2": {"score": 6.4, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"}, "vendor_cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}, "vpr": {"risk factor": "Medium", "score": "5.1"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2018-01-19T00:00:00", "vulnerabilityPublicationDate": "2018-01-16T00:00:00", "exploitableWith": []}

{"ubuntucve": [{"lastseen": "2023-08-08T23:08:16", "description": "The Bouncy Castle Java library before 1.51 does not validate a point is\nwithing the elliptic curve, which makes it easier for remote attackers to\nobtain private keys via a series of crafted elliptic curve Diffie Hellman\n(ECDH) key exchanges, aka an \"invalid curve attack.\"\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802671>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | no reverse depends in main\n", "cvss3": {}, "published": "2015-11-09T00:00:00", "type": "ubuntucve", "title": "CVE-2015-7940", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7940"], "modified": "2015-11-09T00:00:00", "id": "UB:CVE-2015-7940", "href": "https://ubuntu.com/security/CVE-2015-7940", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-10-03T05:37:53", "description": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly\nrestrict the Validator configuration, which allows remote attackers to\nconduct cross-site scripting (XSS) attacks or cause a denial of service via\ncrafted input, a related issue to CVE-2015-0899.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2016-07-04T00:00:00", "type": "ubuntucve", "title": "CVE-2016-1182", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0899", "CVE-2016-1182"], "modified": "2016-07-04T00:00:00", "id": "UB:CVE-2016-1182", "href": "https://ubuntu.com/security/CVE-2016-1182", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-08-07T11:28:33", "description": "The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an \"invalid curve attack.\"", "cvss3": {}, "published": "2015-11-09T16:59:00", "type": "debiancve", "title": "CVE-2015-7940", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7940"], "modified": "2015-11-09T16:59:00", "id": "DEBIANCVE:CVE-2015-7940", "href": "https://security-tracker.debian.org/tracker/CVE-2015-7940", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "osv": [{"lastseen": "2022-08-05T05:19:28", "description": "\nThe Bouncy Castle Java library before 1.51 does not validate that a point\nis within the elliptic curve, which makes it easier for remote attackers\nto obtain private keys via a series of crafted elliptic curve Diffie\nHellman (ECDH) key exchanges, aka an \"invalid curve attack.\"\n\n\nFor Debian 6 Squeeze, this issue has been fixed in version\n1.44+dfsg-2+deb6u1 of bouncycastle.\n\n\nMany thanks to upstream author Peter Dettmann who reviewed the backport\nthat we prepared.\n\n\n", "cvss3": {}, "published": "2015-12-08T00:00:00", "type": "osv", "title": "bouncycastle - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7940"], "modified": "2022-08-05T05:19:26", "id": "OSV:DLA-361-1", "href": "https://osv.dev/vulnerability/DLA-361-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-04-11T01:20:43", "description": "The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an \"invalid curve attack.\"", "cvss3": {}, "published": "2018-10-17T16:27:50", "type": "osv", "title": "Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7940"], "modified": "2023-04-11T01:20:40", "id": "OSV:GHSA-4MV7-CQ75-3QJM", "href": "https://osv.dev/vulnerability/GHSA-4mv7-cq75-3qjm", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-04-11T01:48:16", "description": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-05-13T01:25:19", "type": "osv", "title": "Improper Input Validation in Apache Struts", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0899", "CVE-2016-1182"], "modified": "2023-04-11T01:48:12", "id": "OSV:GHSA-5GGR-MPGW-3MGX", "href": "https://osv.dev/vulnerability/GHSA-5ggr-mpgw-3mgx", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-23T22:19:54", "description": "Package : bouncycastle\nVersion : 1.44+dfsg-2+deb6u1\nCVE ID : CVE-2015-7940\nDebian Bug : 802671\n\nThe Bouncy Castle Java library before 1.51 does not validate that a point\nis within the elliptic curve, which makes it easier for remote attackers\nto obtain private keys via a series of crafted elliptic curve Diffie\nHellman (ECDH) key exchanges, aka an "invalid curve attack."\n\nFor Debian 6 \u201cSqueeze\u201d, this issue has been fixed in version\n1.44+dfsg-2+deb6u1 of bouncycastle.\n\nMany thanks to upstream author Peter Dettmann who reviewed the backport\nthat we prepared.\n\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {}, "published": "2015-12-08T11:28:10", "type": "debian", "title": "[SECURITY] [DLA 361-1] bouncycastle security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7940"], "modified": "2015-12-08T11:28:10", "id": "DEBIAN:DLA-361-1:E2323", "href": "https://lists.debian.org/debian-lts-announce/2015/12/msg00001.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-02T16:28:35", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3417-1 security@debian.org\nhttps://www.debian.org/security/ Luciano Bello\nDecember 14, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : bouncycastle\nCVE ID : CVE-2015-7940\nDebian Bug : 802671\n\nTibor Jager, J\u00c3\u00b6rg Schwenk, and Juraj Somorovsky, from Horst G\u00c3\u00b6rtz\nInstitute for IT Security, published a paper in ESORICS 2015 where they\ndescribe an invalid curve attack in Bouncy Castle Crypto, a Java library\nfor cryptography. An attacker is able to recover private Elliptic Curve\nkeys from different applications, for example, TLS servers.\n\nMore information:\nhttp://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html\nPractical Invalid Curve Attacks on TLS-ECDH:\nhttp://euklid.org/pdf/ECC_Invalid_Curve.pdf\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1.44+dfsg-3.1+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.49+dfsg-3+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.51-2.\n\nWe recommend that you upgrade your bouncycastle packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2015-12-14T12:51:06", "type": "debian", "title": "[SECURITY] [DSA 3417-1] bouncycastle security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7940"], "modified": "2015-12-14T12:51:06", "id": "DEBIAN:DSA-3417-1:D5725", "href": "https://lists.debian.org/debian-security-announce/2015/msg00322.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-21T22:40:33", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3417-1 security@debian.org\nhttps://www.debian.org/security/ Luciano Bello\nDecember 14, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : bouncycastle\nCVE ID : CVE-2015-7940\nDebian Bug : 802671\n\nTibor Jager, J\u00c3\u00b6rg Schwenk, and Juraj Somorovsky, from Horst G\u00c3\u00b6rtz\nInstitute for IT Security, published a paper in ESORICS 2015 where they\ndescribe an invalid curve attack in Bouncy Castle Crypto, a Java library\nfor cryptography. An attacker is able to recover private Elliptic Curve\nkeys from different applications, for example, TLS servers.\n\nMore information:\nhttp://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html\nPractical Invalid Curve Attacks on TLS-ECDH:\nhttp://euklid.org/pdf/ECC_Invalid_Curve.pdf\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1.44+dfsg-3.1+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.49+dfsg-3+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.51-2.\n\nWe recommend that you upgrade your bouncycastle packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2015-12-14T12:51:06", "type": "debian", "title": "[SECURITY] [DSA 3417-1] bouncycastle security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7940"], "modified": "2015-12-14T12:51:06", "id": "DEBIAN:DSA-3417-1:682B4", "href": "https://lists.debian.org/debian-security-announce/2015/msg00322.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-05-19T14:22:06", "description": "The version of Oracle JDeveloper installed on the remote host is missing a security patch. Please see the vendor advisory for additional information.", "cvss3": {}, "published": "2018-07-25T00:00:00", "type": "nessus", "title": "Oracle JDeveloper Information Disclosure Vulnerability (July 2018 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7940"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:jdeveloper"], "id": "ORACLE_JDEVELOPER_CPU_JUL_2018.NASL", "href": "https://www.tenable.com/plugins/nessus/111332", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111332);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2015-7940\");\n script_bugtraq_id(79091);\n\n script_name(english:\"Oracle JDeveloper Information Disclosure Vulnerability (July 2018 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A software development application installed on the remote host is\naffected by an information disclosure vulnerability within the Bouncy\nCastle Java package\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle JDeveloper installed on the remote host is\nmissing a security patch. Please see the vendor advisory for \nadditional information.\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixFMW\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?60bcb092\");\n # https://support.oracle.com/rs?type=doc&id=2394520.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?19cc26a6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the January 2018 Oracle\nCritical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7940\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdeveloper\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_jdeveloper_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle JDeveloper\");\n\n exit(0);\n}\n\ninclude('vcf_extras_oracle.inc');\n\nvar app_info = vcf::oracle_jdev::get_app_info();\n\nvar constraints = [\n { 'min_version':'12.1.3.0', 'fixed_version':'12.1.3.0.180525', 'missing_patch':'27800100' },\n { 'min_version':'12.2.1.2', 'fixed_version':'12.2.1.2.180525', 'missing_patch':'27783350' },\n { 'min_version':'12.2.1.3', 'fixed_version':'12.2.1.3.180607', 'missing_patch':'28151020' }\n # Note: 27957723 appears to be the original patch for 12.2.1.3, but is no longer listed\n];\n\nvcf::oracle_jdev::check_version_and_report(\n app_info:app_info,\n severity:SECURITY_WARNING,\n constraints:constraints\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:23", "description": "Security fix for CVE-2015-7940\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 22 : bouncycastle-1.50-8.fc22 (2015-7d95466eda)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7940"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bouncycastle", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-7D95466EDA.NASL", "href": "https://www.tenable.com/plugins/nessus/89298", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-7d95466eda.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89298);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7940\");\n script_xref(name:\"FEDORA\", value:\"2015-7d95466eda\");\n\n script_name(english:\"Fedora 22 : bouncycastle-1.50-8.fc22 (2015-7d95466eda)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-7940\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1276272\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?98f40c66\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bouncycastle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bouncycastle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"bouncycastle-1.50-8.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bouncycastle\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:10", "description": "Indexing and Search Service 1u5-29.15600: core patch.\nDate this patch was last updated by Sun : Jan/07/17", "cvss3": {}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 142824-29", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7940"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:142824", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_142824-29.NASL", "href": "https://www.tenable.com/plugins/nessus/107538", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107538);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-7940\");\n\n script_name(english:\"Solaris 10 (sparc) : 142824-29\");\n script_summary(english:\"Check for patch 142824-29\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 142824-29\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Indexing and Search Service 1u5-29.15600: core patch.\nDate this patch was last updated by Sun : Jan/07/17\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/142824-29\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 142824-29 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7940\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142824\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"142824-29\", obsoleted_by:\"\", package:\"SUNWjiss\", version:\"1.0,REV=2009.09.09\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWjiss\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:46", "description": "bouncycastle was updated to version 1.53 to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2015-7940: Invalid curve attack (bsc#951727).", "cvss3": {}, "published": "2015-11-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : bouncycastle (openSUSE-2015-705)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7940"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bouncycastle", "p-cpe:/a:novell:opensuse:bouncycastle-javadoc", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2015-705.NASL", "href": "https://www.tenable.com/plugins/nessus/86740", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-705.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86740);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-7940\");\n\n script_name(english:\"openSUSE Security Update : bouncycastle (openSUSE-2015-705)\");\n script_summary(english:\"Check for the openSUSE-2015-705 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"bouncycastle was updated to version 1.53 to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2015-7940: Invalid curve attack (bsc#951727).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=951727\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bouncycastle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bouncycastle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bouncycastle-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bouncycastle-1.53-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bouncycastle-javadoc-1.53-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bouncycastle-1.53-13.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bouncycastle-javadoc-1.53-13.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bouncycastle-1.53-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bouncycastle-javadoc-1.53-16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bouncycastle / bouncycastle-javadoc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:33", "description": "Tibor Jager, Jorg Schwenk, and Juraj Somorovsky, from Horst Gortz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic Curve keys from different applications, for example, TLS servers.\n\nMore information:\nhttp://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-att acks.htmlPractical Invalid Curve Attacks on TLS-ECDH:\nhttp://euklid.org/pdf/ECC_Invalid_Curve.pdf", "cvss3": {}, "published": "2015-12-15T00:00:00", "type": "nessus", "title": "Debian DSA-3417-1 : bouncycastle - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7940"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:bouncycastle", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3417.NASL", "href": "https://www.tenable.com/plugins/nessus/87359", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3417. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87359);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7940\");\n script_xref(name:\"DSA\", value:\"3417\");\n\n script_name(english:\"Debian DSA-3417-1 : bouncycastle - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tibor Jager, Jorg Schwenk, and Juraj Somorovsky, from Horst Gortz\nInstitute for IT Security, published a paper in ESORICS 2015 where\nthey describe an invalid curve attack in Bouncy Castle Crypto, a Java\nlibrary for cryptography. An attacker is able to recover private\nElliptic Curve keys from different applications, for example, TLS\nservers.\n\nMore information:\nhttp://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-att\nacks.htmlPractical Invalid Curve Attacks on TLS-ECDH:\nhttp://euklid.org/pdf/ECC_Invalid_Curve.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802671\"\n );\n # http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?577fd981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://euklid.org/pdf/ECC_Invalid_Curve.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/bouncycastle\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/bouncycastle\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3417\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the bouncycastle packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1.44+dfsg-3.1+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.49+dfsg-3+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bouncycastle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libbcmail-java\", reference:\"1.44+dfsg-3.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbcmail-java-doc\", reference:\"1.44+dfsg-3.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbcmail-java-gcj\", reference:\"1.44+dfsg-3.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbcpg-java\", reference:\"1.44+dfsg-3.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbcpg-java-doc\", reference:\"1.44+dfsg-3.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbcpg-java-gcj\", reference:\"1.44+dfsg-3.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbcprov-java\", reference:\"1.44+dfsg-3.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbcprov-java-doc\", reference:\"1.44+dfsg-3.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbcprov-java-gcj\", reference:\"1.44+dfsg-3.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbctsp-java\", reference:\"1.44+dfsg-3.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbctsp-java-doc\", reference:\"1.44+dfsg-3.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbctsp-java-gcj\", reference:\"1.44+dfsg-3.1+deb7u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbcmail-java\", reference:\"1.49+dfsg-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbcmail-java-doc\", reference:\"1.49+dfsg-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbcpg-java\", reference:\"1.49+dfsg-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbcpg-java-doc\", reference:\"1.49+dfsg-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbcpkix-java\", reference:\"1.49+dfsg-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbcpkix-java-doc\", reference:\"1.49+dfsg-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbcprov-java\", reference:\"1.49+dfsg-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbcprov-java-doc\", reference:\"1.49+dfsg-3+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:40", "description": "The Bouncy Castle Java library before 1.51 does not validate that a point is within the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an 'invalid curve attack.'\n\nFor Debian 6 'Squeeze', this issue has been fixed in version 1.44+dfsg-2+deb6u1 of bouncycastle.\n\nMany thanks to upstream author Peter Dettmann who reviewed the backport that we prepared.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-12-09T00:00:00", "type": "nessus", "title": "Debian DLA-361-1 : bouncycastle security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7940"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libbcmail-java", "p-cpe:/a:debian:debian_linux:libbcmail-java-doc", "p-cpe:/a:debian:debian_linux:libbcmail-java-gcj", "p-cpe:/a:debian:debian_linux:libbcpg-java", "p-cpe:/a:debian:debian_linux:libbcpg-java-doc", "p-cpe:/a:debian:debian_linux:libbcpg-java-gcj", "p-cpe:/a:debian:debian_linux:libbcprov-java", "p-cpe:/a:debian:debian_linux:libbcprov-java-doc", "p-cpe:/a:debian:debian_linux:libbcprov-java-gcj", "p-cpe:/a:debian:debian_linux:libbctsp-java", "p-cpe:/a:debian:debian_linux:libbctsp-java-doc", "p-cpe:/a:debian:debian_linux:libbctsp-java-gcj", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-361.NASL", "href": "https://www.tenable.com/plugins/nessus/87266", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-361-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87266);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7940\");\n\n script_name(english:\"Debian DLA-361-1 : bouncycastle security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Bouncy Castle Java library before 1.51 does not validate that a\npoint is within the elliptic curve, which makes it easier for remote\nattackers to obtain private keys via a series of crafted elliptic\ncurve Diffie Hellman (ECDH) key exchanges, aka an 'invalid curve\nattack.'\n\nFor Debian 6 'Squeeze', this issue has been fixed in\nversion 1.44+dfsg-2+deb6u1 of bouncycastle.\n\nMany thanks to upstream author Peter Dettmann who reviewed the\nbackport that we prepared.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/12/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/bouncycastle\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbcmail-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbcmail-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbcmail-java-gcj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbcpg-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbcpg-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbcpg-java-gcj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbcprov-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbcprov-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbcprov-java-gcj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbctsp-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbctsp-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbctsp-java-gcj\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libbcmail-java\", reference:\"1.44+dfsg-2+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libbcmail-java-doc\", reference:\"1.44+dfsg-2+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libbcmail-java-gcj\", reference:\"1.44+dfsg-2+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libbcpg-java\", reference:\"1.44+dfsg-2+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libbcpg-java-doc\", reference:\"1.44+dfsg-2+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libbcpg-java-gcj\", reference:\"1.44+dfsg-2+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libbcprov-java\", reference:\"1.44+dfsg-2+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libbcprov-java-doc\", reference:\"1.44+dfsg-2+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libbcprov-java-gcj\", reference:\"1.44+dfsg-2+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libbctsp-java\", reference:\"1.44+dfsg-2+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libbctsp-java-doc\", reference:\"1.44+dfsg-2+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libbctsp-java-gcj\", reference:\"1.44+dfsg-2+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:08:31", "description": "The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in the Enterprise Manager Base Platform component :\n\n - A flaw exists in the Bouncy Castle Java library due to improper validation of a point within the elliptic curve. An unauthenticated, remote attacker can exploit this to obtain private keys by using a series of specially crafted elliptic curve Diffie-Hellman (ECDH) key exchanges, also known as an 'invalid curve attack.' (CVE-2015-7940)\n\n - A flaw exists in Apache MyFaces Trinidad, specifically in the CoreResponseStateManager component, due to the ObjectInputStream and ObjectOutputStream strings being used directly without securely deserializing Java input.\n An unauthenticated, remote attacker can exploit this, via a deserialization attack using a crafted serialized view state string, to have an unspecified impact that may include the execution of arbitrary code.\n (CVE-2016-5019)\n\nNote that the product was formerly known as Enterprise Manager Grid Control.", "cvss3": {}, "published": "2017-01-25T00:00:00", "type": "nessus", "title": "Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (January 2017 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7940", "CVE-2016-5019"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:enterprise_manager"], "id": "ORACLE_ENTERPRISE_MANAGER_JAN_2017_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/96777", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96777);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2015-7940\", \"CVE-2016-5019\");\n script_bugtraq_id(79091, 93236);\n\n script_name(english:\"Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (January 2017 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An enterprise management application installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Enterprise Manager Cloud Control installed on\nthe remote host is affected by multiple vulnerabilities in the\nEnterprise Manager Base Platform component :\n\n - A flaw exists in the Bouncy Castle Java library due to\n improper validation of a point within the elliptic\n curve. An unauthenticated, remote attacker can exploit\n this to obtain private keys by using a series of\n specially crafted elliptic curve Diffie-Hellman (ECDH)\n key exchanges, also known as an 'invalid curve attack.'\n (CVE-2015-7940)\n\n - A flaw exists in Apache MyFaces Trinidad, specifically\n in the CoreResponseStateManager component, due to the\n ObjectInputStream and ObjectOutputStream strings being\n used directly without securely deserializing Java input.\n An unauthenticated, remote attacker can exploit this,\n via a deserialization attack using a crafted serialized\n view state string, to have an unspecified impact that\n may include the execution of arbitrary code.\n (CVE-2016-5019)\n\nNote that the product was formerly known as Enterprise Manager Grid\nControl.\");\n # https://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixEM\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7143085e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the January 2017 Oracle\nCritical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:enterprise_manager\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"oracle_enterprise_manager_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Enterprise Manager Cloud Control\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"oracle_rdbms_cpu_func.inc\");\ninclude(\"install_func.inc\");\n\nproduct = \"Oracle Enterprise Manager Cloud Control\";\ninstall = get_single_install(app_name:product, exit_if_unknown_ver:TRUE);\nversion = install['version'];\nemchome = install['path'];\n\npatchid = NULL;\nmissing = NULL;\npatched = FALSE;\n\nif (version =~ \"^13\\.1\\.0\\.0(\\.[0-9]+)?$\")\n{\n patchid = \"24897689\";\n fix = \"13.1.0.0.170117\";\n}\nelse if (version =~ \"^12\\.1\\.0\\.5(\\.[0-9]+)?$\")\n{\n patchid = \"24897692\";\n fix = \"12.1.0.5.170117\";\n}\n\nif (isnull(patchid))\n audit(AUDIT_HOST_NOT, 'affected');\n\n# compare version to check if we've already adjusted for patch level during detection\nif (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0)\n audit(AUDIT_INST_PATH_NOT_VULN, product, version, emchome);\n\n# Now look for the affected components\npatchesinstalled = find_patches_in_ohomes(ohomes:make_list(emchome));\nif (isnull(patchesinstalled))\n missing = patchid;\nelse\n{\n foreach applied (keys(patchesinstalled[emchome]))\n {\n if (applied == patchid)\n {\n patched = TRUE;\n break;\n }\n else\n {\n foreach bugid (patchesinstalled[emchome][applied]['bugs'])\n {\n if (bugid == patchid)\n {\n patched = TRUE;\n break;\n }\n }\n if (patched) break;\n }\n }\n if (!patched)\n missing = patchid;\n}\n\nif (empty_or_null(missing))\n audit(AUDIT_HOST_NOT, 'affected');\n\norder = make_list('Product', 'Version', \"Missing patch\");\nreport = make_array(\n order[0], product,\n order[1], version,\n order[2], patchid\n);\nreport = report_items_str(report_items:report, ordered_fields:order);\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-22T15:24:46", "description": "The version of Oracle Business Intelligence Publisher running on the remote host is 11.1.1.9.x prior to 11.1.1.9.200414 or 12.2.1.3.x prior to 12.2.1.3.200414 or 12.2.1.4.x prior to 12.2.1.4.200414. It is, therefore, affected by multiple vulnerabilities as noted in the April 2020 Critical Patch Update advisory\n\n - An unspecified vulnerability in the Analystics Web General component of Oracle BI Published. An easily exploitable vulnerability could allow an unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. A successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. (CVE-2020-2950)\n\n - The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an invalid curve attack. (CVE-2015-7940)\n\n - Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution (CVE-2016-1000031)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "nessus", "title": "Oracle Business Intelligence Publisher Multiple Vulnerabilities (Apr 2020 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7940", "CVE-2016-1000031", "CVE-2020-2950"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:business_intelligence_publisher"], "id": "ORACLE_BI_PUBLISHER_APR_2020_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/135678", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135678);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2015-7940\", \"CVE-2016-1000031\", \"CVE-2020-2950\");\n script_bugtraq_id(79091, 93604);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Oracle Business Intelligence Publisher Multiple Vulnerabilities (Apr 2020 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Business Intelligence Publisher running on the\nremote host is 11.1.1.9.x prior to 11.1.1.9.200414 or 12.2.1.3.x \nprior to 12.2.1.3.200414 or 12.2.1.4.x prior to 12.2.1.4.200414. \nIt is, therefore, affected by multiple vulnerabilities as noted in\nthe April 2020 Critical Patch Update advisory\n\n - An unspecified vulnerability in the Analystics Web\n General component of Oracle BI Published. An easily\n exploitable vulnerability could allow an\n unauthenticated attacker with network access via HTTP\n to compromise Oracle Business Intelligence Enterprise\n Edition. A successful attacks of this vulnerability\n can result in takeover of Oracle Business Intelligence\n Enterprise Edition. (CVE-2020-2950)\n\n - The Bouncy Castle Java library before 1.51 does not\n validate a point is withing the elliptic curve, which\n makes it easier for remote attackers to obtain private\n keys via a series of crafted elliptic curve Diffie\n Hellman (ECDH) key exchanges, aka an invalid curve\n attack. (CVE-2015-7940)\n\n - Apache Commons FileUpload before 1.3.3 DiskFileItem File\n Manipulation Remote Code Execution (CVE-2016-1000031)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpuapr2020cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2020.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2020 Oracle Critical Patch Update\nadvisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2950\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:business_intelligence_publisher\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_bi_publisher_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Business Intelligence Publisher\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\napp_info = vcf::get_app_info(app:'Oracle Business Intelligence Publisher');\n\nconstraints = [\n {'min_version': '11.1.1.9', 'fixed_version': '11.1.1.9.200414', 'patch': '30992893', 'bundle': '31094216'},\n {'min_version': '12.2.1.3', 'fixed_version': '12.2.1.3.200414', 'patch': '30768584', 'bundle': '30768584'},\n {'min_version': '12.2.1.4', 'fixed_version': '12.2.1.4.200414', 'patch': '30768593', 'bundle': '30768593'}\n];\n\nvcf::oracle_bi_publisher::check_version_and_report(app_info: app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:12:49", "description": "Security fix for CVE-2016-1181, CVE-2016-1182\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-15T00:00:00", "type": "nessus", "title": "Fedora 23 : struts (2016-21bd6a33af)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:struts", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-21BD6A33AF.NASL", "href": "https://www.tenable.com/plugins/nessus/92234", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-21bd6a33af.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92234);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-1181\", \"CVE-2016-1182\");\n script_xref(name:\"FEDORA\", value:\"2016-21bd6a33af\");\n\n script_name(english:\"Fedora 23 : struts (2016-21bd6a33af)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-1181, CVE-2016-1182\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-21bd6a33af\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected struts package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:struts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"struts-1.3.10-18.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"struts\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:44", "description": "Security fix for CVE-2016-1181, CVE-2016-1182\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-15T00:00:00", "type": "nessus", "title": "Fedora 24 : struts (2016-d717fdcf74)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:struts", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-D717FDCF74.NASL", "href": "https://www.tenable.com/plugins/nessus/92292", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-d717fdcf74.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92292);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-1181\", \"CVE-2016-1182\");\n script_xref(name:\"FEDORA\", value:\"2016-d717fdcf74\");\n\n script_name(english:\"Fedora 24 : struts (2016-d717fdcf74)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-1181, CVE-2016-1182\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-d717fdcf74\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected struts package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:struts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"struts-1.3.10-18.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"struts\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:43", "description": "The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities as noted in the January 2018 CPU advisory.", "cvss3": {}, "published": "2018-01-24T00:00:00", "type": "nessus", "title": "Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2018 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7501", "CVE-2015-7940", "CVE-2016-0635", "CVE-2016-1182", "CVE-2016-2107", "CVE-2016-2179", "CVE-2017-10068", "CVE-2017-10262", "CVE-2017-10273", "CVE-2017-10352", "CVE-2017-12617", "CVE-2017-3732", "CVE-2017-5461", "CVE-2017-5645", "CVE-2017-9798", "CVE-2018-2561", "CVE-2018-2564", "CVE-2018-2584", "CVE-2018-2596", "CVE-2018-2601", "CVE-2018-2625", "CVE-2018-2711", "CVE-2018-2713", "CVE-2018-2715", "CVE-2018-2760"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:http_server"], "id": "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "href": "https://www.tenable.com/plugins/nessus/106299", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106299);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2015-7501\",\n \"CVE-2015-7940\",\n \"CVE-2016-0635\",\n \"CVE-2016-1182\",\n \"CVE-2016-2107\",\n \"CVE-2016-2179\",\n \"CVE-2017-3732\",\n \"CVE-2017-5461\",\n \"CVE-2017-5645\",\n \"CVE-2017-9798\",\n \"CVE-2017-10068\",\n \"CVE-2017-10262\",\n \"CVE-2017-10273\",\n \"CVE-2017-10352\",\n \"CVE-2017-12617\",\n \"CVE-2018-2561\",\n \"CVE-2018-2564\",\n \"CVE-2018-2584\",\n \"CVE-2018-2596\",\n \"CVE-2018-2601\",\n \"CVE-2018-2625\",\n \"CVE-2018-2711\",\n \"CVE-2018-2713\",\n \"CVE-2018-2715\",\n \"CVE-2018-2760\"\n );\n script_bugtraq_id(\n 78215,\n 79091,\n 89760,\n 91067,\n 91869,\n 92987,\n 95814,\n 97702,\n 98050,\n 100872,\n 100954,\n 102442,\n 102535,\n 102539,\n 102541,\n 102545,\n 102550,\n 102553,\n 102558,\n 102562,\n 102565,\n 102567,\n 102569,\n 102573,\n 103826\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2018 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle HTTP Server installed on the remote host is\naffected by multiple vulnerabilities as noted in the January 2018\nCPU advisory.\");\n # https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixFMW\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6072c657\");\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76507bf8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the January 2018 Oracle Critical\nPatch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7501\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-10352\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:http_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_http_server_installed.nbin\");\n script_require_keys(\"Oracle/OHS/Installed\");\n\n exit(0);\n}\n\ninclude('oracle_http_server_patch_func.inc');\n\nget_kb_item_or_exit('Oracle/OHS/Installed');\ninstall_list = get_kb_list_or_exit('Oracle/OHS/*/EffectiveVersion');\n\ninstall = branch(install_list, key:TRUE, value:TRUE);\n\npatches = make_array();\npatches['11.1.1.7'] = make_array('fix_ver', '11.1.1.7.180116', 'patch', '27197885');\npatches['11.1.1.9'] = make_array('fix_ver', '11.1.1.9.180116', 'patch', '27301611');\npatches['12.1.3.0'] = make_array('fix_ver', '12.1.3.0.190130', 'patch', '27244723');\npatches['12.2.1.2'] = make_array('fix_ver', '12.2.1.2.171220', 'patch', '27198002');\npatches['12.2.1.3'] = make_array('fix_ver', '12.2.1.3.171117', 'patch', '27149535');\n\noracle_http_server_check_vuln(\n install : install,\n min_patches : patches,\n severity : SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:49", "description": "The IBM WebSphere Application Server running on the remote host is version 7.0.0.x through 7.0.0.45, 8.0.0.x through 8.0.0.15, 8.5.0.x prior to 8.5.5.14 or 9.0.x prior to 9.0.0.9. It is, therefore, affected by multiple vulnerabilities related to Apache Struts, including the following:\n\n - Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to manipulate the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. (CVE-2014-0114)\n\n - ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899. (CVE-2016-1181)\n\n - ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899. (CVE-2016-1182)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.14 / 9.0.x <= 9.0.0.9 Multiple Vulnerabilities (711865)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1007", "CVE-2014-0114", "CVE-2015-0899", "CVE-2016-1181", "CVE-2016-1182"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_711865.NASL", "href": "https://www.tenable.com/plugins/nessus/141566", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141566);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2012-1007\",\n \"CVE-2014-0114\",\n \"CVE-2016-1181\",\n \"CVE-2016-1182\"\n );\n\n script_name(english:\"IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.14 / 9.0.x <= 9.0.0.9 Multiple Vulnerabilities (711865)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application server is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The IBM WebSphere Application Server running on the remote host is version 7.0.0.x through 7.0.0.45, 8.0.0.x through\n8.0.0.15, 8.5.0.x prior to 8.5.5.14 or 9.0.x prior to 9.0.0.9. It is, therefore, affected by multiple vulnerabilities\nrelated to Apache Struts, including the following:\n\n - Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through\n 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class\n property, which allows remote attackers to manipulate the ClassLoader and execute arbitrary code via the\n class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm\n object in Struts 1. (CVE-2014-0114)\n\n - ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm\n instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected\n memory access) via a multipart request, a related issue to CVE-2015-0899. (CVE-2016-1181)\n\n - ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator\n configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a\n denial of service via crafted input, a related issue to CVE-2015-0899. (CVE-2016-1182)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/711865\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM WebSphere Application Server 8.5.5.14, 9.0.0.9, or later. Alternatively, upgrade to the minimal fix pack\nlevels required by the interim fix and then apply Interim Fix PI97162.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0114\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2016-1182\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\", \"ibm_enum_products.nbin\", \"ibm_websphere_application_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Application Server\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\n# Only vulnerable when using the optiona UDDI.ear\nif (report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\napp = 'IBM WebSphere Application Server';\nfix = 'Interim Fix PI97162';\n\napp_info = vcf::combined_get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\n# If the detection is only remote, Source will be set, and we should require paranoia\nif (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nif ('PI97162' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n {'min_version':'7.0.0.0', 'max_version':'7.0.0.45', 'fixed_version':fix},\n {'min_version':'8.0.0.0', 'max_version':'8.0.0.15', 'fixed_version':fix},\n {'min_version':'8.5.0.0', 'max_version':'8.5.5.13', 'fixed_version':'8.5.5.14 or ' + fix},\n {'min_version':'9.0.0.0', 'max_version':'9.0.0.8', 'fixed_version':'9.0.0.9 or ' + fix}\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:48", "description": "According to its self-reported version, the Oracle iPlanet Web Server (formerly known as Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.27 Patch 26834070. It is, therefore, affected by an unspecified vulnerability in the Network Security Services (NSS) library with unknown impact.", "cvss3": {}, "published": "2018-01-25T00:00:00", "type": "nessus", "title": "Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7501", "CVE-2015-7940", "CVE-2016-0635", "CVE-2016-1182", "CVE-2016-2107", "CVE-2016-2179", "CVE-2017-10068", "CVE-2017-10262", "CVE-2017-10273", "CVE-2017-10352", "CVE-2017-12617", "CVE-2017-3732", "CVE-2017-5645", "CVE-2017-9798", "CVE-2018-2561", "CVE-2018-2564", "CVE-2018-2584", "CVE-2018-2594", "CVE-2018-2595", "CVE-2018-2596", "CVE-2018-2601", "CVE-2018-2610", "CVE-2018-2625", "CVE-2018-2711", "CVE-2018-2713", "CVE-2018-2715", "CVE-2018-2733"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:oracle:iplanet_web_server", "cpe:/a:mozilla:network_security_services"], "id": "SUN_JAVA_WEB_SERVER_7_0_27.NASL", "href": "https://www.tenable.com/plugins/nessus/106349", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106349);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2015-7501\",\n \"CVE-2015-7940\",\n \"CVE-2016-0635\",\n \"CVE-2016-1182\",\n \"CVE-2016-2107\",\n \"CVE-2016-2179\",\n \"CVE-2017-3732\",\n \"CVE-2017-5645\",\n \"CVE-2017-9798\",\n \"CVE-2017-10068\",\n \"CVE-2017-10262\",\n \"CVE-2017-10273\",\n \"CVE-2017-10352\",\n \"CVE-2017-12617\",\n \"CVE-2018-2561\",\n \"CVE-2018-2564\",\n \"CVE-2018-2584\",\n \"CVE-2018-2594\",\n \"CVE-2018-2595\",\n \"CVE-2018-2596\",\n \"CVE-2018-2601\",\n \"CVE-2018-2610\",\n \"CVE-2018-2625\",\n \"CVE-2018-2711\",\n \"CVE-2018-2713\",\n \"CVE-2018-2715\",\n \"CVE-2018-2733\"\n );\n script_bugtraq_id(\n 78215,\n 79091,\n 89760,\n 91067,\n 91869,\n 92987,\n 95814,\n 97702,\n 98050,\n 100872,\n 100954,\n 102442,\n 102535,\n 102539,\n 102541,\n 102545,\n 102550,\n 102553,\n 102558,\n 102562,\n 102565,\n 102567,\n 102569,\n 102573,\n 102634,\n 102637,\n 102641,\n 102643\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by an unspecified vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Oracle iPlanet Web Server\n(formerly known as Sun Java System Web Server) running on the remote\nhost is 7.0.x prior to 7.0.27 Patch 26834070. It is, therefore,\naffected by an unspecified vulnerability in the Network Security\nServices (NSS) library with unknown impact.\");\n # http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae82f1b1\");\n # https://support.oracle.com/epmos/faces/SearchDocDisplay?_adf.ctrl-state=14v5w3zyq8_4&_afrLoop=466151680153736#babhdcfj\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fccabced\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle iPlanet Web Server version 7.0.27 or later as\nreferenced in the January 2018 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7501\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-10352\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:iplanet_web_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:network_security_services\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_iplanet_web_server_detect.nbin\");\n script_require_keys(\"installed_sw/Oracle iPlanet Web Server\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\ninclude(\"http.inc\");\n\napp_name = \"Oracle iPlanet Web Server\";\nport = get_http_port(default:8989);\n\ninstall = get_single_install(app_name:app_name, port:port, exit_if_unknown_ver:TRUE);\nversion = install['version'];\n\nfix = \"7.0.27\";\nmin = \"7.0\";\n\n\n\n# Affected 7.0.x < 7.0.27\nif (\n ver_compare(ver:version, fix:min, strict:FALSE) >= 0 &&\n ver_compare(ver:version, fix:fix, strict:FALSE) == -1\n)\n{\n report = report_items_str(\n report_items:make_array(\n \"Installed version\", version,\n \"Fixed version\", fix\n ),\n ordered_fields:make_list(\"Installed version\", \"Fixed version\")\n );\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:03", "description": "It was discovered that Bouncy Castle incorrectly handled certain crypto algorithms. A remote attacker could possibly use these issues to obtain sensitive information, including private keys.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-08-02T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : bouncycastle vulnerabilities (USN-3727-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6644", "CVE-2015-7940", "CVE-2016-1000338", "CVE-2016-1000339", "CVE-2016-1000341", "CVE-2016-1000342", "CVE-2016-1000343", "CVE-2016-1000345", "CVE-2016-1000346"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libbcmail-java", "p-cpe:/a:canonical:ubuntu_linux:libbcpg-java", "p-cpe:/a:canonical:ubuntu_linux:libbcpkix-java", "p-cpe:/a:canonical:ubuntu_linux:libbcprov-java", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3727-1.NASL", "href": "https://www.tenable.com/plugins/nessus/111512", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3727-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111512);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2015-6644\", \"CVE-2015-7940\", \"CVE-2016-1000338\", \"CVE-2016-1000339\", \"CVE-2016-1000341\", \"CVE-2016-1000342\", \"CVE-2016-1000343\", \"CVE-2016-1000345\", \"CVE-2016-1000346\");\n script_xref(name:\"USN\", value:\"3727-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : bouncycastle vulnerabilities (USN-3727-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that Bouncy Castle incorrectly handled certain\ncrypto algorithms. A remote attacker could possibly use these issues\nto obtain sensitive information, including private keys.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3727-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libbcmail-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libbcpg-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libbcpkix-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libbcprov-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libbcmail-java\", pkgver:\"1.49+dfsg-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libbcpg-java\", pkgver:\"1.49+dfsg-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libbcpkix-java\", pkgver:\"1.49+dfsg-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libbcprov-java\", pkgver:\"1.49+dfsg-2ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libbcmail-java / libbcpg-java / libbcpkix-java / libbcprov-java\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:32", "description": "The version of Oracle Enterprise Manager Grid Control installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in the Bouncy Castle Java library due to improper validation of a point within the elliptic curve. An unauthenticated, remote attacker can exploit this to obtain private keys by using a series of specially crafted elliptic curve Diffie-Hellman (ECDH) key exchanges, also known as an 'invalid curve attack.' (CVE-2015-7940)\n\n - A flaw exists in the PathTools module for Perl in the File::Spec::canonpath() function that is triggered as strings are returned as untainted even when passing tainted input. An unauthenticated, remote attacker can exploit this to pass unvalidated user input to sensitive or insecure areas. (CVE-2015-8607)\n\n - An overflow condition exists in Perl in the MapPathA() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-8608)\n\n - A remote code execution vulnerability exists in the Apache Struts component due to improper handling of multithreaded access to an ActionForm instance. An unauthenticated, remote attacker can exploit this, via a specially crafted multipart request, to execute arbitrary code or cause a denial of service condition.\n (CVE-2016-1181)\n\n - A flaw exists in Perl that is triggered during the handling of variables that appear twice in the environment (envp), causing the last value to appear in %ENV, while getenv would return the first. An unauthenticated, remote attacker can exploit this to cause variables to be incorrectly propagated to subprocesses, regardless of the protections offered by taint checking. (CVE-2016-2381)\n\n - A denial of service vulnerability exists in the Apache Commons FileUpload component due to improper handling of boundaries in content-type headers when handling file upload requests. An unauthenticated, remote attacker can exploit this to cause processes linked against the library to become unresponsive. (CVE-2016-3092)\n\n - A man-in-the-middle vulnerability exists in various components, known as 'httpoxy', due to a failure to properly resolve namespace conflicts in accordance with RFC 3875 section 4.1.18. The HTTP_PROXY environment variable is set based on untrusted user data in the 'Proxy' header of HTTP requests. The HTTP_PROXY environment variable is used by some web client libraries to specify a remote proxy server. An unauthenticated, remote attacker can exploit this, via a crafted 'Proxy' header in an HTTP request, to redirect an application's internal HTTP traffic to an arbitrary proxy server where it may be observed or manipulated.\n (CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388)\n\n - A carry propagating error exists in the OpenSSL component in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An unauthenticated, remote attacker with sufficient resources can exploit this to obtain sensitive information regarding private keys.\n Moreover, the attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example, this can occur by default in OpenSSL DHE based SSL/TLS cipher suites. (CVE-2017-3732)\n\n - An unspecified flaw exists in the UI Framework component that allows authenticated, remote attacker to have an impact on integrity. (CVE-2017-10091)", "cvss3": {}, "published": "2017-07-20T00:00:00", "type": "nessus", "title": "Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7940", "CVE-2015-8607", "CVE-2015-8608", "CVE-2016-1181", "CVE-2016-2381", "CVE-2016-3092", "CVE-2016-5385", "CVE-2016-5386", "CVE-2016-5387", "CVE-2016-5388", "CVE-2017-10091", "CVE-2017-3732"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:enterprise_manager"], "id": "ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/101837", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101837);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2015-7940\",\n \"CVE-2015-8607\",\n \"CVE-2015-8608\",\n \"CVE-2016-1181\",\n \"CVE-2016-2381\",\n \"CVE-2016-3092\",\n \"CVE-2016-5385\",\n \"CVE-2016-5386\",\n \"CVE-2016-5387\",\n \"CVE-2016-5388\",\n \"CVE-2017-3732\",\n \"CVE-2017-10091\"\n );\n script_bugtraq_id(\n 79091,\n 80504,\n 83802,\n 86018,\n 91068,\n 91453,\n 91815,\n 91816,\n 91818,\n 91821,\n 95814,\n 99649\n );\n script_xref(name:\"CERT\", value:\"797896\");\n\n script_name(english:\"Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An enterprise management application installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Enterprise Manager Grid Control installed on\nthe remote host is missing a security patch. It is, therefore,\naffected by multiple vulnerabilities :\n\n - A flaw exists in the Bouncy Castle Java library due to\n improper validation of a point within the elliptic\n curve. An unauthenticated, remote attacker can exploit\n this to obtain private keys by using a series of\n specially crafted elliptic curve Diffie-Hellman (ECDH)\n key exchanges, also known as an 'invalid curve attack.'\n (CVE-2015-7940)\n\n - A flaw exists in the PathTools module for Perl in the\n File::Spec::canonpath() function that is triggered as\n strings are returned as untainted even when passing\n tainted input. An unauthenticated, remote attacker can\n exploit this to pass unvalidated user input to sensitive\n or insecure areas. (CVE-2015-8607)\n\n - An overflow condition exists in Perl in the MapPathA()\n function due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2015-8608)\n\n - A remote code execution vulnerability exists in the\n Apache Struts component due to improper handling of\n multithreaded access to an ActionForm instance. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted multipart request, to execute\n arbitrary code or cause a denial of service condition.\n (CVE-2016-1181)\n\n - A flaw exists in Perl that is triggered during the\n handling of variables that appear twice in the\n environment (envp), causing the last value to appear in\n %ENV, while getenv would return the first. An\n unauthenticated, remote attacker can exploit this to\n cause variables to be incorrectly propagated to\n subprocesses, regardless of the protections offered by\n taint checking. (CVE-2016-2381)\n\n - A denial of service vulnerability exists in the Apache\n Commons FileUpload component due to improper handling of\n boundaries in content-type headers when handling file\n upload requests. An unauthenticated, remote attacker can\n exploit this to cause processes linked against the\n library to become unresponsive. (CVE-2016-3092)\n\n - A man-in-the-middle vulnerability exists in various\n components, known as 'httpoxy', due to a failure to\n properly resolve namespace conflicts in accordance with\n RFC 3875 section 4.1.18. The HTTP_PROXY environment\n variable is set based on untrusted user data in the\n 'Proxy' header of HTTP requests. The HTTP_PROXY\n environment variable is used by some web client\n libraries to specify a remote proxy server. An\n unauthenticated, remote attacker can exploit this, via a\n crafted 'Proxy' header in an HTTP request, to redirect\n an application's internal HTTP traffic to an arbitrary\n proxy server where it may be observed or manipulated.\n (CVE-2016-5385, CVE-2016-5386, CVE-2016-5387,\n CVE-2016-5388)\n\n - A carry propagating error exists in the OpenSSL\n component in the x86_64 Montgomery squaring\n implementation that may cause the BN_mod_exp() function\n to produce incorrect results. An unauthenticated, remote\n attacker with sufficient resources can exploit this to\n obtain sensitive information regarding private keys.\n Moreover, the attacker would additionally need online\n access to an unpatched system using the target private\n key in a scenario with persistent DH parameters and a\n private key that is shared between multiple clients. For\n example, this can occur by default in OpenSSL DHE based\n SSL/TLS cipher suites. (CVE-2017-3732)\n\n - An unspecified flaw exists in the UI Framework component\n that allows authenticated, remote attacker to have an\n impact on integrity. (CVE-2017-10091)\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76f5def7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2261562.1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://httpoxy.org\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2017 Oracle Critical\nPatch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:enterprise_manager\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_enterprise_manager_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Enterprise Manager Cloud Control\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"oracle_rdbms_cpu_func.inc\");\ninclude(\"install_func.inc\");\n\nproduct = \"Oracle Enterprise Manager Cloud Control\";\ninstall = get_single_install(app_name:product, exit_if_unknown_ver:TRUE);\nversion = install['version'];\nemchome = install['path'];\n\npatchid = NULL;\nmissing = NULL;\npatched = FALSE;\nfix = NULL;\n\nif (version =~ \"^13\\.2\\.0\\.0(\\.[0-9]+)?$\")\n{\n patchid = \"25731746\";\n fix = \"13.2.0.0.170718\";\n}\nelse if (version =~ \"^13\\.1\\.0\\.0(\\.[0-9]+)?$\")\n{\n patchid = \"25904755\";\n fix = \"13.1.0.0.170718\";\n}\nelse if (version =~ \"^12\\.1\\.0\\.5(\\.[0-9]+)?$\")\n{\n patchid = \"25904769\";\n fix = \"12.1.0.5.170718\";\n}\n\nif (isnull(patchid))\n audit(AUDIT_HOST_NOT, 'affected');\n\n# compare version to check if we've already adjusted for patch level during detection\nif (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0)\n audit(AUDIT_INST_PATH_NOT_VULN, product, version, emchome);\n\n# Now look for the affected components\npatchesinstalled = find_patches_in_ohomes(ohomes:make_list(emchome));\nif (isnull(patchesinstalled))\n missing = patchid;\nelse\n{\n foreach applied (keys(patchesinstalled[emchome]))\n {\n if (applied == patchid)\n {\n patched = TRUE;\n break;\n }\n else\n {\n foreach bugid (patchesinstalled[emchome][applied]['bugs'])\n {\n if (bugid == patchid)\n {\n patched = TRUE;\n break;\n }\n }\n if (patched) break;\n }\n }\n if (!patched)\n missing = patchid;\n}\n\nif (empty_or_null(missing))\n audit(AUDIT_HOST_NOT, 'affected');\n\norder = make_list('Product', 'Version', \"Missing patch\");\nreport = make_array(\n order[0], product,\n order[1], version,\n order[2], patchid\n);\nreport = report_items_str(report_items:report, ordered_fields:order);\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "github": [{"lastseen": "2023-08-07T05:24:25", "description": "The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an \"invalid curve attack.\"", "cvss3": {}, "published": "2018-10-17T16:27:50", "type": "github", "title": "Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7940"], "modified": "2023-01-09T05:02:41", "id": "GHSA-4MV7-CQ75-3QJM", "href": "https://github.com/advisories/GHSA-4mv7-cq75-3qjm", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-09-27T22:13:43", "description": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-05-13T01:25:19", "type": "github", "title": "Improper Input Validation in Apache Struts", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0899", "CVE-2016-1182"], "modified": "2023-01-27T05:02:32", "id": "GHSA-5GGR-MPGW-3MGX", "href": "https://github.com/advisories/GHSA-5ggr-mpgw-3mgx", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:53:16", "description": "Tibor Jager, Jorg Schwenk, and\nJuraj Somorovsky, from Horst Gortz Institute for IT Security, published a\npaper in ESORICS 2015 where they describe an invalid curve attack in Bouncy\nCastle Crypto, a Java library for cryptography. An attacker is able to recover\nprivate Elliptic Curve keys from different applications, for example, TLS servers.\n\nMore information:\nhttp://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html\nPractical Invalid Curve Attacks on TLS-ECDH:\nhttp://euklid.org/pdf/ECC_Invalid_Curve.pdf", "cvss3": {}, "published": "2015-12-14T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3417-1 (bouncycastle - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7940"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703417", "href": "http://plugins.openvas.org/nasl.php?oid=703417", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3417.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3417-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703417);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-7940\");\n script_name(\"Debian Security Advisory DSA 3417-1 (bouncycastle - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-12-14 00:00:00 +0100 (Mon, 14 Dec 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3417.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"bouncycastle on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 1.44+dfsg-3.1+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.49+dfsg-3+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.51-2.\n\nWe recommend that you upgrade your bouncycastle packages.\");\n script_tag(name: \"summary\", value: \"Tibor Jager, Jorg Schwenk, and\nJuraj Somorovsky, from Horst Gortz Institute for IT Security, published a\npaper in ESORICS 2015 where they describe an invalid curve attack in Bouncy\nCastle Crypto, a Java library for cryptography. An attacker is able to recover\nprivate Elliptic Curve keys from different applications, for example, TLS servers.\n\nMore information:\nhttp://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html\nPractical Invalid Curve Attacks on TLS-ECDH:\nhttp://euklid.org/pdf/ECC_Invalid_Curve.pdf\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libbcmail-java\", ver:\"1.44+dfsg-3.1+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbcmail-java-doc\", ver:\"1.44+dfsg-3.1+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbcmail-java-gcj\", ver:\"1.44+dfsg-3.1+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbcpg-java\", ver:\"1.44+dfsg-3.1+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbcpg-java-doc\", ver:\"1.44+dfsg-3.1+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbcpg-java-gcj\", ver:\"1.44+dfsg-3.1+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbcprov-java\", ver:\"1.44+dfsg-3.1+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbcprov-java-doc\", ver:\"1.44+dfsg-3.1+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbcprov-java-gcj\", ver:\"1.44+dfsg-3.1+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbctsp-java\", ver:\"1.44+dfsg-3.1+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbctsp-java-doc\", ver:\"1.44+dfsg-3.1+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbctsp-java-gcj\", ver:\"1.44+dfsg-3.1+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbcmail-java\", ver:\"1.49+dfsg-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbcmail-java-doc\", ver:\"1.49+dfsg-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbcpg-java\", ver:\"1.49+dfsg-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbcpg-java-doc\", ver:\"1.49+dfsg-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbcpkix-java\", ver:\"1.49+dfsg-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbcpkix-java-doc\", ver:\"1.49+dfsg-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbcprov-java\", ver:\"1.49+dfsg-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbcprov-java-doc\", ver:\"1.49+dfsg-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:36:09", "description": "Tibor Jager, Jorg Schwenk, and\nJuraj Somorovsky, from Horst Gortz Institute for IT Security, published a\npaper in ESORICS 2015 where they describe an invalid curve attack in Bouncy\nCastle Crypto, a Java library for cryptography. An attacker is able to recover\nprivate Elliptic Curve keys from different applications, for example, TLS servers.", "cvss3": {}, "published": "2015-12-14T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3417-1 (bouncycastle - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7940"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703417", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703417", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3417.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3417-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703417\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2015-7940\");\n script_name(\"Debian Security Advisory DSA 3417-1 (bouncycastle - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-14 00:00:00 +0100 (Mon, 14 Dec 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3417.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"bouncycastle on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 1.44+dfsg-3.1+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.49+dfsg-3+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.51-2.\n\nWe recommend that you upgrade your bouncycastle packages.\");\n script_tag(name:\"summary\", value:\"Tibor Jager, Jorg Schwenk, and\nJuraj Somorovsky, from Horst Gortz Institute for IT Security, published a\npaper in ESORICS 2015 where they describe an invalid curve attack in Bouncy\nCastle Crypto, a Java library for cryptography. An attacker is able to recover\nprivate Elliptic Curve keys from different applications, for example, TLS servers.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libbcmail-java\", ver:\"1.44+dfsg-3.1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbcmail-java-doc\", ver:\"1.44+dfsg-3.1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbcmail-java-gcj\", ver:\"1.44+dfsg-3.1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbcpg-java\", ver:\"1.44+dfsg-3.1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbcpg-java-doc\", ver:\"1.44+dfsg-3.1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbcpg-java-gcj\", ver:\"1.44+dfsg-3.1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbcprov-java\", ver:\"1.44+dfsg-3.1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbcprov-java-doc\", ver:\"1.44+dfsg-3.1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbcprov-java-gcj\", ver:\"1.44+dfsg-3.1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbctsp-java\", ver:\"1.44+dfsg-3.1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbctsp-java-doc\", ver:\"1.44+dfsg-3.1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbctsp-java-gcj\", ver:\"1.44+dfsg-3.1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbcmail-java\", ver:\"1.49+dfsg-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbcmail-java-doc\", ver:\"1.49+dfsg-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbcpg-java\", ver:\"1.49+dfsg-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbcpg-java-doc\", ver:\"1.49+dfsg-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbcpkix-java\", ver:\"1.49+dfsg-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbcpkix-java-doc\", ver:\"1.49+dfsg-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbcprov-java\", ver:\"1.49+dfsg-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbcprov-java-doc\", ver:\"1.49+dfsg-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:12", "description": "Mageia Linux Local Security Checks mgasa-2015-0487", "cvss3": {}, "published": "2015-12-29T00:00:00", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0487", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7940"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310131170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0487.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131170\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-29 11:15:52 +0200 (Tue, 29 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0487\");\n script_tag(name:\"insight\", value:\"The Bouncy Castle Java library before 1.51 does not validate a point is within the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an invalid curve attack (CVE-2015-7940).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0487.html\");\n script_cve_id(\"CVE-2015-7940\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0487\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"bouncycastle\", rpm:\"bouncycastle~1.50~3.1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-31T18:36:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-11-05T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for bouncycastle (openSUSE-SU-2015:1911-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7940"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851127", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851127", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851127\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-11-05 06:19:57 +0100 (Thu, 05 Nov 2015)\");\n script_cve_id(\"CVE-2015-7940\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for bouncycastle (openSUSE-SU-2015:1911-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bouncycastle'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"bouncycastle was updated to version 1.53 to fix one security issue.\n\n This security issue was fixed:\n\n - CVE-2015-7940: Invalid curve attack (bsc#951727).\");\n\n script_tag(name:\"affected\", value:\"bouncycastle on openSUSE 13.2, openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:1911-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE13\\.2|openSUSE13\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"bouncycastle\", rpm:\"bouncycastle~1.53~13.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bouncycastle-javadoc\", rpm:\"bouncycastle-javadoc~1.53~13.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"bouncycastle\", rpm:\"bouncycastle~1.53~8.3.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ouncycastle-javadoc\", rpm:\"ouncycastle-javadoc~1.53~8.3.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-07-02T00:00:00", "type": "openvas", "title": "Fedora Update for struts FEDORA-2016-d717fdcf74", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1182", "CVE-2016-1181"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310808530", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808530", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for struts FEDORA-2016-d717fdcf74\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808530\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-07-02 06:38:46 +0200 (Sat, 02 Jul 2016)\");\n script_cve_id(\"CVE-2016-1181\", \"CVE-2016-1182\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for struts FEDORA-2016-d717fdcf74\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'struts'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"struts on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-d717fdcf74\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQI2PYM3R4FWEOVHIFT7KUPTILG2DFMZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"struts\", rpm:\"struts~1.3.10~18.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-07-02T00:00:00", "type": "openvas", "title": "Fedora Update for struts FEDORA-2016-21bd6a33af", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1182", "CVE-2016-1181"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310808523", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808523", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for struts FEDORA-2016-21bd6a33af\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808523\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-07-02 06:38:44 +0200 (Sat, 02 Jul 2016)\");\n script_cve_id(\"CVE-2016-1181\", \"CVE-2016-1182\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for struts FEDORA-2016-21bd6a33af\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'struts'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"struts on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-21bd6a33af\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z74JLHOBT3TZVPAHD7FUPFP3LYAOQTR7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"struts\", rpm:\"struts~1.3.10~18.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T18:54:34", "description": "This host is running Apache Struts and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-11-18T00:00:00", "type": "openvas", "title": "Apache Struts Multiple Vulnerabilities-01 Nov16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0899", "CVE-2016-1182", "CVE-2016-1181"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310808538", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808538", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_struts_mult_vuln01_nov16_win.nasl 60709 2016-11-18 14:43:17 +0530 Nov$\n#\n# Apache Struts Multiple Vulnerabilities-01 Nov16 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:struts\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808538\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-1181\", \"CVE-2016-1182\", \"CVE-2015-0899\");\n script_bugtraq_id(91068, 91067, 74423);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-11-18 14:43:17 +0530 (Fri, 18 Nov 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Apache Struts Multiple Vulnerabilities-01 Nov16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Struts and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - An 'actionServlet.java' script mishandles multithreaded access to an\n ActionForm instance.\n\n - An 'actionServlet.java' script does not properly restrict the Validator\n configuration.\n\n - An error in the MultiPageValidator implementation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code or cause a denial of service or conduct\n cross-site scripting or bypass intended access restrictions.\");\n\n script_tag(name:\"affected\", value:\"Apache Struts Version 1.0 through 1.3.10\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure\n of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer\n release, disable respective features, remove the product or replace the product by another one.\");\n\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n\n script_xref(name:\"URL\", value:\"http://jvn.jp/en/jp/JVN03188560/index.html\");\n script_xref(name:\"URL\", value:\"http://jvn.jp/en/jp/JVN65044642/index.html\");\n script_xref(name:\"URL\", value:\"http://jvn.jp/en/jp/JVN86448949/index.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_struts_detect.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_mandatory_keys(\"ApacheStruts/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!appPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!appVer = get_app_version(cpe:CPE, port:appPort)){\n exit(0);\n}\n\n## Vulnerable version according to Advisory\nif(appVer =~ \"^(1\\.)\")\n{\n if(version_in_range(version:appVer, test_version:\"1.0\", test_version2:\"1.3.10\"))\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:\"WillNotFix\");\n security_message(data:report, port:appPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T18:54:08", "description": "This host is running Apache Struts and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-11-18T00:00:00", "type": "openvas", "title": "Apache Struts Multiple Vulnerabilities-01 Nov16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0899", "CVE-2016-1182", "CVE-2016-1181"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310809478", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809478", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_struts_mult_vuln01_nov16_lin.nasl 60709 2016-11-18 14:43:17 +0530 Nov$\n#\n# Apache Struts Multiple Vulnerabilities-01 Nov16 (Linux)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:struts\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809478\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-1181\", \"CVE-2016-1182\", \"CVE-2015-0899\");\n script_bugtraq_id(91068, 91067, 74423);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-11-18 14:46:45 +0530 (Fri, 18 Nov 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Apache Struts Multiple Vulnerabilities-01 Nov16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Struts and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - An 'actionServlet.java' script mishandles multithreaded access to an\n ActionForm instance.\n\n - An 'actionServlet.java' script does not properly restrict the Validator\n configuration.\n\n - An error in the MultiPageValidator implementation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code or cause a denial of service or conduct\n cross-site scripting or bypass intended access restrictions.\");\n\n script_tag(name:\"affected\", value:\"Apache Struts Version 1.0 through 1.3.10\n on Linux.\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure\n of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer\n release, disable respective features, remove the product or replace the product by another one.\");\n\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n\n script_xref(name:\"URL\", value:\"http://jvn.jp/en/jp/JVN03188560/index.html\");\n script_xref(name:\"URL\", value:\"http://jvn.jp/en/jp/JVN65044642/index.html\");\n script_xref(name:\"URL\", value:\"http://jvn.jp/en/jp/JVN86448949/index.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_struts_detect.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_mandatory_keys(\"ApacheStruts/installed\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!appPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!appVer = get_app_version(cpe:CPE, port:appPort)){\n exit(0);\n}\n\n## Vulnerable version according to Advisory\nif(appVer =~ \"^(1\\.)\")\n{\n if(version_in_range(version:appVer, test_version:\"1.0\", test_version2:\"1.3.10\"))\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:\"WillNotFix\");\n security_message(data:report, port:appPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-02T00:00:00", "type": "openvas", "title": "Ubuntu Update for bouncycastle USN-3727-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1000341", "CVE-2016-1000339", "CVE-2015-6644", "CVE-2016-1000338", "CVE-2016-1000345", "CVE-2016-1000343", "CVE-2016-1000346", "CVE-2015-7940", "CVE-2016-1000342"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843603", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843603", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3727_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for bouncycastle USN-3727-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843603\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-02 05:48:07 +0200 (Thu, 02 Aug 2018)\");\n script_cve_id(\"CVE-2015-6644\", \"CVE-2015-7940\", \"CVE-2016-1000338\", \"CVE-2016-1000339\",\n \"CVE-2016-1000341\", \"CVE-2016-1000342\", \"CVE-2016-1000343\", \"CVE-2016-1000345\",\n \"CVE-2016-1000346\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for bouncycastle USN-3727-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bouncycastle'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that Bouncy Castle\nincorrectly handled certain crypto algorithms. A remote attacker could possibly\nuse these issues to obtain sensitive information, including private keys.\");\n script_tag(name:\"affected\", value:\"bouncycastle on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3727-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3727-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libbcmail-java\", ver:\"1.49+dfsg-2ubuntu0.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libbcpg-java\", ver:\"1.49+dfsg-2ubuntu0.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libbcpkix-java\", ver:\"1.49+dfsg-2ubuntu0.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libbcprov-java\", ver:\"1.49+dfsg-2ubuntu0.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ibm": [{"lastseen": "2023-02-21T05:48:50", "description": "## Summary\n\nBouncy Castle could allow a remote attacker to obtain sensitive information, caused by an invalid curve attack. An attacker could exploit this vulnerability to extract private keys used in elliptic curve crytpography and obtain sensitive information. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-7940_](<https://vulners.com/cve/CVE-2015-7940>)** \nDESCRIPTION:** Bouncy Castle could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability using an invalid curve attack to extract private keys used in elliptic curve cryptography and obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nRST versions 8.2.*, 8.3.*, 8.5.*, 8.6.*, 8.7.*.\n\n## Remediation/Fixes\n\nIt is strongly recommended to upgrade to RPT version 9.0. \n\nFor older releases, you can alternatively update the Bouncy Castle library manually:\n\n \n1) Download the bouncy castle version 1.5.3 ( the jar can be downloaded here [https://www.bouncycastle.org/download/jce-jdk13-154.jar](<https://www.bouncycastle.org/download/jce-jdk13-153.jar>) ). \n2) Locate the previous bouncy castle librarie delivered, this will be typically at the following path: \nINSTALLATION_DIRECTORY/IBM_SHARED_PLUGINS/plugins/com.ibm.rational.ttt.common.models.core_plugin_version/lib/approvedbouncy \nFor example:: \nC:\\Program Files\\IBM\\IBMIMSharedRPT8702\\plugins\\com.ibm.rational.ttt.common.models.core_8.5.210.v20150622_1524\\lib\\approvedbouncy \nfor RPT v8.7.0.2. \n3) Rename the bouncy castle jar version 1.5.3 downloaded to the name of the previous delivered jar ( jce-jdk13-134.jar ). \n4) Replace the old jar with the new one. \n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {}, "published": "2018-06-17T05:10:54", "type": "ibm", "title": "Security Bulletin: A vulnerbility in Bouncy Castle affects Rational Service Tester (CVE-2015-7940 )", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7940"], "modified": "2018-06-17T05:10:54", "id": "7B7FB00293A8F53E25D4A2A19DB3E7DD5613C6E483518C6A9ED7EE3CF79E76F5", "href": "https://www.ibm.com/support/pages/node/544761", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:57:08", "description": "## Summary\n\nThere is a vulnerability in Bouncy Castle version 1.49 that is used by WebSphere Cast Iron. \n\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2015-7940_](<https://vulners.com/cve/CVE-2015-7940>)** \nDESCRIPTION:** Bouncy Castle could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability using an invalid curve attack to extract private keys used in elliptic curve cryptography and obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nWebSphere Cast Iron v 7.5.0.x \nWebSphere Cast Iron v 7.0.0.x\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nCast Iron Appliance| 7.5.0.1| LI78861| [iFix 7.5.0.1-CUMUIFIX-002](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.5.0.0&platform=All&function=fixId&fixids=7.5.0.1-WS-WCI-20160125-1650_H8_64-CUMUIFIX-002.scrypt2,7.5.0.1-WS-WCI-20160125-1650_H8_64-CUMUIFIX-002.vcrypt2,7.5.0.1-WS-WCI-20160125-1649_H7_64-CUMUIFIX-002.32bit.studio,7.5.0.1-WS-WCI-20160125-1649_H7_64-CUMUIFIX-002.studio&includeSupersedes=0>) \nCast Iron Appliance| 7.0.0.2| LI78861| [iFix 7.0.0.2-CUMUIFIX-022](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20151222-1746_H9_64-CUMUIFIX-022.scrypt2,7.0.0.2-WS-WCI-20151222-1746_H9_64-CUMUIFIX-022.vcrypt2,7.0.0.2-WS-WCI-20151222-1746_H9_64-CUMUIFIX-022.32bit.sc-linux,7.0.0.2-WS-WCI-20151222-1746_H9_64-CUMUIFIX-022.32bit.sc-win,7.0.0.2-WS-WCI-20151222-1746_H9_64-CUMUIFIX-022.sc-linux,7.0.0.2-WS-WCI-20151222-1746_H9_64-CUMUIFIX-022.sc-win,7.0.0.2-WS-WCI-20151222-1746_H7_64-CUMUIFIX-022.32bit.studio,7.0.0.2-WS-WCI-20151222-1746_H7_64-CUMUIFIX-022.studio&includeSupersedes=0>) \n \n## ", "cvss3": {}, "published": "2018-06-15T07:04:52", "type": "ibm", "title": "Security Bulletin: Open-source Bouncy Castle vulnerability affects IBM\u00ae WebSphere Cast Iron (CVE-2015-7940)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7940"], "modified": "2018-06-15T07:04:52", "id": "A94F39CD0E79745E3D615E6D91574F4476A22300F2013BDD63662E44D9BBDF03", "href": "https://www.ibm.com/support/pages/node/539739", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-24T06:16:08", "description": "## Summary\n\nIBM Security Identity Manager made code changes to remove the deprecated function and its related Struts V1 code library.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2016-1182](<https://vulners.com/cve/CVE-2016-1182>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly properly restrict the Validator configuration bin ActionServlet.java. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/113853](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nISIM| 6.0.2 \nISIM \n| 6.0.0 \n \n \n## Remediation/Fixes\n\nAffected Product / Version| Fix availability \n---|--- \nIBM Security Identity Manager 6.0.2| [6.0.2-ISS-SIM-IF0003](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=6.0.2-ISS-SIM-FP0003&source=SAR&function=fixId&parent=IBM%20Security> \"6.0.2-ISS-SIM-IF0003\" ) \nIBM Security Identity Manager 6.0.0| [6.0.0-ISS-SIM-FP0026](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=6.0.0-ISS-SIM-FP0026&source=SAR&function=fixId&parent=IBM%20Security> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2021-09-07T18:03:04", "type": "ibm", "title": "Security Bulletin: IBM Security Identity Manager deprecated Self Service UI contains Struts V1 (CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1182"], "modified": "2021-09-07T18:03:04", "id": "8731F85B75BA77CC3784CD784E98484D53CD189EA60F1F57A3A4EE351FF62B39", "href": "https://www.ibm.com/support/pages/node/6464833", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-06-24T06:16:24", "description": "## Summary\n\nIBM Security Identity Manager Virtual Appliance made code changes to remove the deprecated function and its associated Struts V1 code library.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2016-1182](<https://vulners.com/cve/CVE-2016-1182>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly properly restrict the Validator configuration bin ActionServlet.java. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/113853](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nISIM VA| 7.0.2 \nISIM VA \n| 7.0.1 \n \n \n## Remediation/Fixes\n\n \n\n\nAffected Product(s)| Version(s)| Fix Availability \n---|---|--- \nIBM Security Identity Manager Virtual Appliance| 7.0.2| \n\n[7.0.2-ISS-SIM-FP0003](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=7.0.2-ISS-SIM-FP0003&source=SAR&function=fixId&parent=IBM%20Security> \"\" ) \n \nIBM Security Identity Manager Virtual Appliance| 7.0.1 \n| \n\n[7.0.1-ISS-SIM-FP0016](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=7.0.1-ISS-SIM-FP0016&source=SAR&function=fixId&parent=IBM%20Security> \"7.0.1-ISS-SIM-FP0016\" ) \n \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2021-08-31T20:31:32", "type": "ibm", "title": "Security Bulletin: IBM Security Identity Manager Virtual Appliance deprecated Self Service UI contains Struts V1 (CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1182"], "modified": "2021-08-31T20:31:32", "id": "637F608901EF8B9FD34455682320A8EBC1B665D4F6B5C7F53F3E57AE66C9AAAA", "href": "https://www.ibm.com/support/pages/node/6464835", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T01:51:23", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of WebSphere Partner Gateway. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [Vulnerabilities in Apache Struts affects IBM WebSphere Application Server](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s) \n\n| Product and Version shipped as a component \n---|--- \nWebSphere Partner Gateway Advanced/Enterprise Edition 6.2.1.4| WebSphere Application Server 7.0 \nWebSphere Application Server 8.5.5 \n \n## ", "cvss3": {}, "published": "2018-06-16T20:02:09", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Partner Gateway Advanced/Enterprise Edition (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-16T20:02:09", "id": "AAE50909D8058934D5CCB989B4CEA17B72CABD2BC4CF08576581EC909FE087A7", "href": "https://www.ibm.com/support/pages/node/284941", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T01:39:08", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped as a component of IBM Rational ClearQuest. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section.\n\n## Affected Products and Versions\n\nIBM Rational ClearQuest, ClearQuest CM Server component. \n\n**Versions 8.0.0.x, 8.0.1.x, 9.0.0.x:**\n\nThis vulnerability affects only the server component.\n\n**Versions 7.1.x.x:**\n\nNot affected.\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS), which is shipped with IBM Rational ClearQuest. \n \n\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Rational ClearQuest, versions 8.0.0.x, 8.0.1.x, 9.0.0.x| IBM WebSphere Application Server versions 8.5.5 Full Profile, 8.5 Full Profile, 8.0, 7.0| [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www.ibm.com/support/docview.wss?uid=swg21985995>) \n \n**ClearQuest Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n8.0.0.x \n8.0.1.x \n9.0.0.x| Apply the appropriate WebSphere Application Server fix directly to your CQ server host. No ClearQuest-specific steps are necessary. \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-02-04T16:40:40", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server that is shipped with IBM Rational ClearQuest (CVE-2016-1181, CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2020-02-04T16:40:40", "id": "A4FDFC527D8A765D6247DDB806EE98612DA0FE7BCB4E133A742D7FA9A06E39DC", "href": "https://www.ibm.com/support/pages/node/284305", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:45:02", "description": "## Summary\n\nStruts v2 vulnerabilities affect IBM Security Guardium. IBM Security Guardium has addressed the following vulnerability. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-1181](<https://vulners.com/cve/CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113852> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2016-1182](<https://vulners.com/cve/CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113853> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\n**Affected IBM Security Guardium **\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Security Guardium | 10.0 - 10.5 \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**Remediation / First Fix** \n \n---|---|--- \nIBM Security Guardium | 10.0 - 10.5 | \n\nhttp://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=All&function=fixId&fixids=SqlGuard_10.0p600_GPU_Nov-2018-V10.6&includeSupersedes=0&source=fc \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-12-13T20:35:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Struts v2 affect IBM Security Guardium (CVE-2016-1181, CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-12-13T20:35:01", "id": "F5BAF336C0FFA1A9715652B899383A9C6D730D8ADE9E07CAD68C90971C7F8249", "href": "https://www.ibm.com/support/pages/node/741659", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:51:13", "description": "## Summary\n\nStruts v2 vulnerabilities affect IBM Security Identity Manager. IBM Security Identity Manager has addressed the applicable CVEs. \n \nThese issues were also addressed by IBM WebSphere Application Server, which is shipped with IBM Security Identity Manager. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\n \nIBM Security Identity Manager version 6.0 \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nIBM Security Identity Manager version 6.0| Apply fixes from Identity Manager and WebSphere Application Server \n \nIBM Security Identity Manager (ISIM) [6.0.0-ISS-SIM-FP0015](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=6.0.0-ISS-SIM-FP0015&source=SAR&function=fixId&parent=IBM%20Security>) \n \n \nIBM Websphere Application Server 7.0, 8.0, 8.5 and 8.5.5 - [Vulnerabilities in Apache Struts affects IBM WebSphere Application Server](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-16T21:47:37", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Struts v2 affect IBM Security Identity Manager ( CVE-2016-1181 CVE-2016-1182 )", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-16T21:47:37", "id": "C24D4FCC97FD95E90382A4216040099F16203ABF61AF30281EF1C2E136253A42", "href": "https://www.ibm.com/support/pages/node/555339", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:01", "description": "## Summary\n\nSecurity vulnerabilitiy exists in IBM FileNet Content Manager and IBM Content Foundation in Apache Struts.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n\n\n## Affected Products and Versions\n\nFileNet Content Manager 5.2.0 \nIBM Content Foundation 5.2.0 \n \nNote: this vulnerability is **_not_** applicable to FileNet Content Manager 5.2.1 or IBM Content Foundation 5.2.1\n\n## Remediation/Fixes\n\nInstall one of the fixes listed below to resolve the Apache Struts security vulnerability. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nFileNet Content Manager| 5.2.0| [PJ44282](<http://www.ibm.com/support/docview.wss?uid=swg1PJ44282>)| [5.2.0.5-P8CPE-IF001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet+Product+Family&product=ibm/Information+Management/FileNet+Content+Engine&release=5.2.0.5&platform=All&function=all>) \\- Available 9/20/2016 \nIBM Content Foundation| 5.2.0| [PJ44282](<http://www.ibm.com/support/docview.wss?uid=swg1PJ44282>)| [5.2.0.5-P8CPE-IF001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet+Product+Family&product=ibm/Information+Management/FileNet+Content+Engine&release=5.2.0.5&platform=All&function=all>) \\- Available 9/20/2016 \n \nIn the above table, the APAR links will provide more information about the fix. \nThe links in the Remediation column will take you to the location within IBM Fix Central where you can download the particular fix you need. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-17T12:16:24", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Struts affects FileNet Content Manager and IBM Content Foundation (CVE-2016-1181, CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T12:16:24", "id": "691466DAEE06683E49687F1AD61B1DE274EE44CA9F6E86B9BF8D7D76D6346999", "href": "https://www.ibm.com/support/pages/node/285013", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:50", "description": "## Summary\n\nApache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Content Collector for File Systems v3.0 \nIBM Content Collector for File Systems v4.0 \nIBM Content Collector for File Systems v4.0.1\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRM**| **Remediation** \n---|---|--- \nIBM Content Collector for File Systems| 3.0| Use IBM Content Collector for File Systems 4.0.1.5 [Interim Fix 001](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.5-IBM-ICC-IF001&source=SAR&function=fixId&parent=Enterprise%20Content%20Management>) \nIBM Content Collector for File Systems| 4.0| Use IBM Content Collector for File Systems 4.0.1.5 [Interim Fix 001](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.5-IBM-ICC-IF001&source=SAR&function=fixId&parent=Enterprise%20Content%20Management>) \nIBM Content Collector for File Systems| 4.0.1| Use IBM Content Collector for File Systems 4.0.1.5 [Interim Fix 001](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.5-IBM-ICC-IF001&source=SAR&function=fixId&parent=Enterprise%20Content%20Management>) \n \nFollow the steps in the readme file in the 4.0.1.5 interim fix 001 to install the interim fix applicable to your version. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-17T12:17:47", "type": "ibm", "title": "Security Bulletin: OpenSource Apache Struts vulnerabilities in IBM Content Collector for File Systems", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T12:17:47", "id": "286378C830B748E29DFAEAB7AC19693EE4565D1CAB6189EAA20A975B835DFAD6", "href": "https://www.ibm.com/support/pages/node/292427", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:52:44", "description": "## Summary\n\nIBM Financial Transaction Manager for Corporate Payment Services open source Apache Struts Vulnerabilities (CVE-2016-1181 CVE-2016-1182)\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\n\\- FTM for CPS v2.1.1.0, v2.1.1.1, v2.1.1.2, v2.1.1.3\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nFTM for Corporate Payment Services| 2.1.1.0, \n2.1.1.1, \n2.1.1.2, \n2.1.1.3| PI66509| Apply [2.1.1-FTM-CPS-MP-fp0004](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=2.1.1-FTM-CPS-MP-fp0004&includeSupersedes=0&source=fc>) or later \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-16T20:03:06", "type": "ibm", "title": "Security Bulletin: IBM Financial Transaction Manager for Corporate Payment Services open source Apache Struts Vulnerabilities (CVE-2016-1181 CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-16T20:03:06", "id": "C9D56908C5941D51F8B700D0AEB133B65A72D4A5D3A7FAA2D989A477B71C954D", "href": "https://www.ibm.com/support/pages/node/548021", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:46:35", "description": "## Summary\n\nWebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nIBM Tivoli System Automation Application Manager 4.1| WebSphere Application Server 8.5 \nNote that IBM Tivoli System Automation Application Manager 3.2.2, 3.2.1, and 3.2.0 are not affected. \n\n## Remediation/Fixes\n\nYou need to install the corresponding APAR from WebSphere Application Server. Please follow the instructions on this link: [_http://www-01.ibm.com/support/docview.wss?uid=swg21985995_](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>). Please see section \u201cAffected Products and Versions\u201d in this bulletin on details which fix of WebSphere Application Server applies to your version of IBM Tivoli System Automation Application Manager.\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {}, "published": "2018-06-17T15:25:57", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T15:25:57", "id": "65DC12D6E8E0D53E6ED0AF1F356647C749F500509AAE6E4435FC95F00517F01C", "href": "https://www.ibm.com/support/pages/node/284137", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T01:48:03", "description": "## Summary\n\n \nIBM WebSphere Application Server is shipped as a component of IBM Content Manager Records Enabler. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n\n## Vulnerability Details\n\n \nPlease consult the security bulletin [_Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n \nIBM Content Manager Records Enabler 8.5, 8.5.0.1, 8.5.0.2, 8.5.0.3, 8.5.0.4, 8.5.0.5 | \n\nIBM WebSphere Application Server V7.0.0.0 through 7.0.0.41 \n \nIBM Content Manager Records Enabler 8.5.0.6 | \n\nIBM WebSphere Application Server V7.0.0.0 through 7.0.0.41, V8.0.0.0 through 8.0.0.12, V8.5.0.0 \n \nIBM Content Manager Records Enabler 8.5.0.7 | \n\nIBM WebSphere Application Server V7.0.0.0 through 7.0.0.41, V8.0.0.0 through 8.0.0.12, V8.5.0.0 through 8.5.5.9 \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-17T12:16:17", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Content Manager Records Enabler (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T12:16:17", "id": "FFF1402575E7BE1F32E231DF470BEDA94544D3C346FFE024F98E6A628264A23E", "href": "https://www.ibm.com/support/pages/node/284113", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:50:12", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the security bulletin [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nIBM Tivoli Federated Identity Manager 6.2.1 \nIBM Tivoli Federated Identity Manager Business Gateway 6.2.1| IBM WebSphere Application Server 7.0 \nIBM Tivoli Federated Identity Manager 6.2.2 \nIBM Tivoli Federated Identity Manager Business Gateway 6.2.2| IBM WebSphere Application Server 7.0, 8.0, 8.5 \n \n## Remediation/Fixes\n\nIBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway are affected through IBM WebSphere Application Server. If you use one of the affected versions of WebSphere, update your IBM WebSphere Application Server with the appropriate Interim Fix based on information in the WebSphere security bulletin, ([Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>).\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-16T21:49:00", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-16T21:49:00", "id": "E3BD856982B27C3FE93EC13A76D5806B5BB18B95DD328F70706B73BE68D790ED", "href": "https://www.ibm.com/support/pages/node/287829", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-01T01:54:48", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed. \nInformation about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nCVEID: [CVE-2016-1181](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1181>) \nDESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113852> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \nCVEID: [CVE-2016-1182](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1182>) \nDESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113853> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nIBM License Metric Tool 7.5 \nIBM Tivoli Asset Discovery for Distributed 7.5 \n \nIBM License Metric Tool 7.2.2 \nIBM Tivoli Asset Discovery for Distributed 7.2.2| WebSphere Application Server 7 \n \n \nWebSphere Application Server 6.1 \n \n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server which is shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed. \n \n\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM License Metric Tool 7.5 \nIBM Tivoli Asset Discovery for Distributed 7.5 \n| WebSphere Application Server 7.0 \n| [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) \n \nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM License Metric Tool 7.2.2 \nIBM Tivoli Asset Discovery for Distributed 7.2.2| WebSphere Application Server 6.1| Please contact support for any potential fixes. \n \n## Workarounds and Mitigations\n\n**N/A**\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Product\":{\"code\":\"SS8JFY\",\"label\":\"IBM License Metric Tool\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"7.2.2;7.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}},{\"Product\":{\"code\":\"SSHT5T\",\"label\":\"Tivoli Asset Discovery for Distributed\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"}],\"Version\":\"7.2.2;7.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2021-04-26T21:17:25", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2021-04-26T21:17:25", "id": "1815BD265DEB0EE550962E1526DA1FE75BACA3823A20A4BCDA8ED078F9EC9C8D", "href": "https://www.ibm.com/support/pages/node/550369", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:47:40", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nConsult the security bulletin [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nAffected IBM WebSphere Application Server versions are listed in the security bulletin.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-17T12:16:26", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2016-1181, CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T12:16:26", "id": "A38279E551792BA29F1FA34034CD64E94266819C4862EDC7B206E7A748D269FD", "href": "https://www.ibm.com/support/pages/node/547525", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:51:28", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager (SKLM). Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the security bulletin [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n \nIBM Security Key Lifecycle Manager (SKLM) v2.5 on distributed platforms | WebSphere Application Server v8.5.5 \n \nIBM Security Key Lifecycle Manager (SKLM) v2.6 on distributed platforms | WebSphere Application Server v8.5.5.7 \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-16T21:44:41", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-16T21:44:41", "id": "9E3B1F6158EF5703EF54F7C3064A7EB99BF9523B8A6CCF05475346791179C879", "href": "https://www.ibm.com/support/pages/node/547477", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:52:18", "description": "## Summary\n\nStruts vulnerabilities affect ISD Server. ISD Server has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nFrom the IBM System Director command line enter smcli lsver to determine the level of IBM System Director installed. \n \nIBM Systems Director: \n\n\n * 6.1.0.0\n * 6.1.0.1\n * 6.1.0.2\n * 6.1.0.3\n * 6.1.1.1\n * 6.1.1.2\n * 6.1.1.3\n * 6.1.2.0\n * 6.1.2.1\n * 6.1.2.2\n * 6.1.2.3\n * 6.2.0.0\n * 6.2.0.1\n * 6.2.0.2\n * 6.2.1.0\n * 6.2.1.0\n * 6.2.1.1\n * 6.2.1.2\n * 6.3.0.0 \n * 6.3.1.0 \n * 6.3.1.1 \n * 6.3.2.0 \n * 6.3.2.1 \n * 6.3.2.2 \n * 6.3.3.0 \n * 6.3.3.1 \n * 6.3.5.0 \n * 6.3.6.0\n * 6.3.7.0\n\n## Remediation/Fixes\n\nIBM Systems Director version pre 6.3.5 are unsupported and will not be fixed. IBM recommends upgrading to a fixed, supported version of the product. \n\nFollow the instructions mentioned in Technote [811735241](<http://www-01.ibm.com/support/docview.wss?uid=nas74ca280436f7c28b1862580f1005aa33d>)[](<http://www-01.ibm.com/support/docview.wss?uid=nas72cf7b7fb4cdb924b862580a40000b3be>) to apply the fix for releases:\n\n * 6.3.5.0\n * 6.3.6.0\n * 6.3.7.0\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-18T01:35:34", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Struts affect IBM Systems Director (ISD) Server (CVE-2016-1181, CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-18T01:35:34", "id": "1D6C51DC7D1DD9D1A9F07B9737CE12B7F8F933D3089EBCB68A0BBCF75680D250", "href": "https://www.ibm.com/support/pages/node/630929", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:54:01", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of WebSphere Enterprise Service Bus. Information about the security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [Vulnerabilities in Apache Struts affects IBM WebSphere Application Server](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nWebSphere Enterprise Service Bus v7.0 and v 7.5 \nWebSphere Enterprise Service Bus Registry Edition v7.0 and v 7.5\n\n## ", "cvss3": {}, "published": "2018-06-15T07:05:57", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere \nApplication Server shipped with WebSphere Enterprise Service Bus (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-15T07:05:57", "id": "4C800D760232A012AE25AED7F8AFCFF9E3EF3D9D48D3614E764CC6588F221519", "href": "https://www.ibm.com/support/pages/node/284105", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T05:51:14", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Tivoli Security Policy Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nProduct Version\n\n| WebSphere version \n---|--- \nTivoli Security Policy Manager 7.1| WebSphere Application Server 7.0 \nWebSphere Application Server 8.0 \nTivoli Security Policy Manager 7.0| WebSphere Application Server 7.0 \n \n## Remediation/Fixes\n\nIBM Tivoli Security Policy Manager (TSPM) is affected through IBM WebSphere Application Server. If you are running TSPM with one of the affected versions of WebSphere, update your IBM WebSphere Application Server with the appropriate Interim Fix based on information in the WebSphere security bulletin ([Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>)).\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-16T21:46:38", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-16T21:46:38", "id": "6F2C088BF5D78FB804760981ACFE38C9CC104BC5F9390812E5D324682512AD45", "href": "https://www.ibm.com/support/pages/node/552249", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:52:19", "description": "## Summary\n\nMultiple vulnerabilities have been identified in Struts that is embedded in the IBM FSM. This bulletin addresses these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nFlex System Manager 1.3.4.0 \nFlex System Manager 1.3.3.0 \nFlex System Manager 1.3.2.1 \nFlex System Manager 1.3.2.0\n\n## Remediation/Fixes\n\nIBM recommends updating the FSM using the instructions referenced in this table. \n \n**WARNING:** If an early version (fix downloaded before 4/19/2017) of the fix listed below was installed, the brand information on the FSM login screen will be displayed as \"IBM Systems Director\". This branding issue will not cause any functional FSM issues. The correct FSM branding can be restored by downloading the current version of the fix (Release Date of the fix listed in table is 4/26/2017 or later), reinstalling the current version of the fix and restarting the FSM. \n \n\n\nProduct | \n\nVRMF | \n\nRemediation \n---|---|--- \n \nFlex System Manager | \n\n1.3.4.0 | Install [fsmfix1.3.4.0_IT19321_IT19679_IT19695_IT19698_IT19709_IT19811](<https://www.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.4.0_IT19321_IT19679_IT19695_IT19698_IT19709_IT19811&function=fixId&parent=Flex%20System%20Manager%20NodeFlex%20System%20Manager>) \n \nFlex System Manager | \n\n1.3.3.0 | Install [fsmfix1.3.3.0_IT19321_IT19679_IT19695_IT19698_IT19709_IT19811](<https://www.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.3.0_IT19321_IT19679_IT19695_IT19698_IT19709_IT19811&function=fixId&parent=Flex%20System%20Manager%20NodeFlex%20System%20Manager>) \n \nFlex System Manager | \n\n1.3.2.1 \n1.3.2.0 | Install [fsmfix1.3.2.0_IT19321_IT19679_IT19695_IT19698_IT19709_IT19811](<https://www.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.2.0_IT19321_IT19679_IT19695_IT19698_IT19709_IT19811&function=fixId&parent=Flex%20System%20Manager%20NodeFlex%20System%20Manager>) \n \nFor all VRMF not listed in this table, IBM recommends upgrading to a fixed and supported version/release of the product. \n \nFor a complete list of FSM security bulletins refer to this technote: [http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex-_-NULL-_-E](<http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex-_-NULL-_-E>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-18T01:35:37", "type": "ibm", "title": "Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple Struts vulnerabilities (CVE-2016-1181, CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-18T01:35:37", "id": "3C630E87CC8A98E980FC5838CF94096C676B99FA65014F79A0F1057053EEB9E0", "href": "https://www.ibm.com/support/pages/node/630955", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:45:10", "description": "## Summary\n\nIBM WebSphere Application Server v7.0 is shipped as a component of IBM Integrated Information Core. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin.\n\n## Vulnerability Details\n\nConsult the security bulletin: [Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<www.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes. \n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nIBM Integrated Information Core V1.5, V1.5.0.1 and V1.5.0.2| IBM WebSphere Application Server v7.0 \n \n## Remediation/Fixes\n\nDownload the correct version of the fix from the following link: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182). Installation instructions for the fix are included in the readme document that is in the fix package.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-17T22:28:33", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server that is shipped with IBM Integrated Information Core (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T22:28:33", "id": "EA4BC9A6E1BC28B39AE0C360DA599139777EC05EDFDC5120E91AC3051300D3E7", "href": "https://www.ibm.com/support/pages/node/284009", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:46:27", "description": "## Summary\n\nEmbedded Websphere Application Server (eWAS) is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting eWAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nWebGUI 7.4.0 GA and FP| embedded Websphere Application Server 7.0 \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-17T15:25:58", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in embedded IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T15:25:58", "id": "F9A935F07F0C2592550406829A333AA17FFA9DE5B312BF55A008E03FEAC4C43E", "href": "https://www.ibm.com/support/pages/node/284185", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:59", "description": "## Summary\n\nApache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. This vulnerability also affects other products. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Content Collector for Microsoft SharePoint v3.0 \nIBM Content Collector for Microsoft SharePoint v4.0 \nIBM Content Collector for Microsoft SharePoint v4.0.1\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRM**| **Remediation** \n---|---|--- \nIBM Content Collector for Microsoft SharePoint| 3.0| Use IBM Content Collector for Microsoft SharePoint 4.0.1.5 [Interim Fix 001](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.5-IBM-ICC-IF001&source=SAR&function=fixId&parent=Enterprise%20Content%20Management>) \nIBM Content Collector for Microsoft SharePoint| 4.0| Use IBM Content Collector for Microsoft SharePoint 4.0.1.5 [Interim Fix 001](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.5-IBM-ICC-IF001&source=SAR&function=fixId&parent=Enterprise%20Content%20Management>) \nIBM Content Collector for Microsoft SharePoint| 4.0.1| Use IBM Content Collector for Microsoft SharePoint 4.0.1.5 [Interim Fix 001](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.5-IBM-ICC-IF001&source=SAR&function=fixId&parent=Enterprise%20Content%20Management>) \n \nFollow the steps in the readme file in the 4.0.1.5 interim fix 001 to install the interim fix applicable to your version. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-17T12:17:48", "type": "ibm", "title": "Security Bulletin: OpenSource Apache Struts vulnerability in IBM Content Collector for Microsoft SharePoint", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T12:17:48", "id": "D75C787D719F6B509B47AAA92C0EBBE969DDCD2CD7BAA1800C224FD759790609", "href": "https://www.ibm.com/support/pages/node/292421", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:45:30", "description": "## Summary\n\nApache Struts vulnerabilities affect FastBack for Workstations Central Administration Console.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nFastBack for Workstations Central Administration Console v6.3 \n\n## Remediation/Fixes\n\nThe fix for FastBack for Workstations CAC 6.3 will be to apply the WAS interim fix pack PI64303 to the version of WAS included with the Tivoli Integrated Portal. \nIn order to obtain the PI64303 fix refer to the WAS security bulletin: \n<http://www-01.ibm.com/support/docview.wss?uid=swg21985995> \nClick on the link for v7.0.0.0 through v7.0.0.41 interim fix pack PI64303. Click the HTTPS download link for 7.0.0.33-WS-WAS-IFPI64303. \nThere will be a Readme.txt file and a 7.0.0.33-ws-was-ifpi64303.pak file. \n \nTo apply, do the following: \n1\\. If not already at the CAC 6.3.1.1 version upgrade to this version. \n2\\. Stop the Tivoli Service: Tivoli Intergrated Portal - V2.2_TIPProfile_Port_16310 \n3\\. Using the Update Installer application (update.exe) found in the Tivoli Intergrated Portal installation directory \n(default location: C:\\IBM\\Tivoli\\Tipv2_fbws\\WebSphereUpdateInstallerV7) apply the .pak file downloaded earlier \n4\\. Restart the Tivoli Service or reboot the machine \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-17T15:26:53", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Struts affects FastBack for Workstations Central Administration Console (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T15:26:53", "id": "BE523D88E9070A2DC41C20554C070BC6A203CA40E3C999CC7B9D52C82AF77DEF", "href": "https://www.ibm.com/support/pages/node/547735", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:03", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Records Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\n \nPlease consult the security bulletin [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\n \n\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version \n---|--- \nIBM Records Manager 8.5, 8.5.0.1, 8.5.0.2, 8.5.0.3, 8.5.0.4, 8.5.0.5| IBM WebSphere Application Server V7.0.0.0 through 7.0.0.41 \nIBM Records Manager 8.5.0.6| IBM WebSphere Application Server V7.0.0.0 through 7.0.0.41, V8.0.0.0 through 8.0.0.12, V8.5.0.0 \nIBM Records Manager 8.5.0.7| IBM WebSphere Application Server V7.0.0.0 through 7.0.0.41, V8.0.0.0 through 8.0.0.12, V8.5.0.0 through 8.5.5.9 \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-17T12:16:17", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Records Manager (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T12:16:17", "id": "D9F3546932BD432766323A6E9A562D656E3EAC77AAB6EE3AAADFF6008E59BC30", "href": "https://www.ibm.com/support/pages/node/284115", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:54:03", "description": "## Summary\n\nApache Struts vulnerabilities affect WebSphere Application Server and WebSphere Application Server Hypervisor Edition Administration Console. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nThe following Versions of WebSphere Application Server and IBM WebSphere Application Server Hypervisor Edition may be affected: \n\n * Version 9.0\n * Version 8.5 and 8.5.5 Full Profile \n * Version 8.0 \n * Version 7.0 \n\n## Remediation/Fixes\n\n**For IBM WebSphere Application Server and IBM WebSphere Application Server Hypervisor Edition:** \n \n**For V9.0.0.0**\n\n * Apply Interim Fix [PI64303](<http://www-01.ibm.com/support/docview.wss?uid=swg24042468>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24041257>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039898>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039403>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038969>)\n\\-- OR \n * Apply Fix Pack 1 (9.0.0.1), or later.\n** \nFor V8.5.0.0 through 8.5.5.9:**\n\n * Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PI64303](<http://www-01.ibm.com/support/docview.wss?uid=swg24042468>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24041257>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039898>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039403>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038969>)\n\\-- OR \n * Apply Fix Pack 10 (8.5.5.10), or later.\n** \nFor V8.0.0.0 through 8.0.0.12:**\n\n * Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PI64303](<http://www-01.ibm.com/support/docview.wss?uid=swg24042468>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24041257>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039898>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039403>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038969>)\n\\-- OR \n * Apply Fix Pack 13 (8.0.0.13), or later.\n** \nFor V7.0.0.0 through 7.0.0.41:**\n\n * Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PI64303](<http://www-01.ibm.com/support/docview.wss?uid=swg24042468>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24041257>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039898>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039403>)\n\\-- OR \n * Apply Fix Pack 43 (7.0.0.43), or later. \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-15T07:05:55", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-15T07:05:55", "id": "CD1AEA82D347BCF45C817F297F91F17B63798AE3055B653759D8342B9405F1E0", "href": "https://www.ibm.com/support/pages/node/283179", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:56:34", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Workload Deployer. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nConsult the security bulletin [_Vulnerabilities in Apache Struts afftects IBM WebSphere Application Server _](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes. \n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nIBM Workload Deployer 3.1.0.7| IBM WebSphere Application Server 7.0.0.0 \nIBM WebSphere Application Server 8.0.0.0 \nIBM WebSphere Application Server 8.5.0.0 \nIBM WebSphere Application Server 8.5.5.0 \n \n## ", "cvss3": {}, "published": "2018-06-15T07:06:02", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Struts has been identified in IBM WebSphere Application Server shipped with IBM Workload Deployer (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-15T07:06:02", "id": "12780044E1A62D25F913723FBCBD5B926E91CC9AC8CA8FAA1DCE18D02D152689", "href": "https://www.ibm.com/support/pages/node/547901", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-24T06:00:52", "description": "## Summary\n\nIBM WebSphere Application Server v7.0 is shipped as a component of IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM WebSphere Application Server have been identified and published in a security bulletin.\n\n## Vulnerability Details\n\nConsult the security bulletin: [Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<www.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\n**Principal Product and Versions**\n\n| **Affected Supporting Products and Versions** \n---|--- \nIBM Intelligent Operations Center V1.5, V1.6| IBM Intelligent Operations Center for Emergency Management V1.6 \nIBM Intelligent Operations for Water V1.0, V1.5, V1.6 \nIBM Intelligent Operations for Transportation V1.0, V1.5, V1.6 \nIBM Intelligent City Planning and Operations V1.5, V1.6 \nIBM Intelligent Operations Center V5.1| IBM Intelligent Operations Center for Emergency Management V5.1 \n \n## Remediation/Fixes\n\nDownload the correct version of the fix from the following link: [Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<www.ibm.com/support/docview.wss?uid=swg21985995>). Installation instructions for the fix are included in the readme document that is in the fix package.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-08-19T21:04:31", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server that is shipped with IBM Intelligent Operations Center and related products (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2022-08-19T21:04:31", "id": "F5D5AAF38F45575DCEBF7AD5E9B3D25AA8678ED2972A091BF0082B881BDC74A4", "href": "https://www.ibm.com/support/pages/node/284011", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:57:53", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nMaximo Asset Management 7.6 \nSmartCloud Control Desk 7.6 \nMaximo for Life Sciences 7.6 \nMaximo for Transportation 7.6| IBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \nMaximo Asset Management 7.5 \nMaximo Asset Management Essentials 7.5 \nMaximo for Government 7.5 \nMaximo for Nuclear Power 7.5 \nMaximo for Transportation 7.5 \nMaximo for Life Sciences 7.5 \nMaximo for Oil and Gas 7.5 \nMaximo for Utilities 7.5 \nMaximo Adapter for Primavera 7.5 \nSmartCloud Control Desk 7.5 \nTRIRIGA Energy Optimization 1.1| IBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \nIBM WebSphere Application Server 8.0 \nIBM WebSphere Application Server 7.0 \nMaximo Asset Management 7.1 \nMaximo Asset Management Essentials 7.1 \nMaximo Asset Management for Energy Optimization 7.1 \nMaximo for Government 7.1 \nMaximo for Nuclear Power 7.1 \nMaximo for Transportation 7.1 \nMaximo for Life Sciences 7.1 \nMaximo for Oil and Gas 7.1 \nMaximo for Utilities 7.1 \nMaximo Adapter for Primavera 7.1| IBM WebSphere Application Server 7.0 \nTivoli Asset Management for IT 7.2 \nTivoli Service Request Manager 7.2 \nChange and Configuration Management Database 7.2| IBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 7.0 \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-09-22T03:02:31", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2022-09-22T03:02:31", "id": "23F8C1E67922626C0589CA86ED9B40D441D494E8B56CD8FF4A2EF76F18E6861F", "href": "https://www.ibm.com/support/pages/node/284963", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:09:02", "description": "## Summary\n\nStruts v2 vulnerabilities affet IBM Spectrum Control and Tivoli Storage Productivity Center. IBM Spectrum Control and Tivoli Storage Productivity Center have addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n\n\n## Affected Products and Versions\n\n \nIBM Spectrum Control 5.2.8 through 5.2.10.1 \nTivoli Storage Productivity Center 5.2.0 through 5.2.7.1 \nTivoli Storage Productivity Center 5.1.0 through 5.1.1.10 \n \nThe versions listed above apply to all licensed offerings of IBM Spectrum Control and Tivoli Storage Productivity Center, including IBM SmartCloud Virtual Storage Center Storage Analytics Engine.\n\n## Remediation/Fixes\n\n**Note:** It is always recommended to have a current backup before applying any update procedure. \n \nApply the IBM Spectrum Control or Tivoli Storage Productivity Center fix maintenance as soon as practicable. (See [_Latest Downloads_](<http://www.ibm.com/support/docview.wss?uid=swg21320822>).) \n\n\n**Affected Version**| **APAR**| **Fixed Version**| **Availability** \n---|---|---|--- \n5.2.x| IT16542 | 5.2.11| August 2016 \n5.1.1.x| IT16542| 5.1.1.12| October 2016 \n \n \n\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-02-22T19:50:07", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Struts v2 affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-1181, CVE-2016-1182", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2022-02-22T19:50:07", "id": "29036B6FEB00571E2FBC00E867150134E5DF9C08AD44F9670B7C8B0109F99570", "href": "https://www.ibm.com/support/pages/node/549139", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:54", "description": "## Summary\n\nStruts v2 vulnerabilities affect IBM Enterprise Records has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Enterprise Records v5.2.0 - 5.2.0.3\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation_ \n---|---|--- \nIBM Enterprise Records| 5.2.0 - 5.2.0.3| Use IBM Enterprise Records 5.2.0 Fix Pack 4 Interim Fix 2 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-17T12:17:55", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Struts v2 affect IBM Enterprise Records", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T12:17:55", "id": "C6D76168198B9EF24D77F1D04BA06E30D33B0C7D71C8457114E69E1A43BB68AD", "href": "https://www.ibm.com/support/pages/node/294473", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:56:36", "description": "## Summary\n\nWebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nWebSphere Remote Server 7.0, 7.1, 7.1.1, 7.1.2, 8.5\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with WebSphere Remote Server. \n \n\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nWebSphere Remote Server 7.0, 7.1, 7.1.1, 7.1.2, 8.5| WebSphere Application Server 7.0, 8.0, 8.5, 8.5.5, 9.0| [_Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)_](<http://www.ibm.com/support/docview.wss?uid=swg21985995>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-15T07:06:00", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-15T07:06:00", "id": "3CFF13ADA1D4912594BB3AC9D0D9ACB17881A208B1AD8998A1E8BD64DD6C5268", "href": "https://www.ibm.com/support/pages/node/547521", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:56:34", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM PureApplication System. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nConsult the security bulletin [_Vulnerabilities in Apache Struts afftects IBM WebSphere Application Server _](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes. \n \nThe WebSphere fixes can be installed using the IBM PureApplication System\u2019s Installation Manager Repository feature.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nPureApplication System versions 2.0, 2.1, and 2.2| IBM WebSphere Application Server 7.0.0.0 \nIBM WebSphere Application Server 8.0.0.0 \nIBM WebSphere Application Server 8.5.0.0 \nIBM WebSphere Application Server 8.5.5.0 \nIBM WebSphere Application Server 9.0.0.0 \n \n## ", "cvss3": {}, "published": "2018-06-15T07:06:02", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Struts has been identified in IBM WebSphere Application Server shipped with IBM PureApplication System (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-15T07:06:02", "id": "C9594147E388237928595F1CF759F8EC355015BE6AC29A030A2FA3207D9B6DE4", "href": "https://www.ibm.com/support/pages/node/547903", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T01:38:48", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Predictive Customer Intelligence. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nPredictive Customer Intelligence 1.0| WebSphere Application Server 8.5.5 ND \nPredictive Customer Intelligence 1.0.1| WebSphere Application Server 8.5.5 ND \nPredictive Customer Intelligence 1.1| WebSphere Application Server 8.5.5.6 ND \nPredictive Customer Intelligence 1.1.1| WebSphere Application Server 8.5.5.6 ND \n \n## Remediation/Fixes\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nPredictive Customer Intelligence 1.0 and 1.0.1| WebSphere Application Server 8.5.5| [_Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) \nPredictive Customer Intelligence 1.1 and 1.1.1| WebSphere Application Server 8.5.5.6| [_Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-02-11T21:31:00", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with Predictive Customer Intelligence (CVE-2016-1181, CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2020-02-11T21:31:00", "id": "C270008C47088F4AB45570D101436BB116E08F304CC36AF51E0823C68AFCAAE8", "href": "https://www.ibm.com/support/pages/node/284795", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:51:22", "description": "## Summary\n\nWebSphere Application Server is/are shipped with Financial Transaction Manager. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nFinancial Transaction Manager for MP v2.0| WebSphere Application Server 7.0 \nFinancial Transaction Manager for MP v2.1| WebSphere Application Server 8.0 \nFinancial Transaction Manager for MP v3.0| WebSphere Application Server 8.5.5 \n \n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is/are shipped with Financial Transaction Manager. \n \n\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nFinancial Transaction Manager for MP v2.0| WebSphere Application Server 7.0| [_Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) \nFinancial Transaction Manager for MP v2.1| WebSphere Application Server 8.0 \nFinancial Transaction Manager for MP v3.0| WebSphere Application Server 8.5.5 \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-16T20:02:01", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with Financial Transaction Manager (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-16T20:02:01", "id": "F2A538AF2ED1CAABCF5F0891DB02363ECADA659FE7F2989D3CCD7668E4585622", "href": "https://www.ibm.com/support/pages/node/284149", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:41:39", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section.\n\n## Affected Products and Versions\n\nIBM Rational ClearCase, ClearCase Remote Client (CCRC) WAN server/CM Server component. \n\n**Versions 8.0.0.x, 8.0.1.x, 9.0.0.x:**\n\n \nThis vulnerability affects only the CCRC WAN server component. \n**Versions 7.1.x.x:**\n\n \nNot affected.\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS), which is shipped with IBM Rational ClearCase. \n \n\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Rational ClearCase, versions 8.0.0.x, 8.0.1.x, 9.0.0.x| IBM WebSphere Application Server versions 8.5.5 Full Profile, 8.5 Full Profile, 8.0, 7.0| [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www.ibm.com/support/docview.wss?uid=swg21985995>) \n \n**ClearCase Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n8.0.0.x \n8.0.1.x \n9.0.0.x| Apply the appropriate WebSphere Application Server fix directly to your CCRC WAN server host. No ClearCase-specific steps are necessary. \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-07-10T08:34:12", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server that is shipped with IBM Rational ClearCase (CVE-2016-1181, CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-07-10T08:34:12", "id": "2DD38E427DB50FDA5C4D07F52BDC62BA35206BA44BC185595E39ACAE88DD41C5", "href": "https://www.ibm.com/support/pages/node/284237", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:54:09", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nConsult the security bulletin [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nIBM Business Monitor V8.5.5, V8.5.6 and V8.5.7 \n\nIBM Business Monitor V8.0.1.3\n\nIBM Business Monitor V7.5.1.2\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-15T07:05:59", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-15T07:05:59", "id": "9CC98367A213309185EDA7DC75FCDBBA5D5754142F33E0C8ED1B454D10CF416E", "href": "https://www.ibm.com/support/pages/node/284535", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:48", "description": "## Summary\n\nApache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. This vulnerability also affects other products. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nContent Collector for IBM Connections v3.0 \nContent Collector for IBM Connections v4.0 \nContent Collector for IBM Connections v4.0.1\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRM**| **Remediation** \n---|---|--- \nContent Collector for IBM Connections| 3.0| Use Content Collector for IBM Connections 4.0.1.5 [Interim Fix 001](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.5-IBM-ICC-IF001&source=SAR&function=fixId&parent=Enterprise%20Content%20Management>) \nContent Collector for IBM Connections| 4.0| Use Content Collector for IBM Connections 4.0.1.5 [Interim Fix 001](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.5-IBM-ICC-IF001&source=SAR&function=fixId&parent=Enterprise%20Content%20Management>) \nContent Collector for IBM Connections| 4.0.1| Use Content Collector for IBM Connections 4.0.1.5 [Interim Fix 001](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.5-IBM-ICC-IF001&source=SAR&function=fixId&parent=Enterprise%20Content%20Management>) \n \nFollow the steps in the readme file in the 4.0.1.5 interim fix 001 to install the interim fix applicable to your version. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-17T12:17:48", "type": "ibm", "title": "Security Bulletin: OpenSource Apache Struts vulnerability in Content Collector for IBM Connections", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T12:17:48", "id": "6AB5B24B612744A794E7F28CC88F04C811F4BB9710FE31917EFCB65EDDDF7C9A", "href": "https://www.ibm.com/support/pages/node/292413", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:56:32", "description": "## Summary\n\nVulnerability in Apache Struts and Apache Commons FileUpload affects IBM WebSphere Service Registry and Repository (CVE-2016-1181, CVE-2016-1182, CVE-2016-3092) \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n \n \n**CVEID:** [CVE-2016-3092](<https://vulners.com/cve/CVE-2016-3092>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114336> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\n \nWebSphere Service Registry and Repository V8.5 \nWebSphere Service Registry and Repository V8.0 \n \nFor unsupported versions IBM recommends upgrading to a fixed, supported version of the product \n\n## Remediation/Fixes\n\nTo remediate CVE-2016-1181, CVE-2016-1182 and CVE-2016-3092 you need to apply fixes for both IBM WebSphere Application Server and IBM WebSphere Service Registry and Repository. \n \nFor** WebSphere Application Server** updates refer to this bulletin regarding CVE-2016-1181 and CVE-2016-1182 \n[Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www.ibm.com/support/docview.wss?uid=swg21985995>) \n \nFor CVE-2016-3092, please refer to this to this bulletin: \n[Security Bulletin: Apache Commons FileUpload Vulnerability affects WebSphere Application Server (CVE-2016-3092)](<http://www.ibm.com/support/docview.wss?uid=swg21987864>) \n \nFor **WebSphere Service Registry and Repository**, all three vulnerabilities have been fixed under APARs **IV87422 **and **IV87429** \n \nFixes containing IV87422 and IV87429 have been published and are available from Fix Central. \n \n**For WSRR V8.5**\n\n * Apply [**V8.5.6.0_IV79085_IV87422_IV87429_****IV89477**](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Service+Registry+and+Repository&function=fixId&fixids=8.5.6.0-WS-WSRR-MultiOS-IFIV79085_IV87422_IV87429_IV89477>)** \n**\n**For WSRR V8.0**\n\n * Apply [](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Service+Registry+and+Repository&function=fixId&fixids=8.0.0.3-WS-WSRR-MultiOS-IFIV65487_IV79085>)[**V8.0.0.3_IV65487_IV79085_IV87422_IV87429_****IV89477**](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Service+Registry+and+Repository&function=fixId&fixids=8.0.0.3-WS-WSRR-MultiOS-IFIV65487_IV79085_IV87422_IV87429_IV89477>)** \n**\nIBM recommends that you review your entire environment to identify vulnerable releases of the open-source Apache Commons Collections and take appropriate mitigation and remediation actions. \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-15T07:06:03", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Struts and Apache Commons FileUpload affects IBM WebSphere Service Registry and Repository (CVE-2016-1181, CVE-2016-1182, CVE-2016-3092)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182", "CVE-2016-3092"], "modified": "2018-06-15T07:06:03", "id": "55C6EB16408836E84C4255320770BC4F60934779CE325008D25B4951C20115C1", "href": "https://www.ibm.com/support/pages/node/548483", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T01:53:59", "description": "## Summary\n\nThere is an information disclosure vulnerability in IBM WebSphere Application Server Liberty for any users of the JAX-RS API. Apache Struts vulnerabilities affect WebSphere Application Server Administration Console. \n\n## Vulnerability Details\n\nPlease consult the security bulletins for vulnerability details and information about fixes: \n\n\n * [**Security Bulletin: Information disclosure in WebSphere Application Server Liberty (CVE-2016-2923)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21983700>)\n * * [**Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>)\n[](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995#com.dblue.docview.dwAnswers.textfield.addQuestion>)\n\n## Affected Products and Versions\n\nThese vulnerabilities affect the following versions and releases of IBM WebSphere Application Server that IBM WebSphere Application Server Patterns supports \n\n * Version 8.0\n * Version 8.5.5 Full Profile and Liberty\n * Version 9.0\n\n## Remediation/Fixes\n\nTo patch an existing PureApplication Virtual System Instance, apply the patch using the PureApplication Maintainence fix process. \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-15T07:05:58", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Applciation Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2923"], "modified": "2018-06-15T07:05:58", "id": "6858032AD0022691AF88FEDCEF29BB4CEA50172EAD995CAB6463B91C16637C1C", "href": "https://www.ibm.com/support/pages/node/284161", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:46:26", "description": "## Summary\n\nWebsphere Application Server (WAS) Full profile is shipped as a component of Jazz for Service Management (JazzSM) and WAS has been affected by multiple security vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0359_](<https://vulners.com/cve/CVE-2016-0359>)** \nDESCRIPTION:** IBM WebSphere Application Server is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111929_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111929>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nJazz for Service Management version 1.1.0 - 1.1.3\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nJazz for Service Management version 1.1.0 - 1.1.3| Websphere Application Server Full Profile 8.5.5| [Security Bulletin: HTTP Response Splitting in WebSphere Application Server (CVE-2016-0359)](<http://www-01.ibm.com/support/docview.wss?uid=swg21982526>) \n \n[Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) \n \n## Workarounds and Mitigations\n\nPlease refer to WAS iFix\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-17T15:26:47", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Jazz for Service Management (CVE-2016-0359, CVE-2016-1181, CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0359", "CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T15:26:47", "id": "8AECCBE0CD244EF2C1818D4560A2112EBDDE17CF922BC7869D4367156735AD72", "href": "https://www.ibm.com/support/pages/node/285283", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:56:27", "description": "## Summary\n\nMultiple security vulnerabilities have been reported for Apache Struts that is used by IBM Business Process Manager and WebSphere Lombardi Edition.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-1181](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113852> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [CVE-2016-1182](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113853> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n \n \n**CVEID:** [CVE-2015-0899](<https://vulners.com/cve/CVE-2015-0899>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system. This vulnerability also affects other products. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101770> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n\n## Affected Products and Versions\n\n * * WebSphere Lombardi Edition V7.2.0.0 - V7.2.0.5\n * IBM Business Process Manager all editions V7.5.0.0 - V7.5.1.2\n * IBM Business Process Manager all editions V8.0.0.0 - V8.0.1.3\n * IBM Business Process Manager all editions V8.5.0.0 - V8.5.7.0 prior to cumulative fix 2016.09\n\n## Remediation/Fixes\n\nInstall IBM Business Process Manager interim fix JR56285 as appropriate for your current IBM Business Process Manager or WebSphere Lombardi Edition version. \n\n\n * [_IBM Business Process Manager Advanced_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Advanced&release=All&platform=All&function=aparId&apars=JR56285>)\n * [IBM Business Process Manager Standard](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Standard&release=All&platform=All&function=aparId&apars=JR56285>)\n * [IBM Business Process Manager Express](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Express&release=All&platform=All&function=aparId&apars=JR56285>)\n \nAs WebSphere Lombardi Edition and IBM Business Process Manager V7.5 are out of general support, customers with a support extension contract can contact IBM support to request the fix for download. \n \nIBM Business Process Manager and WebSphere Lombardi Edition build upon IBM WebSphere Application Server that also uses Apache Struts. Refer to the [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for details on fixes for WebSphere Application Server. \nIBM Business Process Manager V8.5.7.0 cumulative fix 2016.09 includes IBM WebSphere Application Server V8.5.5.10, thus does not require additional fixes for this vulnerability. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-15T07:06:16", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Struts might affect IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2016-1181, CVE-2016-1182, CVE-2015-0899)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0899", "CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-15T07:06:16", "id": "107B029DD56A2199A3A87E51461350D452A0422C3E3D25CE9E1B91F71C36131B", "href": "https://www.ibm.com/support/pages/node/552311", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:33", "description": "## Summary\n\nIBM C\u00faram Social Program Management uses the Apache Struts Library. Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator; or Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance; or Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \n_CVSS Base Score: 4.8 \nCVSS Temporal Score: See _[__https://exchange.xforce.ibmcloud.com/vulnerabilities/113853__](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L_) \n \n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \n_CVSS Base Score: 8.1 \nCVSS Temporal Score: See _[__https://exchange.xforce.ibmcloud.com/vulnerabilities/113852__](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H_) \n \n**CVEID:** [_CVE-2015-0899_](<https://vulners.com/cve/CVE-2015-0899>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system. This vulnerability also affects other products. \n_CVSS Base Score: 4.3 \nCVSS Temporal Score: See _[__https://exchange.xforce.ibmcloud.com/vulnerabilities/101770__](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101770>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)_\n\n## Affected Products and Versions\n\nIBM C\u00faram Social Program Management 7.0.0.0 - 7.0.1.0 \nIBM C\u00faram Social Program Management 6.2.0.0 - 6.2.0.5 \nIBM C\u00faram Social Program Management 6.1.0.0 - 6.1.1.5 \nIBM C\u00faram Social Program Management 6.0.5.0 - 6.0.5.10\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| _Remediation/First Fix_ \n---|---|--- \nIBM C\u00faram Social Program Management| 7.0| Visit IBM Fix Central and upgrade to [_7.0.1.1_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=7.0.1.0&platform=All&function=all>) or a subsequent 7.0.1 release \nIBM C\u00faram Social Program Management| 6.2| Visit IBM Fix Central and upgrade to [_6.2.0.6_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=6.2.0.0&platform=All&function=all>) or a subsequent 6.2.0 release \nIBM C\u00faram Social Program Management| 6.1| Visit IBM Fix Central and upgrade to [_6.1.1.6_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=6.1.1.0&platform=All&function=all>) or a subsequent 6.1.1 release \nIBM C\u00faram Social Program Management| 6.0.5| Visit IBM Fix Central and upgrade to [_6.0.5.10 iFix2_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=6.0.5.10&platform=All&function=all>) or a subsequent 6.0.5 release \n \n## Workarounds and Mitigations\n\nFor information on all other versions please contact C\u00faram Customer Support.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-17T13:09:41", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Struts affects IBM C\u00faram Social Program Management (CVE-2016-1182, CVE-2016-1181, CVE-2015-0899)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0899", "CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T13:09:41", "id": "B4BA991763253D738BCAA9AB61AE50E1AA4C20D6F3366D5551C3051C29FEADB2", "href": "https://www.ibm.com/support/pages/node/296843", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:46:25", "description": "## Summary\n\nEmbedded Websphere Application Server (eWAS) is shipped as a component of Tivoli Integrated Portal and eWAS has been affected by multiple security vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0359_](<https://vulners.com/cve/CVE-2016-0359>)** \nDESCRIPTION:** IBM WebSphere Application Server is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111929_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111929>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nTivoli Integrated Portal version 2.1.0 - 2.1.0.5 \n\nTivoli Integrated Portal version 2.2.0.0 - 2.2.0.17\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nTivoli Integrated Portal version \n\n2.1.0 - 2.1.0.5\n\n2.2.0 - 2.2.0.17\n\n| embedded Websphere Application Server version 7.0| [Security Bulletin: HTTP Response Splitting in WebSphere Application Server (CVE-2016-0359)](<http://www-01.ibm.com/support/docview.wss?uid=swg21982526>) \n \n[Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) \n \nThe Websphere security bulletin above provides a link to the required iFix to remediate the vulnerability. However, the iFix requires either eWAS 7.0.0.33 or higher installed. \nTIP does not support upgrading Websphere fixpack independently. TIP 2.2.0.15 or TIP 2.2.0.17 must be applied which will upgrade eWAS to 7.0.0.33 and above. Once TIP FP has been applied, the Websphere iFix can be applied as described in the Websphere bulletin. \n\n## Workarounds and Mitigations\n\nPlease refer to WAS iFix as described above\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-17T15:26:47", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Tivoli Integrated Portal (CVE-2016-0359, CVE-2016-1181, CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0359", "CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T15:26:47", "id": "F936FE55F38C08867ADBDA8E6F3802EAC3CA57726D86C3FDB2C0BC8583619B6F", "href": "https://www.ibm.com/support/pages/node/285285", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:50:37", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager (SKLM). Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) | WebSphere Application Server Version \n---|---|--- \nIBM Security Key Lifecycle Manager | 4.0 | 9.0.5 \nIBM Security Key Lifecycle Manager | 3.0.1 | 9.0.0.5 \nIBM Security Key Lifecycle Manager | 3.0 | 9.0.0.5 \nIBM Security Key Lifecycle Manager | 2.7 | 9.0.0.1 \n \n## Remediation/Fixes\n\nPlease consult the following bulletins: \n\n[Security Bulletin: Potential vulnerability in WebSphere Application Server (CVE-2015-0899)](<https://www.ibm.com/support/pages/security-bulletin-potential-vulnerability-websphere-application-server-cve-2015-0899> \"Security Bulletin: Potential vulnerability in WebSphere Application Server \$CVE-2015-0899\$\" ) \n[Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114](<https://www.ibm.com/support/pages/security-bulletin-classloader-manipulation-vulnerability-ibm-websphere-application-server-cve-2014-0114> \"Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114\" ) \n[Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<https://www.ibm.com/support/pages/security-bulletin-vulnerabilities-apache-struts-affects-ibm-websphere-application-server-cve-2016-1181-and-cve-2016-1182> \"Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server \$CVE-2016-1181 and CVE-2016-1182\$\" )\n\nfor vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-09-26T18:24:35", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2015-0899, CVE-2014-0114, CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114", "CVE-2015-0899", "CVE-2016-1181", "CVE-2016-1182"], "modified": "2020-09-26T18:24:35", "id": "EB488D986A623E81C07D5F38DFFA754649938084B72DDAA698DEA6B41BB73C49", "href": "https://www.ibm.com/support/pages/node/6338461", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T09:35:19", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin\n\n## Vulnerability Details\n\nPlease consult the security bulletin [Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI](<http://www.ibm.com/support/docview.wss?uid=swg22016214>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Versions\n\n| Affected Supporting Product and Versions \n---|--- \nIBM Case Manager 5.1.1 \nIBM Case Manager 5.2.0 \nIBM Case Manager 5.2.1 \nIBM Case Manager 5.3.0 \nIBM Case Manager 5.3.1 \nIBM Case Manager 5.3.2 \nIBM Case Manager 5.3.3 | IBM WebSphere Application Server 7.0 \nIBM WebSphere Application Server 8.0 \nIBM WebSphere Application Server 8.5 \nIBM WebSphere Application Server 9.0 \n \n## ", "cvss3": {}, "published": "2018-07-10T22:09:09", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2014-0114, CVE-2016-1181, CVE-2016-1182, CVE-2012-1007)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-1007", "CVE-2014-0114", "CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-07-10T22:09:09", "id": "68E7DB3D7E398B2706226213F9B1A94ACD374A065EE9538BCE2CF140B065CB08", "href": "https://www.ibm.com/support/pages/node/713521", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T21:45:32", "description": "## Summary\n\nVulnerabilities exist in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI. These only exist if you have deployed the optional UDDI application. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-0114_](<https://vulners.com/cve/CVE-2014-0114>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/92889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2012-1007_](<https://vulners.com/cve/CVE-2012-1007>) \n**DESCRIPTION:** Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the upload-submit.do, processSimple.do and struts-cookbook/processDyna.do scripts. A remote attacker could exploit this vulnerability using the name or message parameter in a specially-crafted URL to execute script in a victim''s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/73052_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/73052>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly properly restrict the Validator configuration bin ActionServlet.java. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nJazz for Service Management version 1.1.0 - 1.1.3\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version | Affected Supporting Product Security Bulletin \n---|---|--- \nJazz for Service Management version 1.1.0 - 1.1.3 | Websphere Application Server Full Profile 8.5.5 | \n\n# [Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI](<http://www-01.ibm.com/support/docview.wss?uid=swg22016214>) \n \n## Workarounds and Mitigations\n\nPlease refer to WAS iFix\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-11-28T11:00:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI shipped with Jazz for Service Management", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1007", "CVE-2014-0114", "CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-11-28T11:00:02", "id": "88E396C29AABC664ACC3D5B0A3797EDDA0587772D5D9F452A2E356E7CC5BCD5D", "href": "https://www.ibm.com/support/pages/node/741907", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:52:42", "description": "## Summary\n\nMultiple vulnerabilities in IBM Financial Transaction Manager for ACH Services, Check Services, Corporate Payment Services (CVE-2016-5920, CVE-2016-1181, CVE-2016-1182, CVE-2016-3060)\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n \n**CVEID:** [_CVE-2016-3060_](<https://vulners.com/cve/CVE-2016-3060>)** \nDESCRIPTION:** IBM Payments Director could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114896_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114896>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2016-5920_](<https://vulners.com/cve/CVE-2016-5920>)** \nDESCRIPTION:** IBM Financial Transaction Manager for ACH Services for Multi-Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115704_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115704>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n\n\n## Affected Products and Versions\n\n\\- FTM for ACH v3.0.0.0, v3.0.0.1, v3.0.0.2, v3.0.0.3, v3.0.0.4, v3.0.0.5, v3.0.0.6, v3.0.0.7, v3.0.0.8, v3.0.0.9, v3.0.0.10, 3.0.0.11, 3.0.0.12, 3.0.0.13, 3.0.0.14, 3.0.1.0 \n\n\\- FTM for Check v3.0.0.0, v3.0.0.1, v3.0.0.2, v3.0.0.3, v3.0.0.4, v3.0.0.5, v3.0.0.6, v3.0.0.7, v3.0.0.8, v3.0.0.9, v3.0.0.10, 3.0.0.11, 3.0.0.12, 3.0.0.13, 3.0.0.14, 3.0.1.0\n\n\\- FTM for CPS v3.0.0.0, v3.0.0.1, v3.0.0.2, v3.0.0.3, v3.0.0.4, v3.0.0.5, v3.0.0.6, v3.0.0.7, v3.0.0.8, v3.0.0.9, v3.0.0.10, 3.0.0.11, 3.0.0.12, 3.0.0.13, 3.0.0.14\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nFTM for ACH Services| 3.0.0.0 through 3.0.0.14| PI67537| Apply [3.0.0-FTM-ACH-MP-fp0015](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.0-FTM-ACH-MP-fp0015&includeSupersedes=0>) or later. \nFTM for Check Services| 3.0.0.0 through 3.0.0.14| PI64063| Apply [3.0.0-FTM-Check-MP-fp0015](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.0-FTM-Check-MP-fp0015&includeSupersedes=0>) or later. \nFTM for CPS Services| 3.0.0.0 through 3.0.0.14| PI64064| Apply [3.0.0-FTM-CPS-MP-fp0015](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.0-FTM-CPS-MP-fp0015&includeSupersedes=0>) or later. \nFTM for ACH Services| 3.0.1.0| PI67537| Apply [3.0.1.0-FTM-ACH-MP-iFix0002](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.1.0-FTM-ACH-MP-iFix0002&includeSupersedes=0>) or later. \nFTM for Check Services| 3.0.1.0| PI64063| Apply [3.0.1.0-FTM-Check-MP-iFix0002](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.1.0-FTM-Check-MP-iFix0002&includeSupersedes=0>) or later. \nFTM for CPS Services| 3.0.1.0| PI64064| Apply [3.0.1.0-FTM-CPS-MP-iFix0002](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.1.0-FTM-CPS-MP-iFix0002&includeSupersedes=0>) or later. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-16T20:03:39", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Financial Transaction Manager for ACH Services, Check Services, Corporate Payment Services (CVE-2016-5920, CVE-2016-1181, CVE-2016-1182, CVE-2016-3060)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182", "CVE-2016-3060", "CVE-2016-5920"], "modified": "2018-06-16T20:03:39", "id": "8585A81D2C6357431DB37ADDF4189DBBFAC913BE555A9B6483BF16E8E8705C85", "href": "https://www.ibm.com/support/pages/node/549731", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:34:27", "description": "## Summary\n\nWebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about multiple security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section.\n\n## Affected Products and Versions\n\nIBM Tivoli System Automation Application Manager 4.1.0.0 \u2013 4.1.0.1\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with IBM Tivoli System Automation Application Manager.\n\nPrincipal Product and Version(s)\n\n| \n\nAffected Supporting Product and Version\n\n| \n\nAffected Supporting Product Security Bulletin \n \n---|---|--- \n \nIBM Tivoli System Automation Application Manager 4.1\n\n| \n\nWebSphere Application Server 8.5\n\n| \n\n[Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI](<http://www-01.ibm.com/support/docview.wss?uid=swg22016214>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {}, "published": "2023-01-17T17:35:00", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2014-0114, CVE-2012-1007, CVE-2016-1182, CVE-2016-1181)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-1007", "CVE-2014-0114", "CVE-2016-1181", "CVE-2016-1182"], "modified": "2023-01-17T17:35:00", "id": "39D4A3024CD82E0AB1412C8F0B7DE6C9C896CC59E99FBAB7A5A61175586A3211", "href": "https://www.ibm.com/support/pages/node/719303", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T21:44:29", "description": "## Summary\n\nVulnerabilities exist in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI. These only exist if you have deployed the optional UDDI application. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-0114_](<https://vulners.com/cve/CVE-2014-0114>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/92889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2012-1007_](<https://vulners.com/cve/CVE-2012-1007>) \n**DESCRIPTION:** Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the upload-submit.do, processSimple.do and struts-cookbook/processDyna.do scripts. A remote attacker could exploit this vulnerability using the name or message parameter in a specially-crafted URL to execute script in a victim''s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/73052_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/73052>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly properly restrict the Validator configuration bin ActionServlet.java. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThis vulnerability affects the following versions and releases of IBM WebSphere Application Server traditional using the optional UDDI.ear. \n\n * Version 9.0\n * Version 8.5\n * Version 8.0\n * Version 7.0\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the interim fix, Fix Pack or PTF containing APAR PI97162 if you are using the optional UDDI.ear for each named product as soon as practical. \n \n**For WebSphere Application Server traditional and WebSphere Application Server Hypervisor Edition:** \n**For V9.0.0.0 through 9.0.0.8:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PI97162](<http://www-01.ibm.com/support/docview.wss?uid=swg24044995>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24043596>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24042908>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042513>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041394>) \n\\--OR-- \n\u00b7 Apply Fix Pack 9.0.0.9 or later. \n \n**For V8.5.0.0 through 8.5.5.13:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PI9716](<http://www-01.ibm.com/support/docview.wss?uid=swg24044993>) 2[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043596>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24042908>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042712>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042513>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041394>) \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.14 or later. \n\n**For V8.0.0.0 through 8.0.0.15:** \n\u00b7 Upgrade to a minimal fix pack levels as required by interim fix and then apply Interim Fix [PI97162](<http://www-01.ibm.com/support/docview.wss?uid=swg24044993>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24043596>)\n\n**For V7.0.0.0 through 7.0.0.45:** \n\u00b7 Upgrade to a minimal fix pack levels as required by interim fix and then apply Interim Fix [PI97162](<http://www-01.ibm.com/support/docview.wss?uid=swg24044993>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24043596>)\n\n \n \n_WebSphere Application Server V7 and V8 are no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product. _\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2019-02-19T17:50:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1007", "CVE-2014-0114", "CVE-2016-1181", "CVE-2016-1182"], "modified": "2019-02-19T17:50:01", "id": "615E4369D0B07E7BA358AF447BD05A3ACC0720A255109ADB57E2A2080DB3607A", "href": "https://www.ibm.com/support/pages/node/711865", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T01:33:44", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped as a component of IBM Tivoli Security Policy Manager (TSPM). Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI](<http://www-01.ibm.com/support/docview.wss?uid=swg22016214>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\n**Product Version**\n\n| \n\n**WebSphere Version** \n \n---|--- \n \nTSPM 7.1\n\n| \n\nWAS v7.0 \n \nRTSS 7.1\n\n| \n\nWAS v7.0, v8.0 \n \n**Note: **TSPM is comprised of TSPM and Runtime Security Services (RTSS)\n\n## ", "cvss3": {}, "published": "2018-07-23T06:08:09", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2014-0114, CVE-2016-1181, CVE-2016-1182, CVE-2012-1007)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-1007", "CVE-2014-0114", "CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-07-23T06:08:09", "id": "A49F8E92510CDD96D8127764BC310529CF44A60596DB14352FF329575652A707", "href": "https://www.ibm.com/support/pages/node/717511", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-22T01:48:27", "description": "## Summary\n\nVulnerabilities exist in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI. These only exist if you have deployed the optional UDDI application. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-0114_](<https://vulners.com/cve/CVE-2014-0114>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/92889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2012-1007_](<https://vulners.com/cve/CVE-2012-1007>) \n**DESCRIPTION:** Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the upload-submit.do, processSimple.do and struts-cookbook/processDyna.do scripts. A remote attacker could exploit this vulnerability using the name or message parameter in a specially-crafted URL to execute script in a victim''s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/73052_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/73052>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly properly restrict the Validator configuration bin ActionServlet.java. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nTivoli Integrated Portal version 2.1.0 - 2.1.0.5\n\nTivoli Integrated Portal version 2.2.0.0 - 2.2.0.19\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s) | Affected Supporting Product and Version | Affected Supporting Product Security Bulletin \n---|---|--- \nTivoli Integrated Portal version \n\n2.1.0 - 2.1.0.5\n\n2.2.0 - 2.2.0.19\n\n| embedded Websphere Application Server version 7.0.x | \n\n# [Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI](<http://www-01.ibm.com/support/docview.wss?uid=swg22016214>) \n \n \nThe Websphere security bulletin above provides a link to the required iFix to remediate the vulnerability. However, the iFix requires either eWAS 7.0.0.31 or higher installed. \n \nTIP does not support upgrading Websphere fixpack independently. TIP 2.2.0.15 or TIP 2.2.0.17 or TIP 2.2.0.19 must be applied which will upgrade eWAS to 7.0.0.31 and above. Once TIP FP has been applied, the Websphere iFix can be applied as described in the Websphere bulletin.\n\n## Workarounds and Mitigations\n\nPlease refer to WAS iFix as described above\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-11-28T11:50:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI shipped with Tivoli Integrated Portal", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1007", "CVE-2014-0114", "CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-11-28T11:50:02", "id": "E31CD1CAA68AD6659A7C459337F50C896A6D30B1CC25BEF6FC361000F2ACE0D4", "href": "https://www.ibm.com/support/pages/node/741905", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:39:00", "description": "## Summary\n\nIBM Sterling B2B Integrator Standard Edition has addressed the following multiple vulnerabilities caused by Apach Struts 1.1\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2008-2025](<https://vulners.com/cve/CVE-2008-2025>)** \nDESCRIPTION:** Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim''s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/49712> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [CVE-2015-0899](<https://vulners.com/cve/CVE-2015-0899>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system. This vulnerability also affects other products. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101770> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2016-1181](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113852> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2016-1182](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113853> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Sterling B2B Integrator 5.2\n\n## Remediation/Fixes\n\n**PRODUCT & Version **\n\n| \n\n**APAR**\n\n| \n\n**Remediation/Fix** \n \n---|---|--- \n \nIBM Sterling B2B Integrator 5.2\n\n| IT23546| \n\nApply Fix Pack 5020603_4 available on [_Fix Central_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-02-05T00:53:36", "type": "ibm", "title": "Security Bulletin: Multiple Apache Struts Vulnerabilities Affect IBM Sterling B2B Integrator", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2025", "CVE-2014-0114", "CVE-2015-0899", "CVE-2016-1181", "CVE-2016-1182"], "modified": "2020-02-05T00:53:36", "id": "71A473993D401FAFDA20A063C958EB3785E06B0F2833BBEB5FA0B1E2E3123139", "href": "https://www.ibm.com/support/pages/node/301933", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:38:57", "description": "## Summary\n\nIBM Sterling File Gateway has addressed the following vulnerabilities caused by Apach Struts 1.1\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2008-2025](<https://vulners.com/cve/CVE-2008-2025>)** \nDESCRIPTION:** Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/49712> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [CVE-2015-0899](<https://vulners.com/cve/CVE-2015-0899>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system. This vulnerability also affects other products. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101770> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2016-1181](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113852> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2016-1182](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113853> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Sterling File Gateway 2.2 \n\n## Remediation/Fixes\n\n**PRODUCT & Version **\n\n| \n\n**APAR**\n\n| \n\n**Remediation/Fix** \n \n---|---|--- \nIBM Sterling File Gateway 2.2 | IT23546| \n\nApply Fix Pack 5020603_5 available on [_Fix Central_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-02-05T00:53:36", "type": "ibm", "title": "Security Bulletin: Multiple Apache Struts Vulnerabilities Affect IBM Sterling File Gateway", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2025", "CVE-2014-0114", "CVE-2015-0899", "CVE-2016-1181", "CVE-2016-1182"], "modified": "2020-02-05T00:53:36", "id": "1A977E1D46AE4CB4B7068DB341125931FAD75C28D6703503973FFF9BE917887F", "href": "https://www.ibm.com/support/pages/node/301983", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-02T22:47:21", "description": "## Summary\n\nMultiple vulnerabilities in Apache Struts 1.2.x may affect IBM eDiscovery Manager.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2016-1181](<https://vulners.com/cve/CVE-2016-1181>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/113852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2016-1182](<https://vulners.com/cve/CVE-2016-1182>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly properly restrict the Validator configuration bin ActionServlet.java. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/113853](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2008-2025](<https://vulners.com/cve/CVE-2008-2025>) \n** DESCRIPTION: **Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/49712](<https://exchange.xforce.ibmcloud.com/vulnerabilities/49712>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2015-0899](<https://vulners.com/cve/CVE-2015-0899>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system. This vulnerability also affects other products. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/101770](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101770>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92889](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \neDiscovery Manager| 2.2.2 \n \n## Remediation/Fixes\n\nProduct\n\n| VRM| Remediation \n---|---|--- \nIBM eDiscovery Manager| 2.2.2| \n\nUse IBM eDiscovery Manager 2.2.2.3 [Interim Fix 008](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+eDiscovery+Manager&fixids=2.2.2.3-EDM-WIN-IF008&source=SAR> \"Interim Fix 008\" ) for Windows\n\nUse IBM eDiscovery Manager 2.2.2.3 [Interim Fix 008](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+eDiscovery+Manager&fixids=2.2.2.3-EDM-AIX-IF008&source=SAR> \"Interim Fix 008\" ) for AIX \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2023-07-12T09:59:49", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache Struts 1.2.x Affect IBM eDiscovery Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2025", "CVE-2014-0114", "CVE-2015-0899", "CVE-2016-1181", "CVE-2016-1182"], "modified": "2023-07-12T09:59:49", "id": "E762499CA15D11429E743982AA3F2FC12E2E921DDF0F5987384DC6653A95B9A2", "href": "https://www.ibm.com/support/pages/node/7011371", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-11T15:13:38", "description": "## Summary\n\nMultiple vulnerabilities in WebSphere Application Server traditional bundled with IBM Jazz Team Server based Applications affect the following products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM) and Rational Software Architect Design Manager (RSA DM).\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-0899](<https://vulners.com/cve/CVE-2015-0899>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system. This vulnerability also affects other products. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101770> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2014-0114_](<https://vulners.com/cve/CVE-2014-0114>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/92889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2012-1007_](<https://vulners.com/cve/CVE-2012-1007>) \n**DESCRIPTION:** Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the upload-submit.do, processSimple.do and struts-cookbook/processDyna.do scripts. A remote attacker could exploit this vulnerability using the name or message parameter in a specially-crafted URL to execute script in a victim''s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/73052_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/73052>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly properly restrict the Validator configuration bin ActionServlet.java. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2012-5783_ ](<https://vulners.com/cve/CVE-2012-5783>) \n**DESCRIPTION:** Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/79984_ ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79984>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2018-1614_ ](<https://vulners.com/cve/CVE-2018-1614>) \n**DESCRIPTION:** IBM WebSphere Application Server using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/144270_ ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/144270>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-1621_ ](<https://vulners.com/cve/CVE-2018-1621>) \n**DESCRIPTION:** IBM WebSphere Application Server could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/144346_ ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/144346>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 5.0 - 6.0.6 \n \nRational Quality Manager 5.0 - 5.0.2 \nRational Quality Manager 6.0 - 6.0.6 \n \nRational Team Concert 5.0 - 5.0.2 \nRational Team Concert 6.0 - 6.0.6 \n \nRational DOORS Next Generation 5.0 - 5.0.2 \nRational DOORS Next Generation 6.0 - 6.0.6 \n \nRational Engineering Lifecycle Manager 5.0 - 5.0.2 \nRational Engineering Lifecycle Manager 6.0 - 6.0.6 \n \nRational Rhapsody Design Manager 5.0 - 5.0.2 \nRational Rhapsody Design Manager 6.0 - 6.0.6 \n \nRational Software Architect Design Manager 5.0 - 5.0.2 \nRational Software Architect Design Manager 6.0 - 6.0.1\n\n## Remediation/Fixes\n\nThe IBM Jazz Team Server based Applications bundle different versions of IBM WebSphere Application Server with the available versions of the products, and in addition to the bundled version some previous versions of WAS are also supported. For a remediation follow the WAS security bulletin appropriately.\n\nFor vulnerability details/affected versions/Remediation and fixes, review the Security Bulletins:\n\n * [Security Bulletin: Potential vulnerability in WebSphere Application Server (CVE-2015-0899)](<http://www.ibm.com/support/docview.wss?uid=swg22015348>)\n * [Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI](<http://www.ibm.com/support/docview.wss?uid=swg22016214>)\n * [Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783)](<http://www.ibm.com/support/docview.wss?uid=swg22016216>)\n * [Security Bulletin: Information disclosure in WebSphere Application Server with SAML (CVE-2018-1614)](<http://www.ibm.com/support/docview.wss?uid=swg22016887>)\n * [Security Bulletin: Information Disclosure in WebSphere Application Server (CVE-2018-1621)](<http://www.ibm.com/support/docview.wss?uid=swg22016821>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Rational products based on IBM Jazz technology", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1007", "CVE-2012-5783", "CVE-2014-0114", "CVE-2015-0899", "CVE-2016-1181", "CVE-2016-1182", "CVE-2018-1614", "CVE-2018-1621"], "modified": "2021-04-28T18:35:50", "id": "3D8540513E9389E52505EF4CCF99C1FC5DC8928BFA49128170D48087D1264725", "href": "https://www.ibm.com/support/pages/node/717509", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:45:24", "description": "## Summary\n\nThe following security issues have been identified in WebSphere Application Server included as part of IBM Tivoli Monitoring (ITM) portal server. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-0359](<https://vulners.com/cve/CVE-2016-0359>)** \nDESCRIPTION:** IBM WebSphere Application Server is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111929> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [CVE-2016-0377](<https://vulners.com/cve/CVE-2016-0377>)** \nDESCRIPTION:** IBM WebSphere Application Server could allow a remote attacker to obtain sensitive information caused by the improper setting of a CSRFtoken cookie. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112238> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [CVE-2016-1181](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113852> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID:** [CVE-2016-1182](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113853> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n**CVEID:** [CVE-2016-3598](<https://vulners.com/cve/CVE-2016-3598>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component has high confidentiality impact, high integrity impact, and high availability impact. \nCVSS Base Score: 9.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/115269> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [CVE-2016-3511](<https://vulners.com/cve/CVE-2016-3511>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Deployment component has high confidentiality impact, high integrity impact, and high availability impact. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/115275> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2016-3485](<https://vulners.com/cve/CVE-2016-3485>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 2.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/115273> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n \n \n**CVEID:** [CVE-2016-3092](<https://vulners.com/cve/CVE-2016-3092>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114336> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nIBM Tivoli Monitoring versions 6.3.0 through 6.3.0 FP7 - Tivoli Enterprise Portal Server (TEPS) all CVEs above. \n \nIBM Tivoli Monitoring versions 6.2.3 through 6.2.3 FP5 - Tivoli Enterprise Portal Server (TEPS) all CVE's above. \n \nIBM Tivoli Monitoring versions 6.2.2 through 6.2.2 FP9 - Tivoli Enterprise Portal Server (TEPS) CVE-2016-3092 only.\n\n## Remediation/Fixes\n\n**\n\n## _Portal Server-_\n\n**embedded WebSphere Application Server \n \n\n\n**_Fix_**| **_VMRF_**| **_Remediation/First Fix_** \n---|---|--- \n6.X.X-TIV-ITM_EWAS_ALL-8.00.12.01| 6.3.0.x| <http://www.ibm.com/support/docview.wss?uid=swg24042745> \nContains a patch for the embedded WebSphere Application Server (eWAS) 8.0 Fix Pack 12 plus Interim Fix Block 1. \nTechnote| 6.2.3.x| <http://www.ibm.com/support/docview.wss?uid=swg21633722> \nContains information about installing the embedded WebSphere Application Server (eWAS) patches for IBM Tivoli Monitoring 6.23. The link gives instructions to install** **eWAS 7.0 Fix Pack 41 (7.0.0.41) and Interim Fix block 1 (or later). \nTechnote| 6.2.2.x| <http://www.ibm.com/support/docview.wss?uid=swg21509238> \nContains information about installing the embedded WebSphere Application Server (eWAS) patches for IBM Tivoli Monitoring 6.22. The link gives instructions are to install** **eWAS 6.1 Fix Pack 47 (6.1.0.47) and Interim Fix block 5 (or later) \n \nYou should verify applying this fix does not cause any compatibility issues. \n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T15:28:48", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0359", "CVE-2016-0377", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-3092", "CVE-2016-3485", "CVE-2016-3511", "CVE-2016-3598"], "modified": "2018-06-17T15:28:48", "id": "3DAB255772B5C0465CD2A50FC27BF93D482025FE8D7247F3C147E19AC9F9AFD2", "href": "https://www.ibm.com/support/pages/node/551783", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:14:49", "description": "## Summary\n\nBouncy Castle Java Cryptography is shipped as part of IBM Tivoli Business Manager 6.2.0. Information about security vulnerabilities affecting Bouncy Castle Java Cryptography has been published in a security bulletin.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-5382](<https://vulners.com/cve/CVE-2018-5382>) \n** DESCRIPTION: **Bouncy Castle could allow a local attacker to obtain sensitive information, caused by an error in the BKS version 1 keystore files. By utilizing an HMAC that is only 16 bits long for the MAC key size, an attacker could exploit this vulnerability using brute-force techniques to crack a BKS-V1 keystore file in seconds and gain access to the keystore contents. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/140465](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140465>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2007-6721](<https://vulners.com/cve/CVE-2007-6721>) \n** DESCRIPTION: **An unspecified vulnerability related to RSA CMS signatures without signed attributes in The Legion of the Bouncy Castle Java Cryptography has an unknown impact and remote attack vector. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/49638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/49638>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2015-7940](<https://vulners.com/cve/CVE-2015-7940>) \n** DESCRIPTION: **Bouncy Castle could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability using an invalid curve attack to extract private keys used in elliptic curve cryptography and obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/107739](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107739>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-1000339](<https://vulners.com/cve/CVE-2016-1000339>) \n** DESCRIPTION: **Bouncy Castle JCE Provider could allow a remote attacker to obtain sensitive information, caused by a flaw in the AESEngine. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151814](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151814>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-1000352](<https://vulners.com/cve/CVE-2016-1000352>) \n** DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by a flaw in the ECIES implementation. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151806](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151806>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-1000341](<https://vulners.com/cve/CVE-2016-1000341>) \n** DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by a flaw in the DSA signature generation. A remote attacker could exploit this vulnerability to launch timing attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151812](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151812>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-1000344](<https://vulners.com/cve/CVE-2016-1000344>) \n** DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by a flaw in the DHIES implementation. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151809](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151809>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-1000345](<https://vulners.com/cve/CVE-2016-1000345>) \n** DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by an environment where timings can be easily observed. A remote attacker could exploit this vulnerability to conduct a padding oracle attack. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151808](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151808>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-1000346](<https://vulners.com/cve/CVE-2016-1000346>) \n** DESCRIPTION: **Bouncy Castle JCE Provider could allow a remote attacker to obtain sensitive information, caused by a flaw in the other party DH public key. A remote attacker could exploit this vulnerability to reveal details via invalid keys. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151807](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151807>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2013-0169](<https://vulners.com/cve/CVE-2013-0169>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error when processing message authentication codes (MACs) when Cipher-block chaining (CBC) mode of operation is used. A remote attacker able to conduct a man-in-the-middle attack against TLS or DTLS implementations could exploit this vulnerability to recover the original plaintext and obtain sensitive information. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/81902](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81902>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2013-1624](<https://vulners.com/cve/CVE-2013-1624>) \n** DESCRIPTION: **Bouncy Castle could allow a remote attacker to obtain sensitive information, caused by the exposure of timing differences during padding check verification by the CBC ciphersuite of the Transport Layer Security (TLS) implementation. An attacker could exploit this vulnerability using a timing attack to recover the original plaintext and obtain sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/81910](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81910>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Business Service Manager| 6.2.0-6.2.0.3 IF1 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR| Remediation \n---|---|---|--- \nIBM Tivoli Business Service Manager 6.2.0| 6.2.0.3 IF2| IJ32982| Upgrade to [IBM Tivoli Business Service Manager 6.2.0.3 IF2](<https://www.ibm.com/support/pages/node/6454449> \"IBM Tivoli Business Service Manager 6.2.0.3 IF2\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-09-30T16:09:16", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Bouncy Castle Java Cryptography affect IBM Tivoli Business Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6721", "CVE-2013-0169", "CVE-2013-1624", "CVE-2015-7940", "CVE-2016-1000339", "CVE-2016-1000341", "CVE-2016-1000344", "CVE-2016-1000345", "CVE-2016-1000346", "CVE-2016-1000352", "CVE-2018-5382"], "modified": "2021-09-30T16:09:16", "id": "915F25F9D4BBEE1CAACAA6F5FD6ACC3E18033BE658B9A06B8B13ACD613C9B6FD", "href": "https://www.ibm.com/support/pages/node/6494697", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:13:46", "description": "## Summary\n\nThe IBM Emptoris Strategic Supply Management Suite and IBM Emptoris Services Procurement products are affected by multiple security vulnerabilities that exist in IBM SDK Java Technology Edition and IBM WebSphere Application Server. The security bulletin includes issues disclosed as part of the IBM Java SDK updates in October 2016 and includes the following additional vulnerabilities: \n1\\. Potential HTTP response splitting vulnerability in IBM WebSphere Application Server \n2\\. Apache Struts vulnerabilities affect WebSphere Application Server Administration Console \n3\\. Potential information disclosure in WebSphere Application Server \n4\\. Potential code execution vulnerability in WebSphere Application Server. \n5\\. Potential information disclosure in WebSphere Application Server using malformed SOAP requests.\n\n## Vulnerability Details\n\n \nThis bulletin covers all applicable Java SE CVE's published by Oracle as part of their October 2016 Critical Patch Update which affects IBM SDK, Java Technology Edition. There are other advisories included in the IBM Java SDK and IBM WebSphere Application Server bulletins, but IBM Emptoris products are not vulnerable to them. Additionally, this bulletin covers other security vulnerabilities reported on WebSphere Application Server. \n \n**CVEID:** [_CVE-2016-0359_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0359>)** \nDESCRIPTION:** IBM WebSphere Application Server is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111929_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111929>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2016-1181_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n \n \n**CVEID:** [_CVE-2016-5986_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5986>)** \nDESCRIPTION:** IBM WebSphere Application Server and IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the improper handling of responses under certain conditions. An attacker could exploit this vulnerability to gain server identification information. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116556_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116556>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5983_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5983>)** \nDESCRIPTION:** IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code with a serialized object from untrusted sources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116468_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116468>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-5597_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5597>)** \nDESCRIPTION:** An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118071_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118071>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-9736_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9736>)** \nDESCRIPTION:** IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119780_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Emptoris Contract Management 9.5 through 10.1.2 \nIBM Emptoris Program Management 10.0.0 through 10.1.2 \nIBM Emptoris Sourcing 10.0.0 through 10.1.2 \nIBM Emptoris Spend Analysis 10.0.0 through 10.1.2 \nIBM Emptoris Supplier Lifecycle Management 9.5 through 10.1.2 \nIBM Emptoris Strategic Supply Management 10.0.0 through 10.1.2 \nIBM Emptoris Services Procurement 10.0.0\n\n## Remediation/Fixes\n\nInterim fixes have been issued for the IBM WebSphere Application Server (WAS) which will apply the needed fixes on WebSphere and also upgrade the IBM Java Development Kit to a version which is not susceptible to these vulnerabilities. \n \nCustomers running any of the IBM Emptoris products listed above should apply the interim fix to all IBM WebSphere Application Server installations that are used to run IBM Emptoris applications. See the references section for specific Java and WebSphere Security bulletins. \n \n \n\n\n**IBM Emptoris Product Version**| **IBM WebSphere Version**| **Interim Fix** \n---|---|--- \nIBM Emptoris Suite \n9.5.0.0 through 9.5.0.6 \n9.5.1.0 through 9.5.1.3 \n \n \n \nIBM Emptoris Services Procurement \n10.0.0.0 through 10.0.0.5| 8.0.0.0 through 8.0.0.12| Option 1: Follow Steps 1 through 6 below in the order specified: \n \nStep 1. Upgrade to a minimal fix pack levels as required by interim fix and then apply Interim Fix [_PI58918_](<http://www.ibm.com/support/docview.wss?uid=swg24042445>) \n \nStep 2. Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [_PI64303_](<http://www.ibm.com/support/docview.wss?uid=swg24042468>) \n \nStep 3. Upgrade to a minimal fix pack levels as required by interim fix and then apply Interim Fix [_PI67093_](<http://www.ibm.com/support/docview.wss?uid=swg24042752>) \n \nStep 4. Upgrade to a minimal fix pack levels as required by interim fix and then apply Interim Fix [_PI70737_](<http://www.ibm.com/support/docview.wss?uid=swg24042908>) \n \nStep 5. Apply Interim Fix[_ PI71257_](<http://www.ibm.com/support/docview.wss?uid=swg24042977>): Will upgrade you to IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 35 \n \nStep 6. Upgrade to a minimal fix pack levels as required by interim fix and then apply Interim Fix [_PI66557_](<http://www.ibm.com/support/docview.wss?uid=swg24043105>) \n. \n \n\\--OR-- \n \nOption 2: \nApply Fix Pack 8.0.0.13 or later (targeted availability 20 February 2017) \n(Ensure IBM Java SDK shipped is applied with the upgrade) \n \nIBM Emptoris Suite \n10.0.0.0 through 10.0.0.3 \n10.0.1.0 through 10.0.1.5 \n10.0.2.0 through 10.0.2.12 \n10.0.3| 8.5.0.0 through 8.5.5.10| Option 1: Follow Steps 1 through 6 below in the order specified: \n \nStep 1. Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [_PI58918_](<http://www-01.ibm.com/support/docview.wss?uid=swg24042445>) \n \nStep 2. Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [_PI64303_](<http://www-01.ibm.com/support/docview.wss?uid=swg24042468>) \n \nStep 3. Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [_PI67093_](<http://www-01.ibm.com/support/docview.wss?uid=swg24042752>) \n \nStep 4. Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [_PI70737 _](<http://www-01.ibm.com/support/docview.wss?uid=swg24042908>) \n \nStep 5. Upgrade to WebSphere Application Server Traditional Fix Pack 8.5.5.1 or later then apply Interim Fix [_PI71255_](<http://www-01.ibm.com/support/docview.wss?uid=swg24042968>): Will upgrade you to IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 35 \n \nStep 6. Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [_PI66557_](<http://www-01.ibm.com/support/docview.wss?uid=swg24043105>) \n. \n \n\\--OR-- \n \nOption 2: \nApply Fix Pack 8.5.5.11 or later. (targeted availability 20 February 2017) \n(Ensure IBM Java SDK shipped is applied with the upgrade) \nIBM Emptoris Suite \n10.0.4 \n10.1.0.0 through 10.1.0.7 \n10.1.1.0 through 10.1.1.5 \n10.1.2| 8.5.5.0 through 8.5.5.10| Option 1: Follow Steps 1 through 6 below in the order specified: \n \nStep 1. Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [_PI58918_](<http://www-01.ibm.com/support/docview.wss?uid=swg24042445>) \n \nStep 2. Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [_PI64303_](<http://www-01.ibm.com/support/docview.wss?uid=swg24042468>) \n \nStep 3. Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [_PI67093_](<http://www-01.ibm.com/support/docview.wss?uid=swg24042752>) \n \nStep 4. Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [_PI70737 _](<http://www-01.ibm.com/support/docview.wss?uid=swg24042908>) \n \nStep 5. Upgrade to WebSphere Application Server Traditional Fix Pack 8.5.5.2 or later then apply Interim Fix [_PI71253_](<http://www-01.ibm.com/support/docview.wss?uid=swg24042957>): Will upgrade you to IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 3 Fix Pack 60 \n \nStep 6. Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [_PI66557_](<http://www-01.ibm.com/support/docview.wss?uid=swg24043105>) \n. \n \n\\--OR-- \n \nOption 2: \nApply Fix Pack 8.5.5.11 or later. (targeted availability 20 February 2017) \n(Ensure IBM Java SDK shipped is applied with the upgrade) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[WebSphere Security Bulletin: HTTP Response Splitting in WebSphere Application Server](<http://www.ibm.com/support/docview.wss?uid=swg21982526>)\n\n[Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www.ibm.com/support/docview.wss?uid=swg21985995>)\n\n[Security Bulletin: Potential Information Disclosure vulnerability in WebSphere Application Server (CVE-2016-5986)](<http://www.ibm.com/support/docview.wss?uid=swg21990056>)\n\n[Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2016-5983).](<http://www.ibm.com/support/docview.wss?uid=swg21990060>)\n\n[Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server October 2016 CPU (CVE-2016-5573, CVE-2016-5597)](<http://www.ibm.com/support/docview.wss?uid=swg21993440>)\n\n \n[_IBM Java SDK Security Bulletin_](<http://www.ibm.com/support/docview.wss?uid=swg21985393>) \n \n[Security Bulletin: Potential Information Disclosure in WebSphere Application Server (CVE-2016-9736)](<http://www.ibm.com/support/docview.wss?uid=swg21991469>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n17 Jan 2017 - Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSYQ72\",\"label\":\"Emptoris Strategic Supply Management\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYQ89\",\"label\":\"Emptoris Contract Management\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYRER\",\"label\":\"Emptoris Program Management\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYR6U\",\"label\":\"Emptoris Services Procurement\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYR8W\",\"label\":\"Emptoris Sourcing\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYQAR\",\"label\":\"Emptoris Spend Analysis\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYQ72\",\"label\":\"Emptoris Strategic Supply Management\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYRC7\",\"label\":\"Emptoris Supplier Lifecycle Management\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-16T20:07:17", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM WebSphere Application Server affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0359", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-5573", "CVE-2016-5597", "CVE-2016-5983", "CVE-2016-5986", "CVE-2016-9736"], "modified": "2018-06-16T20:07:17", "id": "A09274BA1A31537EA391724E8C52797113E094AE9E4EAA66FB5A50D995921587", "href": "https://www.ibm.com/support/pages/node/288965", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:56:30", "description": "## Summary\n\nApache Struts vulnerabilities affect WebSphere Application Server and WebSphere Application Server Hypervisor Edition Administration Console. There is a potential denial of service with IBM WebSphere Application Server when using SIP services. There are several vulnerabilities that may affect IBM HTTP Server that is used by WebSphere Application Server. There is a vulnerability that allows redirecting of HTTP traffic with CGI applications that may affect IBM HTTP Server (IHS). This vulnerability is known as \"HTTPOXY\". There is an Information Disclosure Vulnerability in IBM WebSphere Application Server. There is a potential bypass security restriction vulnerability in IBM WebSphere Application Server. This will only occur in environments that have the webcontainer custom property HttpSessionIdReuse enabled. \n\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n \n \n**CVEID:** [_CVE-2016-2960_](<https://vulners.com/cve/CVE-2016-2960>)** \nDESCRIPTION:** IBM WebSphere Application Server could be vulnerable to a denial of service when using SIP services. A remote attacker could cause a denial of service with specially-crafted SIP messages. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113805_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113805>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2012-0876_](<https://vulners.com/cve/CVE-2012-0876>)** \nDESCRIPTION:** Expat is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending multiple specially-crafted HTTP POST requests to an affected application containing conflicting hash key values, a remote attacker could exploit this vulnerability to cause the consumption of CPU resources. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/73868_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/73868>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2012-1148_](<https://vulners.com/cve/CVE-2012-1148>)** \nDESCRIPTION:** Expat is vulnerable to a denial of service, caused by a memory leak in poolGrow when handling XML data. A remote attacker could exploit this vulnerability to cause the application using the vulnerable XML parsing library to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/73867_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/73867>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2016-4472_](<https://vulners.com/cve/CVE-2016-4472>)** \nDESCRIPTION:** Expat XML parser is vulnerable to a denial of service, caused by the removal by compilers with certain optimization settings. By using a specially-crafted XML data, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114683_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114683>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n \n**CVEID:** [_CVE-2016-0718_](<https://vulners.com/cve/CVE-2016-0718>)** \nDESCRIPTION:** Expat XML parser is vulnerable to a denial of service, caused by an out-of-bounds read within XML parser. By using a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113408_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113408>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-5387_](<https://vulners.com/cve/CVE-2016-5387>)** \nDESCRIPTION:** Apache HTTP Server could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the lack of protection of untrusted client data in the HTTP_PROXY environment variable. By using a specially-crafted Proxy header in a HTTP request, a remote attacker could exploit this vulnerability to redirect outbound HTTP traffic to arbitrary proxy server, also known as the \"HTTPOXY\" vulnerability. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115090_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115090>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-0377_](<https://vulners.com/cve/CVE-2016-0377>)** \nDESCRIPTION:** IBM WebSphere Application Server could allow a remote attacker to obtain sensitive information caused by the improper setting of a CSRFtoken cookie. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112238_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n\n \n**CVEID:** [_CVE-2016-0385_](<https://vulners.com/cve/CVE-2016-0385>)** \nDESCRIPTION:** IBM WebSphere Application Server could allow a remote attacker to bypass security restrictions caused by a buffer overflow. This could allow the attacker to view unauthorized data. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112359_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112359>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nAll vulnerabilities affect the following versions and releases of IBM WebSphere Application Server: \n\n * Version 9.0\n * Version 8.5 and 8.5.5 Full Profile and Liberty \n\n## Remediation/Fixes\n\nTo **patch an existing service instance** refer to the IBM WebSphere Application Server bulletins: \n[**Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)**](<http://www.ibm.com/support/docview.wss?uid=swg21985995>) \n \n[**Security Bulletin: Potential denial of service with SIP Services (CVE-2016-2960)**](<http://www.ibm.com/support/docview.wss?uid=swg21984796>) \n \n[**Security Bulletin: Redirect HTTP traffic vulnerability may affect IBM HTTP Server (CVE-2016-5387)**](<http://www.ibm.com/support/docview.wss?uid=swg21988019>)** ** \n \n[**Security Bulletin: Information Disclosure in IBM WebSphere Application Server (CVE-2016-0377) **](<http://www.ibm.com/support/docview.wss?uid=swg21980645>) \n \n[**Security Bulletin: Bypass security restrictions in WebSphere Application Server (CVE-2016-0385)**](<http://www.ibm.com/support/docview.wss?uid=swg21982588>) \n \nWhen **creating a new service instance**, the following maintenance must be manually applied to an IBM WebSphere Application Server Version 9.0: \n[**Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)**](<http://www.ibm.com/support/docview.wss?uid=swg21985995>) \n \n[**Security Bulletin: Potential denial of service with SIP Services (CVE-2016-2960)**](<http://www.ibm.com/support/docview.wss?uid=swg21984796>) \n \n[**Security Bulletin: Redirect HTTP traffic vulnerability may affect IBM HTTP Server (CVE-2016-5387)**](<http://www.ibm.com/support/docview.wss?uid=swg21988019>)** ** \n \n \nWhen **creating a new service instance**, the following maintenance must be manually applied to an IBM WebSphere Application Server Version 8.5.5 to 16.0.0.2 Liberty: \n[**Security Bulletin: Potential denial of service with SIP Services (CVE-2016-2960)**](<http://www.ibm.com/support/docview.wss?uid=swg21984796>) \n \n[](<http://www.ibm.com/support/docview.wss?uid=swg21982588>)[**Security Bulletin: Redirect HTTP traffic vulnerability may affect IBM HTTP Server (CVE-2016-5387)**](<http://www.ibm.com/support/docview.wss?uid=swg21988019>)** ** \n \n[**Security Bulletin: Bypass security restrictions in WebSphere Application Server (CVE-2016-0385)**](<http://www.ibm.com/support/docview.wss?uid=swg21982588>)\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T07:06:05", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0876", "CVE-2012-1148", "CVE-2016-0377", "CVE-2016-0385", "CVE-2016-0718", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2960", "CVE-2016-4472", "CVE-2016-5387"], "modified": "2018-06-15T07:06:05", "id": "867D9ECEAB40B111EE25A99AD07419623F566D5212284F0A2C5C9E2D13C72DF2", "href": "https://www.ibm.com/support/pages/node/549243", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:54:01", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, WebSphere Dynamic Process Edition, and WebSphere Lombardi Edition. Information about security vulnerabilities affecting WebSphere Application Server has been published in security bulletins (CVE-2016-0359, CVE-2016-0377, CVE-2016-0385, CVE-2016-1181, CVE-2016-1182, CVE-2016-2960, CVE-2016-3485, CVE-2016-3092,CVE-2016-5986, CVE-2016-5983).\n\n## Vulnerability Details\n\nConsult the security bulletin \n\n * [Security Bulletin: HTTP Response Splitting in WebSphere Application Server (CVE-2016-0359)](<http://www-01.ibm.com/support/docview.wss?uid=swg21982526>)\n * [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>)\n * [Security Bulletin: Information Disclosure in IBM WebSphere Application Server (CVE-2016-0377)](<http://www.ibm.com/support/docview.wss?uid=swg21980645>)\n * [Security Bulletin: Information Disclosure in IBM WebSphere Application Server Liberty (CVE-2016-0378)](<http://www-01.ibm.com/support/docview.wss?uid=swg21981529>)\n * [Security Bulletin: Bypass security restrictions in WebSphere Application Server (CVE-2016-0385)](<http://www.ibm.com/support/docview.wss?uid=swg21982588>)\n * [Security Bulletin: Potential denial of service with SIP Services (CVE-2016-2960)](<http://www.ibm.com/support/docview.wss?uid=swg21984796>)\n * [Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server July 2016 CPU (CVE-2016-3485)](<http://www.ibm.com/support/docview.wss?uid=swg21988339>)\n * [Security Bulletin: Apache Commons FileUpload Vulnerability affects WebSphere Application Server (CVE-2016-3092)](<http://www.ibm.com/support/docview.wss?uid=swg21987864>)\n * [Security Bulletin: Potential Information Disclosure vulnerability in WebSphere Application Server (CVE-2016-5986)](<http://www-01.ibm.com/support/docview.wss?uid=swg21990056>)\n * [Security Bulletin: Multiple Denial of Service vulnerabilities with Expat may affect IBM HTTP Server](<http://www-01.ibm.com/support/docview.wss?uid=swg21988026>)\n * [Security Bulletin: Cross-site scripting vulnerability in IBM WebSphere Application Server Liberty Profile (CVE-2016-3042)](<http://www-01.ibm.com/support/docview.wss?uid=swg21986716>)\n * [Security Bulletin: Open Redirect vulnerability in WebSphere Application Server Liberty (CVE-2016-3040)](<http://www-01.ibm.com/support/docview.wss?uid=swg21986715>)\n * [Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2016-5983)](<http://www.ibm.com/support/docview.wss?uid=swg21990060>) \n\nfor vulnerability details and information about fixes. \n\n## Affected Products and Versions\n\n * * WebSphere Process Server V7.x\n * WebSphere Dynamic Process Edition V7.x\n * WebSphere Lombardi Edition V7.2.0.x\n * IBM Business Process Manager V7.5.0.0 through V7.5.1.2\n * IBM Business Process Manager V8.0 through V8.0.1.3\n * IBM Business Process Manager V8.5.0 through V8.5.0.2\n * IBM Business Process Manager V8.5.5\n * IBM Business Process Manager V8.5.6 through V8.5.6.0 cumulative fix 2\n * IBM Business Process Manager V8.5.7 through V8.5.7.0 cumulative fix 1\n \n \n_For__ earlier unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-15T07:05:56", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server, WebSphere Dynamic Process Edition, and WebSphere Lombardi Edition", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0359", "CVE-2016-0377", "CVE-2016-0378", "CVE-2016-0385", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2960", "CVE-2016-3040", "CVE-2016-3042", "CVE-2016-3092", "CVE-2016-3485", "CVE-2016-5983", "CVE-2016-5986"], "modified": "2018-06-15T07:05:56", "id": "C9B215C2E990733679984F0C6E86DB20EA1ED143683D79CFE88293360577ED49", "href": "https://www.ibm.com/support/pages/node/283509", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T21:44:42", "description": "## Summary\n\nThere are multiple security vulnerabilities that affect IBM WebSphere Application Server in IBM Cloud.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-1743](<https://vulners.com/cve/CVE-2017-1743>) \n**DESCRIPTION:** IBM WebSphere Application Server could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2015-0899](<https://vulners.com/cve/CVE-2015-0899>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system. This vulnerability also affects other products. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101770> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2018-1447](<https://vulners.com/cve/CVE-2018-1447>) \n**DESCRIPTION:** The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139972> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1553](<https://vulners.com/cve/CVE-2018-1553>) \n**DESCRIPTION:** IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142890> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2012-5783](<https://vulners.com/cve/CVE-2012-5783>) \n**DESCRIPTION:** Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79984> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [CVE-2012-1007](<https://vulners.com/cve/CVE-2012-1007>) \n**DESCRIPTION:** Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the upload-submit.do, processSimple.do and struts-cookbook/processDyna.do scripts. A remote attacker could exploit this vulnerability using the name or message parameter in a specially-crafted URL to execute script in a victim''s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/73052> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2016-1182](<https://vulners.com/cve/CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly properly restrict the Validator configuration bin ActionServlet.java. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113853> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2016-1181](<https://vulners.com/cve/CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113852> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1427](<https://vulners.com/cve/CVE-2018-1427>) \n**DESCRIPTION:** IBM GSKit contains several enviornment variables that a local attacker could overflow and cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139072> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1426](<https://vulners.com/cve/CVE-2018-1426>) \n**DESCRIPTION:** IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139071> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2016-0702_](<https://vulners.com/cve/CVE-2016-0702>) \n**DESCRIPTION:** OpenSSL could allow a local attacker to obtain sensitive information, caused by a side-channel attack against a system based on the Intel Sandy-Bridge microarchitecture. An attacker could exploit this vulnerability to recover RSA keys. \nCVSS Base Score: 2.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111144_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111144>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThis vulnerability affects the following versions and releases of IBM WebSphere Application Server: \nLiberty \nVersion 9.0 \nVersion 8.5\n\n## Remediation/Fixes\n\nTo patch an existing service instance refer to the IBM WebSphere Application Server bulletins listed below:\n\n1\\. [Security Bulletin: Information Disclosure in WebSphere Application Server (CVE-2017-1743)](<http://www-01.ibm.com/support/docview.wss?uid=swg22013601>)\n\n2\\. [Security Bulletin: Potential vulnerability in WebSphere Application Server (CVE-2015-0899)](<http://www-01.ibm.com/support/docview.wss?uid=swg22015348>)\n\n3\\. [ Security Bulletin: Multiple vulnerabilities GSKit bundled with IBM HTTP Server](<http://www-01.ibm.com/support/docview.wss?uid=swg22015347>)\n\n4\\. [Security Bulletin: Information disclosure in WebSphere Application Server Liberty (CVE-2018-1553)](<http://www-01.ibm.com/support/docview.wss?uid=swg22016218>)\n\n5\\. [Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783)](<http://www-01.ibm.com/support/docview.wss?uid=swg22016216>)\n\n6\\. [Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI](<http://www-01.ibm.com/support/docview.wss?uid=swg22016214>)\n\n7\\. [Security Bulletin: Multiple vulnerabilities GSKit bundled with IBM HTTP Server](<http://www-01.ibm.com/support/docview.wss?uid=swg22015347>)\n\nAlternatively, delete the vulnerable service instance and create a new instance. \n\n\n## Workarounds and Mitigations\n\nnone.\n\n## Monitor IBM Cloud Status for Future Security Bulletins\n\nMonitor the [security notifications](<https://cloud.ibm.com/status?selected=security>) on the IBM Cloud Status page to be advised of future security bulletins.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n20 July 2018: original document published \n28 January 2019: Added CVE-2016-0702 to vulnerability details\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SSKKCK\",\"label\":\"IBM WebSphere Application Server in IBM Cloud\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB36\",\"label\":\"IBM Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-01-28T14:05:02", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1007", "CVE-2012-5783", "CVE-2014-0114", "CVE-2015-0899", "CVE-2016-0702", "CVE-2016-1181", "CVE-2016-1182", "CVE-2017-1743", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-1426", "CVE-2018-1427", "CVE-2018-1447", "CVE-2018-1553"], "modified": "2019-01-28T14:05:02", "id": "DEAFA2DB54593AA80919E191E6F6089E8FC07DD6414224DF7420DF6F55DF4BC8", "href": "https://www.ibm.com/support/pages/node/717691", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:53:37", "description": "## Summary\n\nStruts vulnerabilities affect IBM InfoSphere Information Server. IBM InfoSphere Information Server has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-4430_](<https://vulners.com/cve/CVE-2016-4430>) \n**DESCRIPTION:** Apache Struts is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed expression to bypass token validation. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114185_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114185>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-4431_](<https://vulners.com/cve/CVE-2016-4431>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the default action method. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass internal security mechanism and redirect the victim to an arbitrary site. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114187_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114187>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-4433_](<https://vulners.com/cve/CVE-2016-4433>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the Getter as action method. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass internal security mechanism and redirect the victim to an arbitrary site. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114186_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114186>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-4436_](<https://vulners.com/cve/CVE-2016-4436>) \n**DESCRIPTION:** An unspecified error Apache Struts related to the method used to clean up action name has an unknown impact and attack vector. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114183_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114183>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-4438_](<https://vulners.com/cve/CVE-2016-4438>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system. By passing a malicious expression when using the REST Plugin, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114184_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114184>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4465_](<https://vulners.com/cve/CVE-2016-4465>) \n**DESCRIPTION:** Apache Struts is vulnerable to a denial of service, caused by an error when using a built-in URLValidator. An attacker could exploit this vulnerability to overload the server process. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114188_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114188>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-0785_](<https://vulners.com/cve/CVE-2016-0785>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a double OGNL evaluation of attribute values. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111513_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111513>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n \n \n**CVEID:** [_CVE-2016-2162_](<https://vulners.com/cve/CVE-2016-2162>) \n**DESCRIPTION:** Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the I18NInterceptor. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111515_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111515>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2016-4003_](<https://vulners.com/cve/CVE-2016-4003>) \n**DESCRIPTION:** Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the URLDecoder implementation. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111514_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111514>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2016-3081_](<https://vulners.com/cve/CVE-2016-3081>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the passing of a malicious expression when Dynamic Method Invocation is enabled. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112528_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112528>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID:** [_CVE-2016-3082_](<https://vulners.com/cve/CVE-2016-3082>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the use of XSLTResult to parse arbitrary stylesheet. An attacker could exploit this vulnerability to inject and execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112527_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112527>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID:** [_CVE-2016-3087_](<https://vulners.com/cve/CVE-2016-3087>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the passing of a malicious expression when Dynamic Method Invocation is enabled. An attacker could exploit this vulnerability using the REST Plugin to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113685_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113685>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-3093_](<https://vulners.com/cve/CVE-2016-3093>) \n**DESCRIPTION:** Apache Struts is vulnerable to a denial of service, caused by the improper implementation of cache used to store method references by the OGNL expression language. An attacker could exploit this vulnerability to block access to a Web site. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113686_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113686>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n\n## Affected Products and Versions\n\nThe following product, running on all supported platforms, is affected: \nIBM InfoSphere Information Server: versions 8.5, 8.7, 9.1, 11.3, and 11.5 \nIBM InfoSphere Information Governance Catalog: versions 11.3, and 11.5 \nIBM InfoSphere Metadata Workbench: versions 8.5, 8.7, and 9.1\n\n## Remediation/Fixes\n\n**_Product_**\n\n| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nInfoSphere Information Server, Information Governance Catalog| 11.5| JR56313| \\--Apply IBM InfoSphere Information Server version [_11.5.0.1_](<http://www-01.ibm.com/support/docview.wss?uid=swg24041893>) \n\\--Apply IBM InfoSphere Information Server Framework [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11501_isf_ru3_services_engine_client_multi>) \n\\--Apply IBM InfoSphere Information Governance[_ Rollup patch 5_](<http://www-01.ibm.com/support/docview.wss?uid=swg24042914>) \nInfoSphere Information Server, Information Governance Catalog| 11.3| JR56313| \\--Apply IBM InfoSphere Information Server version [_11.3.1.2 _](<http://www-01.ibm.com/support/docview.wss?uid=swg24040138>) \n\\--Apply IBM InfoSphere Information Server Framework [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11312_isf_ru5_services_engine_client_multi>) \n\\--Apply IBM InfoSphere Information Governance Catalog [_Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11312_IGC_ru23_server_client_multi>) \nInfoSphere Information Server, Metadata Workbench| 9.1| JR56313| \\--Apply IBM InfoSphere Information Server version [_9.1.2.0_](<http://www-01.ibm.com/support/docview.wss?uid=swg24035470>) \n\\--Apply IBM InfoSphere Information Server Framework [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is912_isf_ru11_services_engine_client_multi>) \n\\--Apply IBM InfoSphere Information Server Metadata Workbench [_Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is912_JR56302_MWB_server_engine_client_multi>) \nInfoSphere Information Server, Metadata Workbench| 8.7| JR56313| \\--Apply IBM InfoSphere Information Server version [_8.7 Fix Pack 2_](<http://www-01.ibm.com/support/docview.wss?uid=swg24034359>) \n\\--Apply IBM InfoSphere Information Server Framework [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is8702_isf_ru4_services_engine_client_multi>) \n\\--Apply IBM InfoSphere Information Server Metadata Workbench [_Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is8702_JR56302_MWB_server_engine_client_multi>) \n \nNote: \n1\\. Some fixes require installing both a fix pack and a subsequent patch. While the fix pack must be installed first, any additional patches required may be installed in any order. \n2\\. For IBM InfoSphere Information Server version 8.5, IBM recommends upgrading to a fixed, supported version/release/platform of the product. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T13:42:18", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Struts affect IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0785", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2162", "CVE-2016-3081", "CVE-2016-3082", "CVE-2016-3087", "CVE-2016-3093", "CVE-2016-4003", "CVE-2016-4430", "CVE-2016-4431", "CVE-2016-4433", "CVE-2016-4436", "CVE-2016-4438", "CVE-2016-4465"], "modified": "2018-06-16T13:42:18", "id": "F7297DEE78789012F7802C00A7D437B06424929237D39542808A1D9905687922", "href": "https://www.ibm.com/support/pages/node/549551", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:51:23", "description": "## Summary\n\nThere were multiple security vulnerabilities fixed in the IBM Security Privileged Identity Manager Product\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-2996](<https://vulners.com/cve/CVE-2016-2996>)** \nDESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance could allow an authenticated user to append lines to any file on the system due to an error with input validation. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114150> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [CVE-2015-5194](<https://vulners.com/cve/CVE-2015-5194>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an uninitialized variable when processing malicious commands. By sending a specially crafted logconfig configuration command, a remote authenticated attacker could exploit this vulnerability to cause the daemon to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107595> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2015-7692](<https://vulners.com/cve/CVE-2015-7692>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107450> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2015-5195](<https://vulners.com/cve/CVE-2015-5195>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by the referencing of a statistics type that was not enabled during compilation by the statistics or filegen configuration command. By sending a specially crafted config command with statistics type, a remote authenticated attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107596> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2015-5219](<https://vulners.com/cve/CVE-2015-5219>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the sntp program. By sending specially crafted NTP packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107597> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2015-7691](<https://vulners.com/cve/CVE-2015-7691>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107449> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2015-7701](<https://vulners.com/cve/CVE-2015-7701>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107444> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2015-7702](<https://vulners.com/cve/CVE-2015-7702>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107451> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2015-7703](<https://vulners.com/cve/CVE-2015-7703>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system, caused by the failure to enforce local access only of the \"pidfile\" and \"driftfile\" configuration directives. An attacker could exploit this vulnerability to view arbitrary files on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107445> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2015-7852](<https://vulners.com/cve/CVE-2015-7852>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by thecookedprint functionality. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107439> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2015-7978](<https://vulners.com/cve/CVE-2015-7978>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service. By sending a specially crafted reslist command, an attacker could exploit this vulnerability to consume all available stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110023> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2015-7977](<https://vulners.com/cve/CVE-2015-7977>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted ntpdc reslist command, an attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110022> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2015-7979](<https://vulners.com/cve/CVE-2015-7979>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions. By sending specially crafted broadcast packets with bad authentication, an attacker could exploit this vulnerability to cause the target broadcast client to tear down the association with the broadcast server. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110024> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2016-1547](<https://vulners.com/cve/CVE-2016-1547>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the demobilization of a preemptable client association. By sending specially crafted crypto NAK packets, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112739> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-1548](<https://vulners.com/cve/CVE-2016-1548>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions, caused by an error in the ntpd client. By changing the client from basic client/server mode to interleaved symmetric mode, an attacker could exploit this vulnerability to modify the time of the client or cause a denial of service. \nCVSS Base Score: 7.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112740> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2016-1550](<https://vulners.com/cve/CVE-2016-1550>)** \nDESCRIPTION:** NTP could allow a local attacker to bypass security restrictions, caused by the failure to use a constant-time memory comparison function when validating the authentication digest on incoming packets. By sending a specially crafted packet with an authentication payload, an attacker could exploit this vulnerability to conduct a timing attack to compute the value of the valid authentication digest. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112742> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2016-2518](<https://vulners.com/cve/CVE-2016-2518>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error when using a specially crafted packet to create a peer association with hmode > 7\\. An attacker could exploit this vulnerability to cause the MATCH_ASSOC() function to trigger an out-of-bounds read. \nCVSS Base Score: 2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112746> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n \n**CVEID:** [CVE-2015-5352](<https://vulners.com/cve/CVE-2015-5352>) \n** \nDESCRIPTION:** OpenSSH could allow a remote authenticated attacker to bypass security restrictions, caused by an error when making connections after ForwardX11Timeout expired. If X11 connections are forwarded with ForwardX11Trusted=no, an attacker could exploit this vulnerability to bypass XSECURITY restrictions. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/104418> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n\n**CVEID:** [CVE-2015-6563](<https://vulners.com/cve/CVE-2015-6563>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to bypass security restrictions, caused by the acceptance of extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests by the monitor component in sshd. An attacker could exploit this vulnerability to conduct impersonation attacks. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105881> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2015-6564](<https://vulners.com/cve/CVE-2015-6564>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the mm_answer_pam_free_ctx function. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n \n**CVEID:** [CVE-2016-3627](<https://vulners.com/cve/CVE-2016-3627>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by an error in the xmlStringGetNodeList() function when parsing xml files while in recover mode. An attacker could exploit this vulnerability to exhaust the stack and cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111586> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2016-3705](<https://vulners.com/cve/CVE-2016-3705>)** \nDESCRIPTION:** libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck() and xmlParseAttValueComplex() functions in parser.c. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2016-4447](<https://vulners.com/cve/CVE-2016-4447>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113522> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n \n**CVEID:** [CVE-2016-1181](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113852> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [CVE-2016-1182](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113853> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n \n**CVEID:** [CVE-2016-0353](<https://vulners.com/cve/CVE-2016-0353>)** \nDESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111892> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Security Privileged Identity Manager 2.0\n\n## Remediation/Fixes\n\nAffected Versions\n\n| Fix Availability \n---|--- \nISPIM 2.0| [ISPIM 2.0.2 Fixpack 8](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%2BSecurity&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.0.2&platform=Linux&function=fixId&fixids=2.0.2-ISS-ISPIM-VA-FP0008&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&login=true>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-16T21:45:20", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Privileged Identity Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5219", "CVE-2015-5352", "CVE-2015-6563", "CVE-2015-6564", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7852", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2016-0353", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2518", "CVE-2016-2996", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447"], "modified": "2018-06-16T21:45:20", "id": "366FA55EE0B09B40AABB041DB433F5E49FC0E42F7988440387EBE3EED9DBAE91", "href": "https://www.ibm.com/support/pages/node/549235", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:50:25", "description": "## Summary\n\nIBM Security Guardium is affected by Using Components with Known vulnerabilities. IBM Security Guardium has fixed these vulnerabilities\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3584_](<https://vulners.com/cve/CVE-2014-3584>)** \nDESCRIPTION:** Apache CXF is vulnerable to a denial of service, caused by the processing of SAML tokens received in the authorization header of a request by the Apache CXF JAX-RS service. By passing malicious values using the SamlHeaderInHandler, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97753_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97753>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3538_](<https://vulners.com/cve/CVE-2014-3538>)** \nDESCRIPTION:** Fine Free file is vulnerable to a denial of service, caused by the failure to properly restrict the amount of data read during a regex search. A remote attacker could exploit this vulnerability using a specially-crafted file to consume all available CPU resources. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94324_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94324>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2016-9311_](<https://vulners.com/cve/CVE-2016-9311>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by a NULL pointer dereference when trap service has been enabled. By sending specially crafted packets, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119086_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119086>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9310_](<https://vulners.com/cve/CVE-2016-9310>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error in the control mode (mode 6) functionality. By sending specially crafted control mode packets, a remote attacker could exploit this vulnerability to obtain sensitive information and cause the application to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119087_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119087>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n**CVEID:** [_CVE-2016-9147_](<https://vulners.com/cve/CVE-2016-9147>)** \nDESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing DNSSEC-related RRsets that are inconsistent with other RRsets in the same query response. By sending a malformed response, a remote attacker could exploit this vulnerability to trigger an assertion failure. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120473_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120473>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8635_](<https://vulners.com/cve/CVE-2016-8635>)** \nDESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to obtain sensitive information, caused by a small subgroup confinement attack in Diffie Hellman Client key exchange handling. By confining the client DH key to small subgroup of the desired group, a remote attacker could exploit this vulnerability to recover private keys. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119190_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119190>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-7545_](<https://vulners.com/cve/CVE-2016-7545>)** \nDESCRIPTION:** Policycoreutils could allow a remote attacker to execute arbitrary commands on the system, caused by a TIOCSTI ioctl attack in the provided sandbox tool. By persuading a victim to run a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119020_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119020>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-7433_](<https://vulners.com/cve/CVE-2016-7433>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the inclusion of the root delay allowing for an incorrect root distance calculation. An attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119095_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119095>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7429_](<https://vulners.com/cve/CVE-2016-7429>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an attack on interface selection. By sending specially crafted packets with spoofed source address, a physical attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119093_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119093>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7426_](<https://vulners.com/cve/CVE-2016-7426>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the improper handling of invalid server responses. By sending specially crafted packets with spoofed source address, a remote attacker could exploit this vulnerability to a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119094_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119094>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7117_](<https://vulners.com/cve/CVE-2016-7117>)** \nDESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in __sys_recvmmsg function in net/socket.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117765_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117765>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-7076_](<https://vulners.com/cve/CVE-2016-7076>)** \nDESCRIPTION:** Sudo could allow a local authenticated attacker to execute arbitrary commands on the system, caused by the bypass of the sudo noexec restriction. By running an application via sudo executed wordexp() C library function with a user supplied argument, an attacker could exploit this vulnerability to execute arbitrary commands with elevated privileges. \nCVSS Base Score: 6.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119502_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119502>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-7032_](<https://vulners.com/cve/CVE-2016-7032>)** \nDESCRIPTION:** Sudo could allow a local authenticated attacker to execute arbitrary commands on the system, caused by the bypass of the sudo noexec restriction. By running an application via sudo executed system() or popen() C library functions with a user supplied argument, an attacker could exploit this vulnerability to execute arbitrary commands with elevated privileges. \nCVSS Base Score: 6.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119500_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119500>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-6313_](<https://vulners.com/cve/CVE-2016-6313>)** \nDESCRIPTION:** GnuPG could provide weaker than expected security, caused by an error in the mixing functions when obtaining 4640 bits from the random number generator. A local attacker could exploit this vulnerability to predict the next 160 bits of output. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116169_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116169>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6306_](<https://vulners.com/cve/CVE-2016-6306>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by missing message length checks when parsing certificates. A remote authenticated attacker could exploit this vulnerability to trigger an out-of-bounds read and cause a denial of service. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117112_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117112>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-6304_](<https://vulners.com/cve/CVE-2016-6304>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by multiple memory leaks in t1_lib.c during session renegotiation. By sending an overly large OCSP Status Request extension, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117110_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117110>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6302_](<https://vulners.com/cve/CVE-2016-6302>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to consider the HMAC size during validation of the ticket length by the tls_decrypt_ticket function A remote attacker could exploit this vulnerability using a ticket that is too short to cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-5699_](<https://vulners.com/cve/CVE-2016-5699>)** \nDESCRIPTION:** urllib2 and urllib for Python are vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114200_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114200>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-5424_](<https://vulners.com/cve/CVE-2016-5424>)** \nDESCRIPTION:** PostgreSQL could allow a remote authenticated attacker to gain elevated privileges on the system, caused by the improper handling of database and role names containing newlines, carriage returns, double quotes, or backslashes. By running certain maintenance programs, an attacker could grant the user superuser privileges. \nCVSS Base Score: 8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116075_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116075>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-5408_](<https://vulners.com/cve/CVE-2016-5408>)** \nDESCRIPTION:** SQUID is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the munge_other_line function in the cachemgr.cgi. By sending specially crafted data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116203_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116203>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-5285_](<https://vulners.com/cve/CVE-2016-5285>)** \nDESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, is vulnerable to a denial of service, caused by a NULL pointer dereference in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime when handling invalid Diffie-Hellman keys. A remote attacker could exploit this vulnerability to crash a TLS/SSL server. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119189_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119189>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2834_](<https://vulners.com/cve/CVE-2016-2834>)** \nDESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-2182_](<https://vulners.com/cve/CVE-2016-2182>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds write in the TS_OBJ_print_bio function in crypto/bn/bn_print.c. A remote attacker could exploit this vulnerability using a specially crafted value to cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116342_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116342>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2181_](<https://vulners.com/cve/CVE-2016-2181>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the DTLS replay protection implementation. By sending a specially crafted sequence number, a remote attacker could exploit this vulnerability to cause valid packets to be dropped. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116344_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116344>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2180_](<https://vulners.com/cve/CVE-2016-2180>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in the TS_OBJ_print_bio function. A remote attacker could exploit this vulnerability using a specially crafted time-stamp file to cause the application to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115829_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115829>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-2179_](<https://vulners.com/cve/CVE-2016-2179>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted DTLS record fragments to fill up buffer queues, a remote attacker could exploit this vulnerability to open a large number of simultaneous connections and consume all available memory resources. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116343_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116343>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2178_](<https://vulners.com/cve/CVE-2016-2178>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DSA implementation that allows the following of a non-constant time codepath for certain operations. An attacker could exploit this vulnerability using a cache-timing attack to recover the private DSA key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-1248_](<https://vulners.com/cve/CVE-2016-1248>)** \nDESCRIPTION:** Vim could allow a local attacker to execute arbitrary code on the system, caused by the improper validation of the ''filetype'', ''syntax'' and ''keymap'' options. By using a specially-crafted filee with a malicious modeline, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119191_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119191>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-0787_](<https://vulners.com/cve/CVE-2016-0787>)** \nDESCRIPTION:** libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the generation of a reduced amount of random bits for Diffie-Hellman. An attacker could exploit this vulnerability using the truncated Diffie-Hellman secret to launch further attacks on the system. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111562_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111562>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-0772_](<https://vulners.com/cve/CVE-2016-0772>)** \nDESCRIPTION:** Python''s smtplib library is vulnerable to a stripping attack. An exception isn''t returned by the Python''s smtplib library if StartTLS fails to establish correctly in the SMTP.starttls() function. An attacker with man-in-the-middle ability could exploit this vulnerability to strip out the STARTTLS command without generating an exception on the python SMTP client application and prevent the establishment of the TLS layer. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114287_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114287>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-0718_](<https://vulners.com/cve/CVE-2016-0718>)** \nDESCRIPTION:** Expat is vulnerable to a buffer overflow, caused by improper bounds checking when processing malformed XML data. By using the Expat library, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113408_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113408>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-7940_](<https://vulners.com/cve/CVE-2015-7940>)** \nDESCRIPTION:** Bouncy Castle could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability using an invalid curve attack to extract private keys used in elliptic curve cryptography and obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-2575_](<https://vulners.com/cve/CVE-2015-2575>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/J component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102348_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102348>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0254_](<https://vulners.com/cve/CVE-2015-0254>)** \nDESCRIPTION:** Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101550_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101550>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2014-9653_](<https://vulners.com/cve/CVE-2014-9653>)** \nDESCRIPTION:** file could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in readelf.c. By persuading a victim to open a specially-crafted elf file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100749_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100749>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2014-9620_](<https://vulners.com/cve/CVE-2014-9620>)** \nDESCRIPTION:** File is vulnerable to a denial of service, caused by an error in the ELF parser. A remote attacker could exploit this vulnerability using an overly long string to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100258_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100258>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8117_](<https://vulners.com/cve/CVE-2014-8117>)** \nDESCRIPTION:** file(1) is vulnerable to a denial of service, caused by an error in the softmagic.c file. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99419_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99419>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8116_](<https://vulners.com/cve/CVE-2014-8116>)** \nDESCRIPTION:** file(1) is vulnerable to a denial of service, caused by an error in the readelf.c file. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99418_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99418>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3710_](<https://vulners.com/cve/CVE-2014-3710>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by an out-of-bounds read in the donote() function. By persuading a victim to open a specially-crafted elf file, a remote attacker could exploit this vulnerability to cause the executable to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/98385_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/98385>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3587_](<https://vulners.com/cve/CVE-2014-3587>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by an incomplete fix related to the cdf_read_property_info() function. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95408_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95408>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2 \n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Guardium| 10x| [_https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p230_GPU_Jun-2017-V10.1.3&includeSupersedes=0&source=fc_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p230_GPU_Jun-2017-V10.1.3&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T22:02:01", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is affected by Using Components with Known vulnerabilities (multiple CVEs)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3538", "CVE-2014-3584", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653", "CVE-2015-0254", "CVE-2015-2575", "CVE-2015-7940", "CVE-2016-0718", "CVE-2016-0772", "CVE-2016-0787", "CVE-2016-1248", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2834", "CVE-2016-5285", "CVE-2016-5408", "CVE-2016-5424", "CVE-2016-5699", "CVE-2016-6302", "CVE-2016-6304", "CVE-2016-6306", "CVE-2016-6313", "CVE-2016-7032", "CVE-2016-7076", "CVE-2016-7117", "CVE-2016-7426", "CVE-2016-7429", "CVE-2016-7433", "CVE-2016-7545", "CVE-2016-8635", "CVE-2016-9147", "CVE-2016-9310", "CVE-2016-9311"], "modified": "2018-06-16T22:02:01", "id": "A9C254F86614D2334E5A1624EEBD7497A5FA74BEC3159FA2530927B6C4A89585", "href": "https://www.ibm.com/support/pages/node/566897", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:49:44", "description": "## Summary\n\nIBM Security Guardium is affected by Using Components with Known Vulnerabilities. IBM Security Guardium has fixed these vulnerabilities \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3584_](<https://vulners.com/cve/CVE-2014-3584>)** \nDESCRIPTION:** Apache CXF is vulnerable to a denial of service, caused by the processing of SAML tokens received in the authorization header of a request by the Apache CXF JAX-RS service. By passing malicious values using the SamlHeaderInHandler, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97753_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97753>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3538_](<https://vulners.com/cve/CVE-2014-3538>)** \nDESCRIPTION:** Fine Free file is vulnerable to a denial of service, caused by the failure to properly restrict the amount of data read during a regex search. A remote attacker could exploit this vulnerability using a specially-crafted file to consume all available CPU resources. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94324_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94324>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2016-9311_](<https://vulners.com/cve/CVE-2016-9311>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by a NULL pointer dereference when trap service has been enabled. By sending specially crafted packets, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119086_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119086>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9310_](<https://vulners.com/cve/CVE-2016-9310>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error in the control mode (mode 6) functionality. By sending specially crafted control mode packets, a remote attacker could exploit this vulnerability to obtain sensitive information and cause the application to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119087_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119087>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n**CVEID:** [_CVE-2016-9147_](<https://vulners.com/cve/CVE-2016-9147>)** \nDESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing DNSSEC-related RRsets that are inconsistent with other RRsets in the same query response. By sending a malformed response, a remote attacker could exploit this vulnerability to trigger an assertion failure. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120473_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120473>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8635_](<https://vulners.com/cve/CVE-2016-8635>)** \nDESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to obtain sensitive information, caused by a small subgroup confinement attack in Diffie Hellman Client key exchange handling. By confining the client DH key to small subgroup of the desired group, a remote attacker could exploit this vulnerability to recover private keys. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119190_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119190>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-7545_](<https://vulners.com/cve/CVE-2016-7545>)** \nDESCRIPTION:** Policycoreutils could allow a remote attacker to execute arbitrary commands on the system, caused by a TIOCSTI ioctl attack in the provided sandbox tool. By persuading a victim to run a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119020_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119020>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-7433_](<https://vulners.com/cve/CVE-2016-7433>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the inclusion of the root delay allowing for an incorrect root distance calculation. An attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119095_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119095>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7429_](<https://vulners.com/cve/CVE-2016-7429>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an attack on interface selection. By sending specially crafted packets with spoofed source address, a physical attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119093_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119093>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7426_](<https://vulners.com/cve/CVE-2016-7426>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the improper handling of invalid server responses. By sending specially crafted packets with spoofed source address, a remote attacker could exploit this vulnerability to a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119094_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119094>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7117_](<https://vulners.com/cve/CVE-2016-7117>)** \nDESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in __sys_recvmmsg function in net/socket.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117765_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117765>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-7076_](<https://vulners.com/cve/CVE-2016-7076>)** \nDESCRIPTION:** Sudo could allow a local authenticated attacker to execute arbitrary commands on the system, caused by the bypass of the sudo noexec restriction. By running an application via sudo executed wordexp() C library function with a user supplied argument, an attacker could exploit this vulnerability to execute arbitrary commands with elevated privileges. \nCVSS Base Score: 6.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119502_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119502>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-7032_](<https://vulners.com/cve/CVE-2016-7032>)** \nDESCRIPTION:** Sudo could allow a local authenticated attacker to execute arbitrary commands on the system, caused by the bypass of the sudo noexec restriction. By running an application via sudo executed system() or popen() C library functions with a user supplied argument, an attacker could exploit this vulnerability to execute arbitrary commands with elevated privileges. \nCVSS Base Score: 6.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119500_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119500>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-6313_](<https://vulners.com/cve/CVE-2016-6313>)** \nDESCRIPTION:** GnuPG could provide weaker than expected security, caused by an error in the mixing functions when obtaining 4640 bits from the random number generator. A local attacker could exploit this vulnerability to predict the next 160 bits of output. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116169_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116169>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6306_](<https://vulners.com/cve/CVE-2016-6306>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by missing message length checks when parsing certificates. A remote authenticated attacker could exploit this vulnerability to trigger an out-of-bounds read and cause a denial of service. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117112_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117112>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-6304_](<https://vulners.com/cve/CVE-2016-6304>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by multiple memory leaks in t1_lib.c during session renegotiation. By sending an overly large OCSP Status Request extension, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117110_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117110>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6302_](<https://vulners.com/cve/CVE-2016-6302>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to consider the HMAC size during validation of the ticket length by the tls_decrypt_ticket function A remote attacker could exploit this vulnerability using a ticket that is too short to cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-5699_](<https://vulners.com/cve/CVE-2016-5699>)** \nDESCRIPTION:** urllib2 and urllib for Python are vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114200_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114200>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-5424_](<https://vulners.com/cve/CVE-2016-5424>)** \nDESCRIPTION:** PostgreSQL could allow a remote authenticated attacker to gain elevated privileges on the system, caused by the improper handling of database and role names containing newlines, carriage returns, double quotes, or backslashes. By running certain maintenance programs, an attacker could grant the user superuser privileges. \nCVSS Base Score: 8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116075_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116075>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-5408_](<https://vulners.com/cve/CVE-2016-5408>)** \nDESCRIPTION:** SQUID is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the munge_other_line function in the cachemgr.cgi. By sending specially crafted data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116203_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116203>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-5285_](<https://vulners.com/cve/CVE-2016-5285>)** \nDESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, is vulnerable to a denial of service, caused by a NULL pointer dereference in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime when handling invalid Diffie-Hellman keys. A remote attacker could exploit this vulnerability to crash a TLS/SSL server. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119189_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119189>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2834_](<https://vulners.com/cve/CVE-2016-2834>)** \nDESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-2182_](<https://vulners.com/cve/CVE-2016-2182>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds write in the TS_OBJ_print_bio function in crypto/bn/bn_print.c. A remote attacker could exploit this vulnerability using a specially crafted value to cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116342_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116342>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2181_](<https://vulners.com/cve/CVE-2016-2181>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the DTLS replay protection implementation. By sending a specially crafted sequence number, a remote attacker could exploit this vulnerability to cause valid packets to be dropped. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116344_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116344>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2180_](<https://vulners.com/cve/CVE-2016-2180>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in the TS_OBJ_print_bio function. A remote attacker could exploit this vulnerability using a specially crafted time-stamp file to cause the application to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115829_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115829>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-2179_](<https://vulners.com/cve/CVE-2016-2179>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted DTLS record fragments to fill up buffer queues, a remote attacker could exploit this vulnerability to open a large number of simultaneous connections and consume all available memory resources. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116343_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116343>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2178_](<https://vulners.com/cve/CVE-2016-2178>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DSA implementation that allows the following of a non-constant time codepath for certain operations. An attacker could exploit this vulnerability using a cache-timing attack to recover the private DSA key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-1248_](<https://vulners.com/cve/CVE-2016-1248>)** \nDESCRIPTION:** Vim could allow a local attacker to execute arbitrary code on the system, caused by the improper validation of the ''filetype'', ''syntax'' and ''keymap'' options. By using a specially-crafted filee with a malicious modeline, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119191_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119191>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-0787_](<https://vulners.com/cve/CVE-2016-0787>)** \nDESCRIPTION:** libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the generation of a reduced amount of random bits for Diffie-Hellman. An attacker could exploit this vulnerability using the truncated Diffie-Hellman secret to launch further attacks on the system. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111562_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111562>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-0772_](<https://vulners.com/cve/CVE-2016-0772>)** \nDESCRIPTION:** Python''s smtplib library is vulnerable to a stripping attack. An exception isn''t returned by the Python''s smtplib library if StartTLS fails to establish correctly in the SMTP.starttls() function. An attacker with man-in-the-middle ability could exploit this vulnerability to strip out the STARTTLS command without generating an exception on the python SMTP client application and prevent the establishment of the TLS layer. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114287_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114287>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-0718_](<https://vulners.com/cve/CVE-2016-0718>)** \nDESCRIPTION:** Expat is vulnerable to a buffer overflow, caused by improper bounds checking when processing malformed XML data. By using the Expat library, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113408_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113408>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-7940_](<https://vulners.com/cve/CVE-2015-7940>)** \nDESCRIPTION:** Bouncy Castle could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability using an invalid curve attack to extract private keys used in elliptic curve cryptography and obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-2575_](<https://vulners.com/cve/CVE-2015-2575>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/J component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102348_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102348>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0254_](<https://vulners.com/cve/CVE-2015-0254>)** \nDESCRIPTION:** Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101550_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101550>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2014-9653_](<https://vulners.com/cve/CVE-2014-9653>)** \nDESCRIPTION:** file could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in readelf.c. By persuading a victim to open a specially-crafted elf file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100749_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100749>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2014-9620_](<https://vulners.com/cve/CVE-2014-9620>)** \nDESCRIPTION:** File is vulnerable to a denial of service, caused by an error in the ELF parser. A remote attacker could exploit this vulnerability using an overly long string to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100258_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100258>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8117_](<https://vulners.com/cve/CVE-2014-8117>)** \nDESCRIPTION:** file(1) is vulnerable to a denial of service, caused by an error in the softmagic.c file. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99419_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99419>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8116_](<https://vulners.com/cve/CVE-2014-8116>)** \nDESCRIPTION:** file(1) is vulnerable to a denial of service, caused by an error in the readelf.c file. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99418_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99418>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3710_](<https://vulners.com/cve/CVE-2014-3710>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by an out-of-bounds read in the donote() function. By persuading a victim to open a specially-crafted elf file, a remote attacker could exploit this vulnerability to cause the executable to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/98385_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/98385>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3587_](<https://vulners.com/cve/CVE-2014-3587>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by an incomplete fix related to the cdf_read_property_info() function. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95408_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95408>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2, 10.1.3\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Guardium| 10.0-10.1.3| [www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes=0&source=fc](<www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T22:03:01", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3538", "CVE-2014-3584", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653", "CVE-2015-0254", "CVE-2015-2575", "CVE-2015-7940", "CVE-2016-0718", "CVE-2016-0772", "CVE-2016-0787", "CVE-2016-1248", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2834", "CVE-2016-5285", "CVE-2016-5408", "CVE-2016-5424", "CVE-2016-5699", "CVE-2016-6302", "CVE-2016-6304", "CVE-2016-6306", "CVE-2016-6313", "CVE-2016-7032", "CVE-2016-7076", "CVE-2016-7117", "CVE-2016-7426", "CVE-2016-7429", "CVE-2016-7433", "CVE-2016-7545", "CVE-2016-8635", "CVE-2016-9147", "CVE-2016-9310", "CVE-2016-9311"], "modified": "2018-06-16T22:03:01", "id": "233226C0332001C81596C237819F64BB35F4B49297346F216B4DC90C72D26485", "href": "https://www.ibm.com/support/pages/node/297165", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:51:50", "description": "## Summary\n\nThere are multiple vulnerabilities identified in IBM Guardium Data Encryption (GDE) .These vulnerabilities have been fixed in GDE 4.0.0.3. Please apply the latest version for the fixes.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-4697](<https://vulners.com/cve/CVE-2019-4697>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) stores user credentials in plain in clear text which can be read by an authenticated user. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171928](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171928>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2019-12814](<https://vulners.com/cve/CVE-2019-12814>) \n**DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue. By sending a specially-crafted JSON message, an attacker could exploit this vulnerability to read arbitrary local files on the server. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2019-12384](<https://vulners.com/cve/CVE-2019-12384>) \n**DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block the logback-core class from polymorphic deserialization. By sending a specially-crafted JSON message, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162849](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162849>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-12086](<https://vulners.com/cve/CVE-2019-12086>) \n**DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a Polymorphic Typing issue that occurs due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. By sending a specially-crafted JSON message, a remote attacker could exploit this vulnerability to read arbitrary local files on the server. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161256](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161256>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2018-19362](<https://vulners.com/cve/CVE-2018-19362>) \n**DESCRIPTION: **An unspecified error with failure to block the jboss-common-core class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155093](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155093>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2018-19361](<https://vulners.com/cve/CVE-2018-19361>) \n**DESCRIPTION: **An unspecified error with failure to block the openjpa class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155092](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155092>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2018-19360](<https://vulners.com/cve/CVE-2018-19360>) \n**DESCRIPTION: **An unspecified error with failure to block the axis2-transport-jms class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155091](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155091>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2018-14721](<https://vulners.com/cve/CVE-2018-14721>) \n**DESCRIPTION: **FasterXML jackson-databind is vulnerable to server-side request forgery, caused by the failure to block the axis2-jaxws class from polymorphic deserialization. A remote authenticated attacker could exploit this vulnerability to obtain sensitive data. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155136](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155136>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2018-14720](<https://vulners.com/cve/CVE-2018-14720>) \n**DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by JDK classes. By sending a specially-crafted XML data. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155137](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155137>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2018-14719](<https://vulners.com/cve/CVE-2018-14719>) \n**DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155138](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155138>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2018-1000873](<https://vulners.com/cve/CVE-2018-1000873>) \n**DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by improper input validation by the nanoseconds time value field. By persuading a victim to deserialize specially-crafted input, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154804](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154804>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2019-4691](<https://vulners.com/cve/CVE-2019-4691>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171828](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171828>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2019-4694](<https://vulners.com/cve/CVE-2019-4694>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171832](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171832>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2017-12974](<https://vulners.com/cve/CVE-2017-12974>) \n**DESCRIPTION: **Connect2id Nimbus JOSE+JWT could provide weaker than expected security, caused by proceeding with ECKey construction without ensuring that the public x and y coordinates are on the specified curve. A remote attacker could exploit this vulnerability to conduct an Invalid Curve Attack. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/130788](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130788>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2017-12973](<https://vulners.com/cve/CVE-2017-12973>) \n**DESCRIPTION: **Connect2id Nimbus JOSE+JWT could provide weaker than expected security, caused by proceeding improperly after detection of an invalid HMAC in authenticated AES-CBC decryption. A remote attacker could exploit this vulnerability to conduct a padding oracle attack. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/130789](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130789>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2017-12972](<https://vulners.com/cve/CVE-2017-12972>) \n**DESCRIPTION: **Connect2id Nimbus JOSE+JWT could provide weaker than expected security, caused by the lack of integer-overflow check when converting length values from bytes to bits. A remote attacker could exploit this vulnerability to conduct a HMAC bypass attack. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/130790](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130790>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2019-4699](<https://vulners.com/cve/CVE-2019-4699>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) generates an error message that includes sensitive information about its environment, users, or associated data. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171931](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171931>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2019-4688](<https://vulners.com/cve/CVE-2019-4688>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171825](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171825>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2019-10247](<https://vulners.com/cve/CVE-2019-10247>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160610](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160610>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2019-10241](<https://vulners.com/cve/CVE-2019-10241>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2018-12536](<https://vulners.com/cve/CVE-2018-12536>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted URL request to the java.nio.file.InvalidPathException function using an invalid parameter to cause an error message to be returned containing the full installation path. An attacker could use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145523](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145523>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2017-9735](<https://vulners.com/cve/CVE-2017-9735>) \n**DESCRIPTION: **Jetty could allow a remote attacker to obtain sensitive information, caused by a timing channel flaw in util/security/Password.java. By observing elapsed times before rejection of incorrect passwords, an attacker could exploit this vulnerability to obtain access information. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/127842](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127842>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2017-7658](<https://vulners.com/cve/CVE-2017-7658>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145522](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145522>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2017-7657](<https://vulners.com/cve/CVE-2017-7657>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2017-7656](<https://vulners.com/cve/CVE-2017-7656>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw in the HTTP/1.x Parser. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145520](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145520>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2019-10072](<https://vulners.com/cve/CVE-2019-10072>) \n**DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by HTTP/2 connection window exhaustion on write. By failing to send WINDOW_UPDATE messages, a remote attacker could exploit this vulnerability to block threads on the server and cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162806](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162806>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2019-0232](<https://vulners.com/cve/CVE-2019-0232>) \n**DESCRIPTION: **Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the way JRE passes command-line arguments when enableCmdLineArguments is enabled. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159398](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159398>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-0221](<https://vulners.com/cve/CVE-2019-0221>) \n**DESCRIPTION: **Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the SSI printenv command. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161746](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161746>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2019-0199](<https://vulners.com/cve/CVE-2019-0199>) \n**DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by the acceptance of streams with excessive numbers of SETTINGS frames and the permitting of clients to keep streams open without reading/writing request data by the HTTP/2 implementation. By sending excessive SETTINGS frames, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158637](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158637>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-3778](<https://vulners.com/cve/CVE-2019-3778>) \n**DESCRIPTION: **Spring Security OAuth could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in authorization endpoint. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158330](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158330>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2019-11269](<https://vulners.com/cve/CVE-2019-11269>) \n**DESCRIPTION: **Spring Security OAuth could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using redirect_uri parameter in a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162650](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162650>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2019-3795](<https://vulners.com/cve/CVE-2019-3795>) \n**DESCRIPTION: **Pivotal Spring Security could provide weaker than expected security, caused by an insecure randomness flaw when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159543](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159543>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N) \n \n**CVEID: **[CVE-2019-11272](<https://vulners.com/cve/CVE-2019-11272>) \n**DESCRIPTION: **Pivotal Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw in the PlaintextPasswordEncoder function. By using a password of \"null\", an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166568](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166568>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2018-1258](<https://vulners.com/cve/CVE-2018-1258>) \n**DESCRIPTION: **Pivotal Spring Framework Spring Security could allow a remote attacker to bypass security restrictions. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain unauthorized access to methods that should be restricted. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143314](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143314>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2018-1000613](<https://vulners.com/cve/CVE-2018-1000613>) \n**DESCRIPTION: **Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe reflection flaw in XMSS/XMSS^MT private key deserialization. By using specially-crafted private key, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148041](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148041>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2018-5382](<https://vulners.com/cve/CVE-2018-5382>) \n**DESCRIPTION: **Bouncy Castle could allow a local attacker to obtain sensitive information, caused by an error in the BKS version 1 keystore files. By utilizing an HMAC that is only 16 bits long for the MAC key size, an attacker could exploit this vulnerability using brute-force techniques to crack a BKS-V1 keystore file in seconds and gain access to the keystore contents. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/140465](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140465>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2016-1000346](<https://vulners.com/cve/CVE-2016-1000346>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could allow a remote attacker to obtain sensitive information, caused by a flaw in the other party DH public key. A remote attacker could exploit this vulnerability to reveal details via invalid keys. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151807](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151807>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2016-1000345](<https://vulners.com/cve/CVE-2016-1000345>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by an environment where timings can be easily observed. A remote attacker could exploit this vulnerability to conduct a padding oracle attack. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151808](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151808>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2016-1000344](<https://vulners.com/cve/CVE-2016-1000344>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by a flaw in the DHIES implementation. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151809](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151809>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2016-1000343](<https://vulners.com/cve/CVE-2016-1000343>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by a flaw in the DSA key pair generator. A remote attacker could exploit this vulnerability to launch further attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151810](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151810>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2016-1000342](<https://vulners.com/cve/CVE-2016-1000342>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by improper validation of ASN.1 encoding of signature in the ECDSA. A remote attacker could exploit this vulnerability to launch further attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151811](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151811>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2016-1000341](<https://vulners.com/cve/CVE-2016-1000341>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by a flaw in the DSA signature generation. A remote attacker could exploit this vulnerability to launch timing attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151812](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151812>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2018-1000180](<https://vulners.com/cve/CVE-2018-1000180>) \n**DESCRIPTION: **Bouncy Castle could provide weaker than expected security, caused by an error in the Low-level interface to RSA key pair generator. The RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/144810](<https://exchange.xforce.ibmcloud.com/vulnerabilities/144810>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2016-1000339](<https://vulners.com/cve/CVE-2016-1000339>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could allow a remote attacker to obtain sensitive information, caused by a flaw in the AESEngine. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151814](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151814>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2016-1000338](<https://vulners.com/cve/CVE-2016-1000338>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by improper validation of ASN.1 encoding of signature in the DSA. A remote attacker could exploit this vulnerability to launch further attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151815](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151815>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2015-7940](<https://vulners.com/cve/CVE-2015-7940>) \n**DESCRIPTION: **Bouncy Castle could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability using an invalid curve attack to extract private keys used in elliptic curve cryptography and obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/107739](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107739>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2013-1624](<https://vulners.com/cve/CVE-2013-1624>) \n**DESCRIPTION: **Bouncy Castle could allow a remote attacker to obtain sensitive information, caused by the exposure of timing differences during padding check verification by the CBC ciphersuite of the Transport Layer Security (TLS) implementation. An attacker could exploit this vulnerability using a timing attack to recover the original plaintext and obtain sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/81910](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81910>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n**CVEID: **[CVE-2017-13098](<https://vulners.com/cve/CVE-2017-13098>) \n**DESCRIPTION: **Bouncy Castle could allow a remote attacker to obtain sensitive information, caused by an RSA Adaptive Chosen Ciphertext (Bleichenbacher) attack. By utilizing discrepancies in TLS error messages, an attacker could exploit this vulnerability to obtain the data in the encrypted messages once the TLS session has completed. Note: This vulnerability is also known as the ROBOT attack. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/136241](<https://exchange.xforce.ibmcloud.com/vulnerabilities/136241>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2019-4689](<https://vulners.com/cve/CVE-2019-4689>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171826](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171826>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2016-6497](<https://vulners.com/cve/CVE-2016-6497>) \n**DESCRIPTION: **Apache could allow a remote attacker to execute arbitrary code on the system, caused by a LDAP entry poisoning vulnerability in main/java/org/apache/directory/groovyldap/LDAP.java. By leveraging setting returnObjFlag to true for all search methods, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/125218](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125218>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2018-10237](<https://vulners.com/cve/CVE-2018-10237>) \n**DESCRIPTION: **Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and CompoundOrdering class. By sending a specially-crafted data, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/142508](<https://exchange.xforce.ibmcloud.com/vulnerabilities/142508>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2018-1000850](<https://vulners.com/cve/CVE-2018-1000850>) \n**DESCRIPTION: **Square Retrofit could allow a remote attacker to traverse directories on the system, caused by improper input validation by the RequestBuilder class. An attacker could send a specially-crafted URL request to containing \"dot dot\" sequences (/../) to add or delete arbitrary files on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154507](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154507>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2019-4686](<https://vulners.com/cve/CVE-2019-4686>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171822](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171822>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nGDE | 3.0.0.2 \n \n## Remediation/Fixes\n\nProduct(s) | Fixed Version \n---|--- \nGDE | [4.0.0.3](<https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=9269c25b1b795410f2888739cd4bcb16> \"4.0.0.0\" ) \n \n## Workarounds and Mitigations\n\nAffected Component | Fixed Version \n---|--- \nIBM Guardium for Cloud Key Management (GCKM) | GCKM 1.7.0 \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-24T10:03:43", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1624", "CVE-2015-7940", "CVE-2016-1000338", "CVE-2016-1000339", "CVE-2016-1000341", "CVE-2016-1000342", "CVE-2016-1000343", "CVE-2016-1000344", "CVE-2016-1000345", "CVE-2016-1000346", "CVE-2016-6497", "CVE-2017-12972", "CVE-2017-12973", "CVE-2017-12974", "CVE-2017-13098", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-9735", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000850", "CVE-2018-1000873", "CVE-2018-10237", "CVE-2018-12536", "CVE-2018-1258", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-5382", "CVE-2019-0199", "CVE-2019-0221", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10241", "CVE-2019-10247", "CVE-2019-11269", "CVE-2019-11272", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-3778", "CVE-2019-3795", "CVE-2019-4686", "CVE-2019-4688", "CVE-2019-4689", "CVE-2019-4691", "CVE-2019-4694", "CVE-2019-4697", "CVE-2019-4699"], "modified": "2020-08-24T10:03:43", "id": "B236D3400A0C6106EC62C77931DC3654EEBAB6EEA563B3344ECFF477FD634E81", "href": "https://www.ibm.com/support/pages/node/6320835", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:44:47", "description": "## Summary\n\nIBM Business Process Manager is shipped as a component of IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, IBM SmartCloud Orchestrator, and IBM SmartCloud Orchestrator Enterprise.\n\n## Vulnerability Details\n\nReview the following security bulletins for IBM Business Process Manager for vulnerability details and information about fixes. \n \n\n\n * [Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server, WebSphere Dynamic Process Edition, and WebSphere Lombardi Edition](<http://www-01.ibm.com/support/docview.wss?uid=swg21986205>)\n * [IBM Security Bulletin: Cross Site Scripting vulnerability in IBM Business Process Manager (CVE-2016-5901)](<http://www-01.ibm.com/support/docview.wss?uid=swg21990852>)\n * [IBM Security Bulletin: HTML injection vulnerability in Business Space might affect IBM Business Process Manager (CVE-2016-3056)](<http://www-01.ibm.com/support/docview.wss?uid=swg21990850>)\n * [IBM Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2014-9748, CVE-2016-1669)](<http://www-01.ibm.com/support/docview.wss?uid=swg21990841>)\n * [IBM Security Bulletin: Security vulnerabilities in Apache Struts might affect IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2016-1181, CVE-2016-1182, CVE-2015-0899)](<http://www-01.ibm.com/support/docview.wss?uid=swg21990834>)\n[](<http://www-01.ibm.com/support/docview.wss?uid=swg21985316>)\n\n * [Security Bulletin: A Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (CVE-2015-0254)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985316>)\n * [Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (Java CPU April 2016)](<http://www-01.ibm.com/support/docview.wss?uid=swg21982559>)\n * [Security Bulletin: A Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (CVE-2016-0306)](<http://www-01.ibm.com/support/docview.wss?uid=swg21981008>)\n * [Security Bulletin: Multiple security vulnerabilities in Business Space affect IBM Business Process Manager and WebSphere Process Server (CVE-2015-7407, CVE-2015-7400, CVE-2015-7454)](<http://www-01.ibm.com/support/docview.wss?uid=swg21972005>)\n * [Security Bulletin: Cross-Site scripting vulnerability in IBM Business Process Manager document list control (CVE-2016-0227)](<http://www-01.ibm.com/support/docview.wss?uid=swg21978058>)\n \n\n\n * [Security Bulletin: Multiple Cross-Site scripting vulnerabilities in IBM Business Process Manager Process Portal (CVE-2015-8524)](<http://www-01.ibm.com/support/docview.wss?uid=swg21974472>) ** \n**\n * [Security Bulletin: IBM Business Process Manager authorization checks for process and task deletion are insufficient (CVE-2015-7463)](<http://www-01.ibm.com/support/docview.wss?uid=swg21973442>)\n * [Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2016-0483, CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)](<http://www-01.ibm.com/support/docview.wss?uid=swg21977021>)\n \n\n\n * [Security Bulletin: A Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (CVE-2015-7417)](<http://www.ibm.com/support/docview.wss?uid=swg21975121&myns=swgws&mynp=OCSSFTDH&mynp=OCSSFTBX&mynp=OCSSFTN5&mynp=OCSSFPRP&mynp=OCSSQH9M&mync=E&cm_sp=swgws-_-OCSSFTDH-OCSSFTBX-OCSSFTN5-OCSSFPRP-OCSSQH9M-_-E>) \n \n\n * [Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Process Designer used in IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931, CVE-2015-4872)](<http://www-01.ibm.com/support/docview.wss?uid=swg21972165>) \n \n\n * [Security Bulletin: Vulnerabilities in IBM SDK for Node.js affect IBM Business Process Manager Configuration Editor (CVE-2015-8027, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196)](<http://www-01.ibm.com/support/docview.wss?uid=swg21974459>) \n \n\n * [Security Bulletin: Vulnerability in Apache Commons affects IBM Business Process Manager (CVE-2015-7450)](<http://www.ibm.com/support/docview.wss?uid=swg21972046>) \n \n\n * [Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2015-7450, CVE-2015-2017, CVE-2015-4872, CVE-2015-4734, CVE-2015-5006)](<http://www.ibm.com/support/docview.wss?uid=swg21970332>) \n \n\n * [Security Bulletin: Multiple Cross-Site scripting vulnerabilities in IBM Business Process Manager dashboards (CVE-2015-4955)](<http://www.ibm.com/support/docview.wss?uid=swg21966010>) \n \n\n * [Security Bulletin: IBM Business Process Manager (BPM) document store is susceptible to XXE (XML External Entity) attacks. (CVE-2013-5452)](<http://www.ibm.com/support/docview.wss?uid=swg21963014>)[ \n \n](<http://www.ibm.com/support/docview.wss?uid=swg21965001>)\n * [Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2015-1932, CVE-2015-4938, CVE-2015-1946)](<http://www.ibm.com/support/docview.wss?uid=swg21965001>) \n \n\n * [Security Bulletin: Missing authorization concept for document upload and download in IBM Business Process Manager (BPM) CMIS integration (CVE-2015-1904)](<http://www.ibm.com/support/docview.wss?uid=swg21960293>) \n \n\n * [Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager and WebSphere Lombardi Edition (Java CPU July 2015 - CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931)](<http://www.ibm.com/support/docview.wss?uid=swg21962805>) \n \n\n * [Security Bulletin: Multiple security vulnerabilities in ElasticSearch might affect Process Federation Server (PFS) in IBM Business Process Manager (BPM) - CVE-2015-5531, CVE-2015-5377](<http://www.ibm.com/support/docview.wss?uid=swg21964010>)[ \n \n](<http://www.ibm.com/support/docview.wss?uid=swg21697944>)\n * [Security Bulletin: Cross-site scripting vulnerabilities in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) error handling (CVE-2015-0193)](<http://www.ibm.com/support/docview.wss?uid=swg21697944>)[ \n](<http://www.ibm.com/support/docview.wss?uid=swg21699938>)\n * [Security Bulletin: Vulnerabilities in IBM SDK for Node.js affect IBM Business Process Manager Configuration Editor (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206) \n \n](<http://www.ibm.com/support/docview.wss?uid=swg21699938>)\n * [Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2015-1885, CVE-2015-1946, CVE-2015-1927)](<http://www.ibm.com/support/docview.wss?uid=swg21699938>)[ \n \n](<http://www.ibm.com/support/docview.wss?uid=swg21903346>)\n * [Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Business Process Manager (BPM), WebSphere Process Server (WPS), and WebSphere Lombardi Edition (WLE): CVE-2015-1920](<http://www.ibm.com/support/docview.wss?uid=swg21903346>) \n \n\n * [Security Bulletin: Multiple vulnerabilities in IBM SDK Java\u2122 Technology Edition affect IBM Business Process Manager and WebSphere Lombardi Edition April 2015 CPU (CVE-2015-0488, CVE-2015-0478, CVE-2015-1916)](<http://www.ibm.com/support/docview.wss?uid=swg21959306>) \n \n\n * [Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect WebSphere Lombardi Edition and IBM Business Process Manager (CVE-2015-4000)](<http://www.ibm.com/support/docview.wss?uid=swg21959097>) \n \n\n * [Security Bulletin: Vulnerability in RC4 stream cipher affects WebSphere Lombardi Edition and IBM Business Process Manager (CVE-2015-2808)](<http://www.ibm.com/support/docview.wss?uid=swg21882624>)[ \n \n](<http://www.ibm.com/support/docview.wss?uid=swg21699935>)\n * [Security Bulletin: Multiple vulnerabilities in IBM SDK Java\u2122 Technology Edition affect IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2015-0138 CVE-2014-6593 CVE-2015-0400 CVE-2015-0410)](<http://www.ibm.com/support/docview.wss?uid=swg21699935>) \n \n\n * [Security Bulletin: Multiple vulnerabilities in IBM SDK for Java Technology Edition affect IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2014-6512, CVE-2014-6457, CVE-2014-6558, CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21692787>) \n \n\n * [Security Bulletin: Vulnerability in SSLv3 affects IBM Business Process Manager (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21689466>) \n \n\n * [Security Bulletin: TLS padding vulnerability affects IBM HTTP Server shipped with IBM Business Process Manager family products (CVE-2014-8730)](<http://www.ibm.com/support/docview.wss?uid=swg21692582>)\n * * Security Bulletin: Cross-Site Scripting vulnerabilities in Dojo affect IBM Business Process Manager (BPM), WebSphere Lombardi Edition (WLE), and WebSphere Process Server (WPS) - CVE-2014-8917\n\n## Affected Products and Versions\n\n** Principal Product and Version**\n\n| ** Affected Supporting Product and Version** \n---|--- \nIBM Cloud Orchestrator 2.5, 2.5.0.1, 2.5.0.1 Interim Fix1, 2.5.0.2 \nIBM Cloud Orchestrator Enterprise 2.5.0.1, 2.5.0.1 Interim Fix1, 2.5.0.2| IBM Business Process Manager Standard 8.5.6 \nIBM Cloud Orchestrator 2.4, 2.4.0.1, 2.4.0.2, 2.4.0.3 \n\nIBM Cloud Orchestrator Enterprise 2.4, 2.4.0.1, 2.4.0.2, 2.4.0.3\n\n| IBM Business Process Manager Standard 8.5.0.1 \nIBM SmartCloud Orchestrator 2.3 and 2.3.0.1 \n\nIBM SmartCloud Orchestrator Enterprise 2.3 and 2.3.0.1\n\n| IBM Business Process Manager Standard 8.5 \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T22:30:51", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Business Process Manager shipped with IBM Cloud Orchestrator and IBM SmartCloud Orchestrator", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5452", "CVE-2014-3566", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-6457", "CVE-2014-6512", "CVE-2014-6558", "CVE-2014-6593", "CVE-2014-8275", "CVE-2014-8730", "CVE-2014-8917", "CVE-2014-9748", "CVE-2015-0138", "CVE-2015-0193", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0254", "CVE-2015-0400", "CVE-2015-0410", "CVE-2015-0478", "CVE-2015-0488", "CVE-2015-0899", "CVE-2015-1885", "CVE-2015-1904", "CVE-2015-1916", "CVE-2015-1920", "CVE-2015-1927", "CVE-2015-1931", "CVE-2015-1932", "CVE-2015-1946", "CVE-2015-2017", "CVE-2015-2601", "CVE-2015-2613", "CVE-2015-2625", "CVE-2015-2808", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-4000", "CVE-2015-4734", "CVE-2015-4749", "CVE-2015-4872", "CVE-2015-4938", "CVE-2015-4955", "CVE-2015-5006", "CVE-2015-5377", "CVE-2015-5531", "CVE-2015-7400", "CVE-2015-7407", "CVE-2015-7417", "CVE-2015-7450", "CVE-2015-7454", "CVE-2015-7463", "CVE-2015-7575", "CVE-2015-8027", "CVE-2015-8524", "CVE-2016-0227", "CVE-2016-0306", "CVE-2016-0448", "CVE-2016-0466", "CVE-2016-0475", "CVE-2016-0483", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-1669", "CVE-2016-3056", "CVE-2016-5901"], "modified": "2018-06-17T22:30:51", "id": "104BE807C8577FF816DF414B5A588FABB581711BB54758F6F49C7CAC17CD68BE", "href": "https://www.ibm.com/support/pages/node/261377", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T21:43:51", "description": "## Summary\n\nMultiple security vulnerabilities have been identified and fixed in the IBM Security Privileged Identity Manager Appliance.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-1049](<https://vulners.com/cve/CVE-2018-1049>) \n**DESCRIPTION:** Systemd is vulnerable to a denial of service, caused by a race condition between .mount and .automount units. A remote authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138105> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-3738](<https://vulners.com/cve/CVE-2017-3738>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. An attacker could exploit this vulnerability to obtain information about the private key. Note: In order to exploit this vulnerability, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136078> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3737](<https://vulners.com/cve/CVE-2017-3737>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to bypass security restrictions, caused by a flaw in the \\\"error state\\\" mechanism when directly calling SSL_read() or SSL_write() for an SSL object after receiving a fatal error. An attacker could exploit this vulnerability to bypass the decryption or encryption process and perform unauthorized actions. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136077> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-6464](<https://vulners.com/cve/CVE-2017-6464>) \n**DESCRIPTION:** NTP is vulnerable to a denial of service. A remote authenticated attacker could exploit this vulnerability using a malformed mode configuration directive to cause the application to crash. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123610> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-6463](<https://vulners.com/cve/CVE-2017-6463>) \n**DESCRIPTION:** NTP is vulnerable to a denial of service. By sending an invalid setting, a remote authenticated attacker could exploit this vulnerability using the :config directive to cause the daemon to crash. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123612> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-6462](<https://vulners.com/cve/CVE-2017-6462>) \n**DESCRIPTION:** NTP is vulnerable to a denial of service, caused by a buffer overflow in the legacy Datum Programmable Time Server refclock driver. By sending specially crafted packets, a local authenticated attacker could exploit this vulnerability to overflow a buffer and cause a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123611> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-3639](<https://vulners.com/cve/CVE-2018-3639>) \n**DESCRIPTION:** Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by utilizing sequences of speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to bypass security restrictions and gain read access to privileged memory. Note: This vulnerability is the Speculative Store Bypass (SSB), also known as Variant 4 or \"SpectreNG\". \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143569> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-11368](<https://vulners.com/cve/CVE-2017-11368>) \n**DESCRIPTION:** MIT Kerberos 5 is vulnerable to a denial of service, caused by a KDC assertion failure. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause memory allocation failure. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130207> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-7562](<https://vulners.com/cve/CVE-2017-7562>) \n**DESCRIPTION:** MIT krb5 could allow a remote authenticated attacker to bypass security restrictions, caused by the improper validation of a forged certificate EKU and SAN. An attacker could exploit vulnerability to gain unauthorized access to the system to impersonate arbitrary principals under rare and erroneous circumstances. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143332> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2017-1000407](<https://vulners.com/cve/CVE-2017-1000407>) \n**DESCRIPTION:** Linux Kernel, built with the KVM virtualization(CONFIG_KVM) support, is vulnerable to a denial of service, caused by improper validation of user-supplied input at the diagnostic port. By flooding the diagnostic port 0x80, a remote authenticated attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136235> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-18017](<https://vulners.com/cve/CVE-2017-18017>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c. By leveraging the presence of xt_TCPMSS in an iptables action, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137122> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-15116](<https://vulners.com/cve/CVE-2017-15116>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by NULL pointer dereference in the rngapi_reset function in crypto/rng.c. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135735> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-15670](<https://vulners.com/cve/CVE-2017-15670>) \n**DESCRIPTION:** GNU C Library is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the glob function in glob.c. By sending a specially-crafted string, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133915> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2017-12132](<https://vulners.com/cve/CVE-2017-12132>) \n**DESCRIPTION:** GNU C Library (aka glibc or libc6) could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the DNS stub resolver. An attacker could exploit this vulnerability to perform off-path DNS spoofing attacks. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/129949> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2015-5180](<https://vulners.com/cve/CVE-2015-5180>) \n**DESCRIPTION:** glibc is vulnerable to a denial of service, caused by a NULL pointer dereference in the res_query function in libresolv. By using a malformed pattern, a remote attacker could cause the process to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130620> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1000199](<https://vulners.com/cve/CVE-2018-1000199>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a ptrace() error handling flaw. By invoking the modify_user_hw_breakpoint() function, a local attacker could exploit this vulnerability to cause the kernel to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142654> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-8897](<https://vulners.com/cve/CVE-2018-8897>) \n**DESCRIPTION:** Multiple operating systems could allow a local authenticated attacker to gain elevated privileges on the system, caused by developer interpretation of hardware debug exception documentation for the MOV to SS and POP SS instructions. An attacker could exploit this vulnerability using operating system APIs to obtain sensitive memory information or control low-level operating system functions and other unexpected behavior. \nCVSS Base Score: 7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142242> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1091](<https://vulners.com/cve/CVE-2018-1091>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a missing processor feature check in the flush_tmregs_to_thread function. A local attacker could exploit this vulnerability to cause the guest kernel to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140892> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1087](<https://vulners.com/cve/CVE-2018-1087>) \n**DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the improper handling of exceptions delivered after a stack switch operation using the MOV to SS and POP SS instructions by the KVM hypervisor. An attacker could exploit this vulnerability to gain elevated privileges or cause the guest to crash. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142976> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1068](<https://vulners.com/cve/CVE-2018-1068>) \n**DESCRIPTION:** Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error in the implementation of 32 bit syscall interface. An attacker could exploit this vulnerability to gain root privileges on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140403> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-16939](<https://vulners.com/cve/CVE-2017-16939>) \n**DESCRIPTION:** Linux Kernel could allow a remote attacker to gain elevated privileges on the system, caused by an use-after-free in the Netlink socket subsystem XFRM. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain privileges. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135317> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1113](<https://vulners.com/cve/CVE-2018-1113>) \n**DESCRIPTION:** Setup Project could allow a remote attacker to bypass security restrictions, caused by an issue with adding /sbin/nologin and /usr/sbin/nologin to /etc/shells. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147843> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-0494](<https://vulners.com/cve/CVE-2018-0494>) \n**DESCRIPTION:** GNU Wget could allow a remote attacker to bypass security restrictions, caused by the failure to properly process Set-Cookie responses. By sending a specially-crafted Set-Cookie -header request, an attacker could exploit this vulnerability to inject arbitrary cookies into the cookie jar file and set and modify cookies on the target system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142899> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2017-1000050](<https://vulners.com/cve/CVE-2017-1000050>) \n**DESCRIPTION:** JasPer is vulnerable to a denial of service, caused by a NULL pointer exception in the jp2_encode function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130253> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2016-9396](<https://vulners.com/cve/CVE-2016-9396>) \n**DESCRIPTION:** JasPer is vulnerable to a denial of service, caused by an error in the JPC_NOMINALGAIN function in jpc_t1cod.c. By using unspecified vectors, an attacker could exploit this vulnerability to trigger an assertion failure. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123690> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1061](<https://vulners.com/cve/CVE-2018-1061>) \n**DESCRIPTION:** Python is vulnerable to a denial of service, caused by catastrophic backtracking in the difflib.IS_LINE_JUNK method. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145115> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1060](<https://vulners.com/cve/CVE-2018-1060>) \n**DESCRIPTION:** Python is vulnerable to a denial of service, caused by catastrophic backtracking in the pop3lib''s apop() method. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145116> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-10846](<https://vulners.com/cve/CVE-2018-10846>) \n**DESCRIPTION:** GnuTLS could allow a local authenticated attacker to obtain sensitive information, caused by a cache-based side channel issue. By using a combination of Just in Time Prime+probe attack in combination with Lucky-13 attack, a remote attacker could exploit this vulnerability to recover plain text and obtain information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148725> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-10845](<https://vulners.com/cve/CVE-2018-10845>) \n**DESCRIPTION:** GnuTLS could allow a remote attacker to obtain sensitive information, caused by a flaw in the implementation of HMAC-SHA-384. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to obtain information. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148730> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-10844](<https://vulners.com/cve/CVE-2018-10844>) \n**DESCRIPTION:** GnuTLS could allow a remote attacker to obtain sensitive information, caused by a flaw in the implementation of HMAC-SHA-256. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to obtain information. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148731> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-5730](<https://vulners.com/cve/CVE-2018-5730>) \n**DESCRIPTION:** MIT krb5 could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the LDAP Kerberos database. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass DN container check. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-5729](<https://vulners.com/cve/CVE-2018-5729>) \n**DESCRIPTION:** MIT krb5 is vulnerable to a denial of service, caused by a NULL pointer dereference in the LDAP Kerberos database. By sending specially-crafted data, a remote authenticated attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139969> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-5391](<https://vulners.com/cve/CVE-2018-5391>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the reassembly of fragmented IPv4 and IPv6 packets by the IP implementation. By sending specially crafted IP fragments with random offsets, a remote attacker could exploit this vulnerability to exhaust all available CPU resources and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148388> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-15688](<https://vulners.com/cve/CVE-2018-15688>) \n**DESCRIPTION:** systemd is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the dhcp6 client. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152041> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-1618](<https://vulners.com/cve/CVE-2018-1618>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144343> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1640](<https://vulners.com/cve/CVE-2018-1640>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144580> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1680](<https://vulners.com/cve/CVE-2018-1680>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145236> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1680](<https://vulners.com/cve/CVE-2018-1680>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145236> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1622](<https://vulners.com/cve/CVE-2018-1622>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144348> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-1623](<https://vulners.com/cve/CVE-2018-1623>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance allows web pages to be stored locally which can be read by another user on the system. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144408> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-1626](<https://vulners.com/cve/CVE-2018-1626>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144411> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-1625](<https://vulners.com/cve/CVE-2018-1625>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144410> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-5725](<https://vulners.com/cve/CVE-2016-5725>) \n**DESCRIPTION:** JSch could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to the implementation for recursive sftp-get containing \"dot dot\" sequences (/../) to download the malicious files outside the client download base directory. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117122> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\n#### CVE Information: (copy/paste-able; will update after page submission. Provided by system to make it easy to cut and paste data.)\n\n**CVEID:** [CVE-2016-1182](<https://vulners.com/cve/CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly properly restrict the Validator configuration bin ActionServlet.java. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113853> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2016-1181](<https://vulners.com/cve/CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113852> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [CVE-2015-0899](<https://vulners.com/cve/CVE-2015-0899>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system. This vulnerability also affects other products. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101770> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1428](<https://vulners.com/cve/CVE-2018-1428>) \n**DESCRIPTION:** IBM GSKit uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139073> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1427](<https://vulners.com/cve/CVE-2018-1427>) \n**DESCRIPTION:** IBM GSKit contains several enviornment variables that a local attacker could overflow and cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139072> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1426](<https://vulners.com/cve/CVE-2018-1426>) \n**DESCRIPTION:** IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139071> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-1567](<https://vulners.com/cve/CVE-2018-1567>) \n**DESCRIPTION:** IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143024> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1719](<https://vulners.com/cve/CVE-2018-1719>) \n**DESCRIPTION:** IBM WebSphere Application Server could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit this vulnerability to perform man-in-the-middle attacks. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147292> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2014-7810](<https://vulners.com/cve/CVE-2014-7810>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of expression language. An attacker could exploit this vulnerability to bypass the protections of a Security Manager. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103155> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2018-1794](<https://vulners.com/cve/CVE-2018-1794>) \n**DESCRIPTION:** IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148949> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-1767](<https://vulners.com/cve/CVE-2018-1767>) \n**DESCRIPTION:** IBM WebSphere Application Server Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148621> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-1901](<https://vulners.com/cve/CVE-2018-1901>) \n**DESCRIPTION:** IBM WebSphere Application Server could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-1904](<https://vulners.com/cve/CVE-2018-1904>) \n**DESCRIPTION:** IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152533> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>)\n\n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2641](<https://vulners.com/cve/CVE-2018-2641>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137893> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment''s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2973](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-1517](<https://vulners.com/cve/CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-2964](<https://vulners.com/cve/CVE-2018-2964>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146827> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict the use of Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations to only the process owner. An attacker could exploit this vulnerability to execute untrusted native code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148389> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Security Privileged Identity Manager 2.1.1\n\n## Remediation/Fixes\n\nProduct | VRMF | Remediation/First Fix \n---|---|--- \nIBM Security Privileged Identity Manager | 2.1.1 | [2.1.1-ISS-ISPIM-VA-FP0002](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.1.1&platform=All&function=fixId&fixids=2.1.1-ISS-ISPIM-VA-FP0002&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-09-17T15:34:01", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114", "CVE-2014-7810", "CVE-2015-0899", "CVE-2015-5180", "CVE-2016-0701", "CVE-2016-0705", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-5725", "CVE-2016-9396", "CVE-2017-1000050", "CVE-2017-1000407", "CVE-2017-11368", "CVE-2017-12132", "CVE-2017-15116", "CVE-2017-15670", "CVE-2017-16939", "CVE-2017-18017", "CVE-2017-3732", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464", "CVE-2017-7562", "CVE-2018-0494", "CVE-2018-1000199", "CVE-2018-1049", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-1068", "CVE-2018-10844", "CVE-2018-10845", "CVE-2018-10846", "CVE-2018-1087", "CVE-2018-1091", "CVE-2018-1113", "CVE-2018-12539", "CVE-2018-13785", "CVE-2018-1426", "CVE-2018-1427", "CVE-2018-1428", "CVE-2018-1517", "CVE-2018-1567", "CVE-2018-15688", "CVE-2018-1618", "CVE-2018-1622", "CVE-2018-1623", "CVE-2018-1625", "CVE-2018-1626", "CVE-2018-1640", "CVE-2018-1656", "CVE-2018-1680", "CVE-2018-1719", "CVE-2018-1767", "CVE-2018-1794", "CVE-2018-1901", "CVE-2018-1904", "CVE-2018-2641", "CVE-2018-2677", "CVE-2018-2783", "CVE-2018-2964", "CVE-2018-2973", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214", "CVE-2018-3639", "CVE-2018-5391", "CVE-2018-5729", "CVE-2018-5730", "CVE-2018-8897"], "modified": "2019-09-17T15:34:01", "id": "3E3AF8AC7BA63076BEE8FFB670B3A3F27E0903C83526E54496E50EB2DF74B875", "href": "https://www.ibm.com/support/pages/node/879093", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-08T01:42:45", "description": "## Summary\n\nMultiple vulnerabilities found in 3rd party software used by IBM Integration Designer. IBM Integration Designer has addressed the multiple CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-36181](<https://vulners.com/cve/CVE-2020-36181>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194376](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194376>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-35491](<https://vulners.com/cve/CVE-2020-35491>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193394](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193394>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-16335](<https://vulners.com/cve/CVE-2019-16335>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue in com.zaxxer.hikari.HikariDataSource. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167205](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167205>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-36189](<https://vulners.com/cve/CVE-2020-36189>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194384](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194384>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-17267](<https://vulners.com/cve/CVE-2019-17267>) \n** DESCRIPTION: **FasterXML jackson-databind could provide weaker than expected security, caused by a polymorphic typing issue in the net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168514](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168514>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-12384](<https://vulners.com/cve/CVE-2019-12384>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block the logback-core class from polymorphic deserialization. By sending a specially-crafted JSON message, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162849](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162849>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-42004](<https://vulners.com/cve/CVE-2022-42004>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer._deserializeFromArray function. By sending a specially-crafted request using deeply nested arrays, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-12814](<https://vulners.com/cve/CVE-2019-12814>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue. By sending a specially-crafted JSON message, an attacker could exploit this vulnerability to read arbitrary local files on the server. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-16942](<https://vulners.com/cve/CVE-2019-16942>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a polymorphic typing issue in the commons-dbcp class. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-19362](<https://vulners.com/cve/CVE-2018-19362>) \n** DESCRIPTION: **An unspecified error with failure to block the jboss-common-core class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155093](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155093>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-11112](<https://vulners.com/cve/CVE-2020-11112>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178902](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178902>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9546](<https://vulners.com/cve/CVE-2020-9546>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the mishandling of interaction between serialization gadgets and typing in org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177102](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177102>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10672](<https://vulners.com/cve/CVE-2020-10672>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178104](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178104>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-19360](<https://vulners.com/cve/CVE-2018-19360>) \n** DESCRIPTION: **An unspecified error with failure to block the axis2-transport-jms class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155091](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155091>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14060](<https://vulners.com/cve/CVE-2020-14060>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183422](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183422>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9547](<https://vulners.com/cve/CVE-2020-9547>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the mishandling of interaction between serialization gadgets and typing in com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14195](<https://vulners.com/cve/CVE-2020-14195>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in rg.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183495](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183495>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-20190](<https://vulners.com/cve/CVE-2021-20190>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to a class(es) of JDK Swing. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195243](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195243>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14062](<https://vulners.com/cve/CVE-2020-14062>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-20330](<https://vulners.com/cve/CVE-2019-20330>) \n** DESCRIPTION: **A lacking of certain net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173897](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173897>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-14893](<https://vulners.com/cve/CVE-2019-14893>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization when using the xalan JNDI gadget. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177108](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177108>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-14719](<https://vulners.com/cve/CVE-2018-14719>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155138](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155138>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-36188](<https://vulners.com/cve/CVE-2020-36188>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194383](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194383>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-36180](<https://vulners.com/cve/CVE-2020-36180>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194375](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194375>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-17531](<https://vulners.com/cve/CVE-2019-17531>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a polymorphic typing issue when Default Typing is enabled. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169073](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169073>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-25649](<https://vulners.com/cve/CVE-2020-25649>) \n** DESCRIPTION: **FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly. A remote attacker could exploit this vulnerability to launch XML external entity (XXE) attacks to have impact over data integrity. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192648](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192648>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2018-12022](<https://vulners.com/cve/CVE-2018-12022>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when the Default Typing is enabled. By sending a specially-crafted request in LDAP service, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-14540](<https://vulners.com/cve/CVE-2019-14540>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue in com.zaxxer.hikari.HikariConfig. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-36184](<https://vulners.com/cve/CVE-2020-36184>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194379](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194379>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-36518](<https://vulners.com/cve/CVE-2020-36518>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36183](<https://vulners.com/cve/CVE-2020-36183>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194378](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194378>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-36182](<https://vulners.com/cve/CVE-2020-36182>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194377](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194377>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-35728](<https://vulners.com/cve/CVE-2020-35728>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193843](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193843>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-14439](<https://vulners.com/cve/CVE-2019-14439>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue when Default Typing is enabled. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164744>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-11620](<https://vulners.com/cve/CVE-2020-11620>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.commons.jelly.impl.Embedded (aka commons-jelly). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179431](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179431>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-35490](<https://vulners.com/cve/CVE-2020-35490>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193391](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193391>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-8840](<https://vulners.com/cve/CVE-2020-8840>) \n** DESCRIPTION: **Multiple Huawei products could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data without proper validation. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-36179](<https://vulners.com/cve/CVE-2020-36179>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194374](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194374>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10968](<https://vulners.com/cve/CVE-2020-10968>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178544](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178544>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-16943](<https://vulners.com/cve/CVE-2019-16943>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a polymorphic typing issue in the p6spy class. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168255](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168255>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-36187](<https://vulners.com/cve/CVE-2020-36187>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194382](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194382>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-12023](<https://vulners.com/cve/CVE-2018-12023>) \n** DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10969](<https://vulners.com/cve/CVE-2020-10969>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in javax.swing.JEditorPane. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178546](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178546>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10650](<https://vulners.com/cve/CVE-2020-10650>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the unsafe deserialization of data when handling interactions related to the class ignite-jta. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234219](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234219>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11619](<https://vulners.com/cve/CVE-2020-11619>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179430](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179430>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-11307](<https://vulners.com/cve/CVE-2018-11307>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by an issue when untrusted content is deserialized with default typing enabled. By sending specially-crafted content over FTP, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163528](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163528>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-11111](<https://vulners.com/cve/CVE-2020-11111>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178901](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178901>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-24750](<https://vulners.com/cve/CVE-2020-24750>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188470](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188470>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11113](<https://vulners.com/cve/CVE-2020-11113>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-14892](<https://vulners.com/cve/CVE-2019-14892>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization when using commons-configuration 1 and 2 JNDI classes. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177106](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177106>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-14718](<https://vulners.com/cve/CVE-2018-14718>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block the slf4j-ext class from polymorphic deserialization. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155139](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155139>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-19361](<https://vulners.com/cve/CVE-2018-19361>) \n** DESCRIPTION: **An unspecified error with failure to block the openjpa class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155092](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155092>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-24616](<https://vulners.com/cve/CVE-2020-24616>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187229](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187229>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-14379](<https://vulners.com/cve/CVE-2019-14379>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the SubTypeValidator.java. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165286](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165286>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10673](<https://vulners.com/cve/CVE-2020-10673>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in com.caucho.config.types.ResourceRef (aka caucho-quercus). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178107](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178107>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-10202](<https://vulners.com/cve/CVE-2019-10202>) \n** DESCRIPTION: **Red Hat JBoss Enterprise Application Platform (EAP) could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization in Codehaus. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168251](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168251>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14061](<https://vulners.com/cve/CVE-2020-14061>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183424](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183424>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9548](<https://vulners.com/cve/CVE-2020-9548>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the mishandling of interaction between serialization gadgets and typing in br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177104](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177104>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-42003](<https://vulners.com/cve/CVE-2022-42003>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. By sending a specially-crafted request using deep wrapper array nesting, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-12086](<https://vulners.com/cve/CVE-2019-12086>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a Polymorphic Typing issue that occurs due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. By sending a specially-crafted JSON message, a remote attacker could exploit this vulnerability to read arbitrary local files on the server. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161256](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161256>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-14720](<https://vulners.com/cve/CVE-2018-14720>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by JDK classes. By sending a specially-crafted XML data. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155137](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155137>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-36185](<https://vulners.com/cve/CVE-2020-36185>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194380](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194380>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-14721](<https://vulners.com/cve/CVE-2018-14721>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to server-side request forgery, caused by the failure to block the axis2-jaxws class from polymorphic deserialization. A remote authenticated attacker could exploit this vulnerability to obtain sensitive data. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155136](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155136>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-36186](<https://vulners.com/cve/CVE-2020-36186>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194381](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194381>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2009-1190](<https://vulners.com/cve/CVE-2009-1190>) \n** DESCRIPTION: **Spring Framework is vulnerable to a denial of service, caused by the improper handling of serialized data. A remote attacker could exploit this vulnerability using regular expression strings containing an overly large amount of optional groups to consume all available CPU resources, resulting in a denial of service. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/50083](<https://exchange.xforce.ibmcloud.com/vulnerabilities/50083>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2021-22096](<https://vulners.com/cve/CVE-2021-22096>) \n** DESCRIPTION: **VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a specially-crafted input, an attacker could exploit this vulnerability to cause the insertion of additional log entries. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212430](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212430>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-42920](<https://vulners.com/cve/CVE-2022-42920>) \n** DESCRIPTION: **Apache Commons BCEL could allow a remote attacker to bypass security restrictions, caused by an out-of-bounds write flaw in the APIs. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain control over the resulting bytecode than otherwise expected. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239562](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239562>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-38751](<https://vulners.com/cve/CVE-2022-38751>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235311](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235311>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-38749](<https://vulners.com/cve/CVE-2022-38749>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-25857](<https://vulners.com/cve/CVE-2022-25857>) \n** DESCRIPTION: **Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234864](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234864>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-18640](<https://vulners.com/cve/CVE-2017-18640>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by an entity expansion in Alias feature during a load operation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174331](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174331>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-38750](<https://vulners.com/cve/CVE-2022-38750>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235312](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235312>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-38752](<https://vulners.com/cve/CVE-2022-38752>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2013-2186](<https://vulners.com/cve/CVE-2013-2186>) \n** DESCRIPTION: **Apache commons-fileupload could allow a remote attacker to overwrite arbitrary files on the system, caused by a NULL byte in the implementation of the DiskFileItem class. By sending a serialized instance of the DiskFileItem class, an attacker could exploit this vulnerability to write or overwrite arbitrary files on the system. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/88133](<https://exchange.xforce.ibmcloud.com/vulnerabilities/88133>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P) \n \n** CVEID: **[CVE-2013-0248](<https://vulners.com/cve/CVE-2013-0248>) \n** DESCRIPTION: **Apache Commons FileUpload could allow a local attacker to launch a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/82618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/82618>) for the current score. \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P) \n \n** CVEID: **[CVE-2016-3092](<https://vulners.com/cve/CVE-2016-3092>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114336](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114336>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2014-0050](<https://vulners.com/cve/CVE-2014-0050>) \n** DESCRIPTION: **Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/90987](<https://exchange.xforce.ibmcloud.com/vulnerabilities/90987>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2022-41854](<https://vulners.com/cve/CVE-2022-41854>) \n** DESCRIPTION: **snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240890](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240890>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29425](<https://vulners.com/cve/CVE-2021-29425>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2016-1181](<https://vulners.com/cve/CVE-2016-1181>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/113852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2015-0899](<https://vulners.com/cve/CVE-2015-0899>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system. This vulnerability also affects other products. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/101770](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101770>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2016-1182](<https://vulners.com/cve/CVE-2016-1182>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly properly restrict the Validator configuration bin ActionServlet.java. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/113853](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2008-2025](<https://vulners.com/cve/CVE-2008-2025>) \n** DESCRIPTION: **Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/49712](<https://exchange.xforce.ibmcloud.com/vulnerabilities/49712>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2006-1546](<https://vulners.com/cve/CVE-2006-1546>) \n** DESCRIPTION: **Struts could allow a remote attacker to bypass security restrictions. If an attacker sends a request with a \"org.apache.struts.taglib.html.Constants.CANCEL\" parameter, the attacker could cause validation to be canceled without being detected by Struts applications that do not check for isCancelled(). This could allow the attacker to bypass security restrictions and gain unauthorized access to restricted content. \nCVSS Base score: 7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/25612](<https://exchange.xforce.ibmcloud.com/vulnerabilities/25612>) for the current score. \nCVSS Vector: \n \n** CVEID: **[CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92889](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2006-1548](<https://vulners.com/cve/CVE-2006-1548>) \n** DESCRIPTION: **Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the LookupDispatchAction when no matching entry is in the lookupMap module. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site, allowing the attacker to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 2.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/25614](<https://exchange.xforce.ibmcloud.com/vulnerabilities/25614>) for the current score. \nCVSS Vector: \n \n** CVEID: **[CVE-2006-1547](<https://vulners.com/cve/CVE-2006-1547>) \n** DESCRIPTION: **Struts is vulnerable to a denial of service caused by improper handling of multipart/form-data encoded forms with a parameter that references the getMultipartRequestHandler() method. An attacker could exploit this vulnerability to cause the affected Web application to crash or possibly gain access to sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/25613](<https://exchange.xforce.ibmcloud.com/vulnerabilities/25613>) for the current score. \nCVSS Vector: \n \n** CVEID: **[CVE-2005-3745](<https://vulners.com/cve/CVE-2005-3745>) \n** DESCRIPTION: **Struts is vulnerable to cross-site scripting, caused by improper validation of error output by the Struts request handler. A remote attacker could embed malicious script within a request for an invalid Struts action URL, which would be executed in the victim's Web browser within the security context of the hosting site, once the link is clicked and an error page is returned. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials and possibly launch further attacks against the affected server. \nCVSS Base score: 2.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/23173](<https://exchange.xforce.ibmcloud.com/vulnerabilities/23173>) for the current score. \nCVSS Vector: \n \n** CVEID: **[CVE-2022-1471](<https://vulners.com/cve/CVE-2022-1471>) \n** DESCRIPTION: **SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class. By using a specially-crafted yaml content, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241118](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241118>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L) \n \n** CVEID: **[CVE-2019-10086](<https://vulners.com/cve/CVE-2019-10086>) \n** DESCRIPTION: **Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** IBM X-Force ID: **217968 \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by an error when using JDK serialization to serialize and deserialize JsonNode values. By sending a specially crafted request, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/217968 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217968>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** IBM X-Force ID: **220723 \n** DESCRIPTION: **Apache Commons Fileupload could allow a remote attacker to obtain sensitive information, caused by a resource leak flaw in the FileUploadBase class. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/220723 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220723>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Integration Designer| 22.0.2 \nIBM Integration Designer| 22.0.1 \nIBM Integration Designer| 21.0.3 \nIBM Integration Designer| 20.0.0.2 \n \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading\n\n[IBM Integration Designer 22.0.2](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=22.0.2-WS-IID-IFDT180034&source=SAR> \"IBM Integration Designer 22.0.2\" )\n\n[IBM Integration Designer 22.0.1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=22.0.1-WS-IID-IFDT180034&source=SAR> \"IBM Integration Designer 22.0.1\" )\n\n[IBM Integration Designer 21.0.3](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=21.0.3-WS-IID-IFDT180034&source=SAR> \"IBM Integration Designer 21.0.3\" )\n\n[IBM Integration Designer 20.0.0.2](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=20.0.0.2-WS-IID-IFDT180034&source=SAR> \"IBM Integration Designer 20.0.0.2\" )\n\n## Workarounds and Mitigations\n\nNone \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-02-01T19:40:57", "type": "ibm", "title": "Security Bulletin: Multiple CVEs affect IBM Integration Designer", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3745", "CVE-2006-1546", "CVE-2006-1547", "CVE-2006-1548", "CVE-2008-2025", "CVE-2009-1190", "CVE-2013-0248", "CVE-2013-2186", "CVE-2014-0050", "CVE-2014-0114", "CVE-2015-0899", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-3092", "CVE-2017-18640", "CVE-2018-11307", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2019-10086", "CVE-2019-10202", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-14892", "CVE-2019-14893", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17267", "CVE-2019-17531", "CVE-2019-20330", "CVE-2020-10650", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14062", "CVE-2020-14195", "CVE-2020-24616", "CVE-2020-24750", "CVE-2020-25649", "CVE-2020-35490", "CVE-2020-35491", "CVE-2020-35728", "CVE-2020-36179", "CVE-2020-36180", "CVE-2020-36181", "CVE-2020-36182", "CVE-2020-36183", "CVE-2020-36184", "CVE-2020-36185", "CVE-2020-36186", "CVE-2020-36187", "CVE-2020-36188", "CVE-2020-36189", "CVE-2020-36518", "CVE-2020-8840", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548", "CVE-2021-20190", "CVE-2021-22096", "CVE-2021-29425", "CVE-2022-1471", "CVE-2022-25857", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-38752", "CVE-2022-41854", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42920"], "modified": "2023-02-01T19:40:57", "id": "35774A12657731256610BEB1ACB2AE99C105060354AA560F82DED28AE65A8B24", "href": "https://www.ibm.com/support/pages/node/6910171", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-12-30T21:44:48", "description": "## Problem\n\nCognos Analytics and Cognos Business Intelligence Security Bulletins and Alerts.\n\n## Resolving The Problem\n\n## Tab navigation\n\n * CA 11.0.x\n * BI 10.2.2\n * BI 10.2.1\n * BI 10.2\n\nSecurity bulletins and Alerts for Cognos Analytics 11.0.x. \n--- \n**Published / Updated** | **Title** \nJanuary 2018 | [Cognos Analytics is affected by multiple vulnerabilities](<http://www.ibm.com/support/docview.wss?uid=swg22011561>) \nJanuary 2018 | [Cognos Analytics\u306eLibxml2\u8106\u5f31\u6027\u306b\u3064\u3044\u3066](<http://www.ibm.com/support/docview.wss?uid=swg22012361>) \nJanuary 2018 | [Cognos Analytics is affected by multiple vulnerabilities](<http://www.ibm.com/support/docview.wss?uid=swg22011810>) \nSeptember 2017 | [Cognos Analytics is affected by multiple vulnerabilities](<http://www.ibm.com/support/docview.wss?uid=swg22007242>) \nAugust 2017 | [Cognos Analytics \u306f\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0(XSS)\u306e\u8106\u5f31\u6027\u306e\u5f71\u97ff\u3092\u53d7\u3051\u307e\u3059](<http://www.ibm.com/support/docview.wss?uid=swg22007549>) \nJuly 2017 | [Cognos Analytics is not affected by the Apache Xalan-Java vulnerability (CVE-2014-0107)](<http://www-01.ibm.com/support/docview.wss?uid=swg22005943>) \nJune 2017 | [Cognos Analytics is affected by a Cross-Site Scripting (XSS) vulnerability](<http://www-01.ibm.com/support/docview.wss?uid=swg22004980>) \nMay 2017 | [Cognos Analytics is NOT AFFECTED by the OpenSource Bouncy Castle Vulnerability (CVE-2015-7940)](<http://www-01.ibm.com/support/docview.wss?uid=swg22003427>) \nMay 2017 | [Cognos Analytics is affected by CVE-2016-0398](<http://www-01.ibm.com/support/docview.wss?uid=swg21977070>) \nMay 2017 | [Cognos Analytics is affected by multiple vulnerabilities](<http://www-01.ibm.com/support/docview.wss?uid=swg22000095>) \nApril 2017 | [Cross Site Scripting (XSS) vulnerability affects Cognos Analytics](<http://www-01.ibm.com/support/docview.wss?uid=swg21999791>) \nMarch 2017 | [Cognos Analytics is affected by multiple vulnerabilities](<http://www-01.ibm.com/support/docview.wss?uid=swg21998887>) \nMarch 2017 | [Privilege Escalation vulnerability affects Cognos Analytics (CVE-2016-8960)](<http://www-01.ibm.com/support/docview.wss?uid=swg21993720>) \nJanuary 2017 | [A vulnerability in the GSKit component of Cognos Analytics (CVE-2016-0201)](<http://www-01.ibm.com/support/docview.wss?uid=swg21975045>) \nJanuary 2017 | [Cognos Analytics is affected by multiple vulnerabilities](<http://www-01.ibm.com/support/docview.wss?uid=swg21996417>) \n \nSecurity bulletins and Alerts for Cognos Busines Intelligence 10.2.2. \n--- \n**Published / Updated**| **Title** \nJuly 2018| [IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities](<http://www.ibm.com/support/docview.wss?uid=ibm10715641>) \nApril 2018| [Cognos Metrics Manager 2018 Q1 Security Update](<http://www.ibm.com/support/docview.wss?uid=swg22014720>) \nDecember 2017| [Multiple vulnerabilities in Libxml2 affect Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22011764>) \nDecember 2017| [Cognos Business Intelligence Server 2017Q4 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg22007952>) \nOctober 2017| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22009441>) \nOctober 2017| [A vulnerability in the Apache Xerces-C XML Parser affects Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22009438>) \nOctober 2017| [Cognos Business Intelligence Server 2017Q3 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg22009259>) \nOctober 2017| [A vulnerability in the libpng library affects Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22004076>) \nOctober 2017| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22004070>) \nJune 2017| [Cognos Business Intelligence Server 2017Q2 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg22004036>) \nMay 2017| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22004078>) \nMay 2017| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22004077>) \nMay 2017| [A vulnerability in the GSKit library affects Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22004075>) \nMay 2017| [Multiple vulnerabilities in OpenSSL affect Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22004074>) \nMay 2017| [Cognos Business Intelligence is NOT AFFECTED by the OpenSource Bouncy Castle Vulnerability (CVE-2015-7940)](<http://www.ibm.com/support/docview.wss?uid=swg22003426>) \nApril 2017| [Vulnerability in IBM WebSphere Application Server affects Cognos Metrics Manager (CVE-2015-2017)](<http://www.ibm.com/support/docview.wss?uid=swg21976798>) \nApril 2017| [Multiple vulnerabilities in Apache HttpComponents affect Cognos Metrics Manager (CVE-2012-6153, CVE-2014-3577)](<http://www.ibm.com/support/docview.wss?uid=swg21970193>) \nMarch 2017| [Multiple vulnerabilities in Apache Tomcat affect Cognos Metrics Manager (CVE-2016-0762, CVE-2016-6816)](<http://www.ibm.com/support/docview.wss?uid=swg21999723>) \nMarch 2017| [A vulnerability in IBM Websphere Application Server affects Cognos Metrics Manager (CVE-2016-5983)](<http://www.ibm.com/support/docview.wss?uid=swg21999722>) \nMarch 2017| [Cognos Business Intelligence Server 2017Q1 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21999671>) \nMarch 2017| [Privilege Escalation vulnerability affects Cognos Business Intelligence (CVE-2016-8960)](<http://www.ibm.com/support/docview.wss?uid=swg21993718>) \nJanuary 2017| [Cognos Business Intelligence is affected by a vulnerability](<http://www.ibm.com/support/docview.wss?uid=swg21996809>) \nJanuary 2017| [Cognos Business Intelligence Server 2016Q4 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21995691>) \nJanuary 2017| [A vulnerability in IBM Java Runtime affects Cognos Metrics Manager (CVE-2016-3485)](<http://www.ibm.com/support/docview.wss?uid=swg21995206>) \nJanuary 2017| [Multiple vulnerabilities in libxml2 affect Cognos Metrics Manager (CVE-2016-3705, CVE-2016-4447, CVE-2016-4448)](<http://www.ibm.com/support/docview.wss?uid=swg21995198>) \nJanuary 2017| [Vulnerabilities in OpenSSL affect Cognos Metrics Manager (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-6306 CVE-2016-2181 CVE-2016-2183)](<http://www.ibm.com/support/docview.wss?uid=swg21993856>) \nJanuary 2017| [Cognos Business Intelligence Server 2016Q2 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21984323>) \nOctober 2016| [Cognos Business Intelligence Server 2016Q1 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21979767>) \nJuly 2016| [A vulnerability in the Apache Xerces-C XML parser affects Cognos Metrics Manager (CVE-2016-0729)](<http://www.ibm.com/support/docview.wss?uid=swg21986259>) \nJuly 2016| [A vulnerability in IBM Java Runtime affects Cognos Metrics Manager (CVE-2016-3427)](<http://www.ibm.com/support/docview.wss?uid=swg21985522>) \nJuly 2016| [A vulnerability in Apache Tomcat affects Cognos Metrics Manager (CVE-2015-5345)](<http://www.ibm.com/support/docview.wss?uid=swg21982821>) \nJuly 2016| [A vulnerability in OpenSSL affects Cognos Metrics Manager (CVE-2016-2106, CVE-2016-2107, CVE-2016-2108)](<http://www.ibm.com/support/docview.wss?uid=swg21977114>) \nMay 2016| [Cognos Business Intelligence Server is affected by CVE-2016-0398](<http://www.ibm.com/support/docview.wss?uid=swg21983247>) \nMay 2016| [Multiple vulnerabilities in libxml2 affect Cognos Metrics Manager (CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8035, CVE-2015-8241, CVE-2015-8317)](<http://www.ibm.com/support/docview.wss?uid=swg21977221>) \nMay 2016| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager (CVE-2016-0448, CVE-2016-0466)](<http://www.ibm.com/support/docview.wss?uid=swg21977134>) \nMarch 2016| [Multiple vulnerabilities in libpng affect Cognos Metrics Manager (CVE-2015-8126, CVE-2015-8472, CVE-2015-8540)](<http://www.ibm.com/support/docview.wss?uid=swg21976924>) \nFebruary 2016| [Several vulnerabilities in the libpng component of Cognos Business Intelligence Server (CVE-2015-8126, CVE-2015-8472, CVE-2015-8540)](<http://www.ibm.com/support/docview.wss?uid=swg21977053>) \nJanuary 2016| [A vulnerability in the GSKit component of Cognos Business Intelligence Server (CVE-2016-0201)](<http://www.ibm.com/support/docview.wss?uid=swg21975044>) \nJanuary 2016| [A vulnerability in the GSKit component of Cognos Metrics Manager (CVE-2016-0201)](<http://www.ibm.com/support/docview.wss?uid=swg21974810>) \nNovember 2015| [A vulnerability in IBM Java Runtime affects Cognos Metrics Manager (CVE-2015-4872)](<http://www.ibm.com/support/docview.wss?uid=swg21971753>) \nNovember 2015| [Vulnerability in Apache Commons affects Cognos Metrics Manager (CVE-2015-7450)](<http://www.ibm.com/support/docview.wss?uid=swg21971382>) \nNovember 2015| [Cognos Business Intelligence Server 2015Q4 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21959874>) \nAugust 2015| [Cognos Business Intelligence Sever 2015Q3 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21963468>) \nAugust 2015| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager (CVE-2015-2625, CVE-2015-4748, CVE-2015-4749)](<http://www.ibm.com/support/docview.wss?uid=swg21963263>) \nAugust 2015| [Vulnerability in Tomcat affects Cognos Metrics Manager (CVE-2014-0230)](<http://www.ibm.com/support/docview.wss?uid=swg21962903>) \nAugust 2015| [Vulnerabilities in OpenSSL affect Cognos Metrics Manager (CVE-2015-1789, CVE-2015-1790, CVE-2015-1792)](<http://www.ibm.com/support/docview.wss?uid=swg21962686>) \nAugust 2015| [Vulnerability in RC4 stream cipher affects Cognos Business Intelligence Server (CVE-2015-2808)](<http://www.ibm.com/support/docview.wss?uid=swg21715530>) \nJuly 2015| [Vulnerability in Diffie-Hellman ciphers affects Cognos Mobile app on Android (CVE-2015-4000)](<http://www.ibm.com/support/docview.wss?uid=swg21959481>) \nJuly 2015| [Cognos Business Intelligence Sever 2015Q2 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21903752>) \nJuly 2015| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager (CVE-2015-0478, CVE-2015-0488, CVE-2015-2808)](<http://www.ibm.com/support/docview.wss?uid=swg21903565>) \nJuly 2015| [Vulnerability in Tomcat affects Cognos Metrics Manager (CVE-2014-0227)](<http://www.ibm.com/support/docview.wss?uid=swg21903036>) \nJuly 2015| [Vulnerabilities in OpenSSL affect Cognos Metrics Manager (CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293)](<http://www.ibm.com/support/docview.wss?uid=swg21902528>) \nJune 2015| [Vulnerability in Diffie-Hellman ciphers affects Cognos Metrics Manager (CVE-2015-4000)](<http://www.ibm.com/support/docview.wss?uid=swg21959812>) \nJune 2015| [Vulnerability in Diffie-Hellman ciphers affects Cognos Business Intelligence (CVE-2015-4000)](<http://www.ibm.com/support/docview.wss?uid=swg21959671>) \nMay 2015| [A vulnerability in the IBM Dojo Toolkit affects Cognos Business Intelligence (CVE-2014-8917)](<http://www.ibm.com/support/docview.wss?uid=swg21700709>) \nMay 2015| [A vulnerability in the IBM Dojo Toolkit affects Cognos Metrics Manager (CVE-2014-8917)](<http://www.ibm.com/support/docview.wss?uid=swg21697317>) \nApril 2015| [Vulnerability in RC4 stream cipher affects Cognos Mobile app on Android (CVE-2015-2808)](<http://www.ibm.com/support/docview.wss?uid=swg21883588>) \nApril 2015| [Vulnerability in RC4 stream cipher affects Cognos Metrics Manager (CVE-2015-2808)](<http://www.ibm.com/support/docview.wss?uid=swg21720187>) \nApril 2015| [Vulnerability exists in GSKit that affects Cognos Metrics Manager (CVE-2015-0159)](<http://www.ibm.com/support/docview.wss?uid=swg21701318>) \nApril 2015| [Vulnerability in IBM WebSphere Application Server affects Cognos Metrics Manager (CVE-2015-0138)](<http://www.ibm.com/support/docview.wss?uid=swg21701222>) \nApril 2015| [Vulnerabilities in IBM WebSphere Application Server and GSKit affects Cognos Business Intelligence (CVE-2015-0138, CVE-2015-0159)](<http://www.ibm.com/support/docview.wss?uid=swg21701210>) \nApril 2015| [Vulnerability in IBM Runtime Environment Java Technology Edition affects Cognos Business Intelligence Server (CVE-2015-0138)](<http://www.ibm.com/support/docview.wss?uid=swg21701200>) \nApril 2015| [Vulnerability in IBM Java Runtime affects Cognos Metrics Manager (CVE-2015-0138)](<http://www.ibm.com/support/docview.wss?uid=swg21701192>) \nMarch 2015| [Cognos Business Intelligence Server is affected by multiple vulnerabilities](<http://www.ibm.com/support/docview.wss?uid=swg21698818>) \nMarch 2015| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager (CVE-2015-0410, CVE-2014-6593)](<http://www.ibm.com/support/docview.wss?uid=swg21698154>) \nMarch 2015| [Multiple vulnerabilities in the Libpng library affect Cognos Metrics Manager (CVE-2015-0973, CVE-2014-9495)](<http://www.ibm.com/support/docview.wss?uid=swg21697296>) \nMarch 2015| [Multiple vulnerabilities in OpenSSL affect Cognos Metrics Manager (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204)](<http://www.ibm.com/support/docview.wss?uid=swg21695694>) \nMarch 2015| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager (CVE-2014-3566, CVE-2014-6457)](<http://www.ibm.com/support/docview.wss?uid=swg21691561>) \nFebruary 2015| [A vulnerability in IBM Java Runtime affects Cognos Metrics Manager (CVE-2014-4263)](<http://www.ibm.com/support/docview.wss?uid=swg21688596>) \nJanuary 2015| [TLS padding vulnerability affects Cognos Business Intelligence (CVE-2014-8730)](<http://www.ibm.com/support/docview.wss?uid=swg21693422>) \nJanuary 2015| [TLS padding vulnerability affects Cognos Metrics Manager (CVE-2014-8730)](<http://www.ibm.com/support/docview.wss?uid=swg21693182>) \nDecember 2014| [Cognos Business Intelligence Server is affected by multiple vulnerabilities (CVE-2014-3566, CVE-2014-6145, CVE-2014-1568, CVE-2014-4263, CVE-2012-5784, CVE-2014-3513, CVE-2014-3567 and CVE-2014-3568)](<http://www.ibm.com/support/docview.wss?uid=swg21692267>) \nDecember 2014| [A vulnerability in the Mozilla Network Security Services (NSS) affects Cognos Metrics Manager (CVE-2014-1568)](<http://www.ibm.com/support/docview.wss?uid=swg21691656>) \nDecember 2014| [A vulnerability in Apache Axis affects Cognos Metrics Manager (CVE-2012-5784)](<http://www.ibm.com/support/docview.wss?uid=swg21691655>) \nDecember 2014| [Multiple vulnerabilities in OpenSSL affect Cognos Metrics Manager (CVE-2014-3567, CVE-2014-3513, CVE-2014-3568)](<http://www.ibm.com/support/docview.wss?uid=swg21689333>) \n \nSecurity bulletins and Alerts for Cognos Busines Intelligence 10.2.1. \n--- \n**Published / Updated**| **Title** \nApril 2018| [Cognos Metrics Manager 2018 Q1 Security Update](<http://www.ibm.com/support/docview.wss?uid=swg22014720>) \nDecember 2017| [Multiple vulnerabilities in Libxml2 affect Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22011764>) \nDecember 2017| [Cognos Business Intelligence Server 2017Q4 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg22007952>) \nOctober 2017| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22009441>) \nOctober 2017| [A vulnerability in the Apache Xerces-C XML Parser affects Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22009438>) \nOctober 2017| [Cognos Business Intelligence Server 2017Q3 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg22009259>) \nOctober 2017| [A vulnerability in the libpng library affects Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22004076>) \nOctober 2017| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22004070>) \nJune 2017| [Cognos Business Intelligence Server 2017Q2 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg22004036>) \nMay 2017| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22004078>) \nMay 2017| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22004077>) \nMay 2017| [Multiple vulnerabilities in OpenSSL affect Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22004074>) \nMay 2017| [Cognos Business Intelligence is NOT AFFECTED by the OpenSource Bouncy Castle Vulnerability (CVE-2015-7940)](<http://www.ibm.com/support/docview.wss?uid=swg22003426>) \nApril 2017| [Multiple vulnerabilities in Apache HttpComponents affect Cognos Metrics Manager (CVE-2012-6153, CVE-2014-3577)](<http://www.ibm.com/support/docview.wss?uid=swg21970193>) \nMarch 2017| [Multiple vulnerabilities in Apache Tomcat affect Cognos Metrics Manager (CVE-2016-0762, CVE-2016-6816)](<http://www.ibm.com/support/docview.wss?uid=swg21999723>) \nMarch 2017| [Cognos Business Intelligence Server 2017Q1 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21999671>) \nMarch 2017| [Privilege Escalation vulnerability affects Cognos Business Intelligence (CVE-2016-8960)](<http://www.ibm.com/support/docview.wss?uid=swg21993718>) \nJanuary 2017| [Cognos Business Intelligence is affected by a vulnerability](<http://www.ibm.com/support/docview.wss?uid=swg21996809>) \nJanuary 2017| [Cognos Business Intelligence Server 2016Q4 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21995691>) \nJanuary 2017| [A vulnerability in IBM Java Runtime affects Cognos Metrics Manager (CVE-2016-3485)](<http://www.ibm.com/support/docview.wss?uid=swg21995206>) \nJanuary 2017| [Multiple vulnerabilities in libxml2 affect Cognos Metrics Manager (CVE-2016-3705, CVE-2016-4447, CVE-2016-4448)](<http://www.ibm.com/support/docview.wss?uid=swg21995198>) \nJanuary 2017| [Vulnerabilities in OpenSSL affect Cognos Metrics Manager (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-6306 CVE-2016-2181 CVE-2016-2183)](<http://www.ibm.com/support/docview.wss?uid=swg21993856>) \nJanuary 2017| [Cognos Business Intelligence Server 2016Q2 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21984323>) \nOctober 2016| [Cognos Business Intelligence Server 2016Q1 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21979767>) \nJuly 2016| [A vulnerability in the Apache Xerces-C XML parser affects Cognos Metrics Manager (CVE-2016-0729)](<http://www.ibm.com/support/docview.wss?uid=swg21986259>) \nJuly 2016| [A vulnerability in IBM Java Runtime affects Cognos Metrics Manager (CVE-2016-3427)](<http://www.ibm.com/support/docview.wss?uid=swg21985522>) \nJuly 2016| [A vulnerability in Apache Tomcat affects Cognos Metrics Manager (CVE-2015-5345)](<http://www.ibm.com/support/docview.wss?uid=swg21982821>) \nJuly 2016| [A vulnerability in OpenSSL affects Cognos Metrics Manager (CVE-2016-2106, CVE-2016-2107, CVE-2016-2108)](<http://www.ibm.com/support/docview.wss?uid=swg21977114>) \nMay 2016| [Cognos Business Intelligence Server is affected by CVE-2016-0398](<http://www.ibm.com/support/docview.wss?uid=swg21983247>) \nMay 2016| [Multiple vulnerabilities in libxml2 affect Cognos Metrics Manager (CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8035, CVE-2015-8241, CVE-2015-8317)](<http://www.ibm.com/support/docview.wss?uid=swg21977221>) \nMay 2016| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager (CVE-2016-0448, CVE-2016-0466)](<http://www.ibm.com/support/docview.wss?uid=swg21977134>) \nMarch 2016| [Multiple vulnerabilities in libpng affect Cognos Metrics Manager (CVE-2015-8126, CVE-2015-8472, CVE-2015-8540)](<http://www.ibm.com/support/docview.wss?uid=swg21976924>) \nFebruary 2016| [Several vulnerabilities in the libpng component of Cognos Business Intelligence Server (CVE-2015-8126, CVE-2015-8472, CVE-2015-8540)](<http://www.ibm.com/support/docview.wss?uid=swg21977053>) \nNovember 2015| [A vulnerability in IBM Java Runtime affects Cognos Metrics Manager (CVE-2015-4872)](<http://www.ibm.com/support/docview.wss?uid=swg21971753>) \nNovember 2015| [Vulnerability in Apache Commons affects Cognos Metrics Manager (CVE-2015-7450)](<http://www.ibm.com/support/docview.wss?uid=swg21971382>) \nNovember 2015| [Cognos Business Intelligence Server 2015Q4 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21959874>) \nAugust 2015| [Cognos Business Intelligence Sever 2015Q3 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21963468>) \nAugust 2015| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager (CVE-2015-2625, CVE-2015-4748, CVE-2015-4749)](<http://www.ibm.com/support/docview.wss?uid=swg21963263>) \nAugust 2015| [Vulnerability in Tomcat affects Cognos Metrics Manager (CVE-2014-0230)](<http://www.ibm.com/support/docview.wss?uid=swg21962903>) \nAugust 2015| [Vulnerabilities in OpenSSL affect Cognos Metrics Manager (CVE-2015-1789, CVE-2015-1790, CVE-2015-1792)](<http://www.ibm.com/support/docview.wss?uid=swg21962686>) \nAugust 2015| [Vulnerability in RC4 stream cipher affects Cognos Business Intelligence Server (CVE-2015-2808)](<http://www.ibm.com/support/docview.wss?uid=swg21715530>) \nJuly 2015| [Vulnerability in Diffie-Hellman ciphers affects Cognos Mobile app on Android (CVE-2015-4000)](<http://www.ibm.com/support/docview.wss?uid=swg21959481>) \nJuly 2015| [Cognos Business Intelligence Sever 2015Q2 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21903752>) \nJuly 2015| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager (CVE-2015-0478, CVE-2015-0488, CVE-2015-2808)](<http://www.ibm.com/support/docview.wss?uid=swg21903565>) \nJuly 2015| [Vulnerability in Tomcat affects Cognos Metrics Manager (CVE-2014-0227)](<http://www.ibm.com/support/docview.wss?uid=swg21903036>) \nJuly 2015| [Vulnerabilities in OpenSSL affect Cognos Metrics Manager (CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293)](<http://www.ibm.com/support/docview.wss?uid=swg21902528>) \nJune 2015| [Vulnerability in Diffie-Hellman ciphers affects Cognos Metrics Manager (CVE-2015-4000)](<http://www.ibm.com/support/docview.wss?uid=swg21959812>) \nJune 2015| [Vulnerability in Diffie-Hellman ciphers affects Cognos Business Intelligence (CVE-2015-4000)](<http://www.ibm.com/support/docview.wss?uid=swg21959671>) \nMay 2015| [A vulnerability in the IBM Dojo Toolkit affects Cognos Business Intelligence (CVE-2014-8917)](<http://www.ibm.com/support/docview.wss?uid=swg21700709>) \nMay 2015| [A vulnerability in the IBM Dojo Toolkit affects Cognos Metrics Manager (CVE-2014-8917)](<http://www.ibm.com/support/docview.wss?uid=swg21697317>) \nApril 2015| [Vulnerability in RC4 stream cipher affects Cognos Mobile app on Android (CVE-2015-2808)](<http://www.ibm.com/support/docview.wss?uid=swg21883588>) \nApril 2015| [Vulnerability in RC4 stream cipher affects Cognos Metrics Manager (CVE-2015-2808)](<http://www.ibm.com/support/docview.wss?uid=swg21720187>) \nApril 2015| [Vulnerabilities in IBM WebSphere Application Server and GSKit affects Cognos Business Intelligence (CVE-2015-0138, CVE-2015-0159)](<http://www.ibm.com/support/docview.wss?uid=swg21701210>) \nApril 2015| [Vulnerability in IBM Runtime Environment Java Technology Edition affects Cognos Business Intelligence Server (CVE-2015-0138)](<http://www.ibm.com/support/docview.wss?uid=swg21701200>) \nApril 2015| [Vulnerability in IBM Java Runtime affects Cognos Metrics Manager (CVE-2015-0138)](<http://www.ibm.com/support/docview.wss?uid=swg21701192>) \nMarch 2015| [Cognos Business Intelligence Server is affected by multiple vulnerabilities](<http://www.ibm.com/support/docview.wss?uid=swg21698818>) \nMarch 2015| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager (CVE-2015-0410, CVE-2014-6593)](<http://www.ibm.com/support/docview.wss?uid=swg21698154>) \nMarch 2015| [Multiple vulnerabilities in the Libpng library affect Cognos Metrics Manager (CVE-2015-0973, CVE-2014-9495)](<http://www.ibm.com/support/docview.wss?uid=swg21697296>) \nMarch 2015| [Multiple vulnerabilities in OpenSSL affect Cognos Metrics Manager (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204)](<http://www.ibm.com/support/docview.wss?uid=swg21695694>) \nMarch 2015| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager (CVE-2014-3566, CVE-2014-6457)](<http://www.ibm.com/support/docview.wss?uid=swg21691561>) \nFebruary 2015| [A vulnerability in IBM Java Runtime affects Cognos Metrics Manager (CVE-2014-4263)](<http://www.ibm.com/support/docview.wss?uid=swg21688596>) \nJanuary 2015| [TLS padding vulnerability affects Cognos Business Intelligence (CVE-2014-8730)](<http://www.ibm.com/support/docview.wss?uid=swg21693422>) \nDecember 2014| [Cognos Business Intelligence Server is affected by multiple vulnerabilities (CVE-2014-3566, CVE-2014-6145, CVE-2014-1568, CVE-2014-4263, CVE-2012-5784, CVE-2014-3513, CVE-2014-3567 and CVE-2014-3568)](<http://www.ibm.com/support/docview.wss?uid=swg21692267>) \nDecember 2014| [A vulnerability in the Mozilla Network Security Services (NSS) affects Cognos Metrics Manager (CVE-2014-1568)](<http://www.ibm.com/support/docview.wss?uid=swg21691656>) \nDecember 2014| [A vulnerability in Apache Axis affects Cognos Metrics Manager (CVE-2012-5784)](<http://www.ibm.com/support/docview.wss?uid=swg21691655>) \nDecember 2014| [Multiple vulnerabilities in OpenSSL affect Cognos Metrics Manager (CVE-2014-3567, CVE-2014-3513, CVE-2014-3568)](<http://www.ibm.com/support/docview.wss?uid=swg21689333>) \nNovember 2014| [Cognos BI Server is affected by the following vulnerabilities: CVE-2014-0107, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0878, CVE-2014-0460](<http://www.ibm.com/support/docview.wss?uid=swg21682740>) \nSeptember 2014| [Cognos Business Intelligence is not affected by the Bash vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278)](<http://www.ibm.com/support/docview.wss?uid=swg21685556>) \nSeptember 2014| [Cognos Metrics Manager is affected by the following IBM Java Runtime vulnerabilities: CVE-2014-0878, CVE-2014-0460](<http://www.ibm.com/support/docview.wss?uid=swg21683527>) \nSeptember 2014| [Cognos Metrics Manager is affected by a vulnerability in Apache Xalan-Java (CVE-2014-0107)](<http://www.ibm.com/support/docview.wss?uid=swg21683524>) \nSeptember 2014| [Cognos Metrics Manager is affected by the following Tomcat vulnerabilities: CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119](<http://www.ibm.com/support/docview.wss?uid=swg21683430>) \nSeptember 2014| [OpenSSL Heartbleed Vulnerability](<http://www.ibm.com/support/docview.wss?uid=swg21669823>) \nAugust 2014| [Cognos Metrics Manager is affected by the following OpenSSL vulnerabilities: CVE-2014-0224](<http://www.ibm.com/support/docview.wss?uid=swg21677225>) \nJuly 2014| [Cognos BI Server is affected by the following OpenSSL vulnerability: CVE-2014-0224](<http://www.ibm.com/support/docview.wss?uid=swg21680511>) \nJuly 2014| [Security vulnerabilities have been identified in IBM DB2 shipped with Cognos Business Intelligence (CVE-2013-6747, CVE-2014-0963)](<http://www.ibm.com/support/docview.wss?uid=swg21674489>) \nJuly 2014| [A security vulnerability has been identified in IBM WebSphere Application Server shipped with Cognos Business Intelligence (CVE-2014-0114)](<http://www.ibm.com/support/docview.wss?uid=swg21674099>) \nMay 2014| [Multiple security exposures in Cognos BI Server (CVE-2014- 0416, CVE-2014-0423, CVE-2013-4322)](<http://www.ibm.com/support/docview.wss?uid=swg21671340>) \nMarch 2014| [Multiple security exposures in Cognos BI Server (CVE-2013-6954, CVE-2013-6732, CVE-2013-5802, CVE-2013-5825, CVE-2014-0854, CVE-2014-0861)](<http://www.ibm.com/support/docview.wss?uid=swg21662856>) \nNovember 2013| [Cognos Business Intelligence (CVE-2013-3030, CVE-2013-4002, CVE-2013-2407, CVE-2013-2450, CVE-2013-4034, CVE-2013-5372)](<http://www.ibm.com/support/docview.wss?uid=swg21652590>) \n \nSecurity bulletins and Alerts for Cognos Busines Intelligence 10.2. \n--- \n**Published / Updated**| **Title** \nApril 2018| [Cognos Metrics Manager 2018 Q1 Security Update](<http://www.ibm.com/support/docview.wss?uid=swg22014720>) \nDecember 2017| [Multiple vulnerabilities in Libxml2 affect Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22011764>) \nDecember 2017| [Cognos Business Intelligence Server 2017Q4 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg22007952>) \nOctober 2017| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22009441>) \nOctober 2017| [A vulnerability in the Apache Xerces-C XML Parser affects Cognos Metrics Manager.](<http://www.ibm.com/support/docview.wss?uid=swg22009438>) \nOctober 2017| [Cognos Business Intelligence Server 2017Q3 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg22009259>) \nOctober 2017| [A vulnerability in the libpng library affects Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22004076>) \nOctober 2017| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22004070>) \nJune 2017| [Cognos Business Intelligence Server 2017Q2 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg22004036>) \nMay 2017| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22004078>) \nMay 2017| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22004077>) \nMay 2017| [Multiple vulnerabilities in OpenSSL affect Cognos Metrics Manager](<http://www.ibm.com/support/docview.wss?uid=swg22004074>) \nMay 2017| [Cognos Business Intelligence is NOT AFFECTED by the OpenSource Bouncy Castle Vulnerability (CVE-2015-7940)](<http://www.ibm.com/support/docview.wss?uid=swg22003426>) \nApril 2017| [Multiple vulnerabilities in Apache HttpComponents affect Cognos Metrics Manager (CVE-2012-6153, CVE-2014-3577)](<http://www.ibm.com/support/docview.wss?uid=swg21970193>) \nMarch 2017| [Multiple vulnerabilities in Apache Tomcat affect Cognos Metrics Manager (CVE-2016-0762, CVE-2016-6816)](<http://www.ibm.com/support/docview.wss?uid=swg21999723>) \nMarch 2017| [Cognos Business Intelligence Server 2017Q1 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21999671>) \nMarch 2017| [Privilege Escalation vulnerability affects Cognos Business Intelligence (CVE-2016-8960)](<http://www.ibm.com/support/docview.wss?uid=swg21993718>) \nJanuary 2017| [Cognos Business Intelligence is affected by a vulnerability](<http://www.ibm.com/support/docview.wss?uid=swg21996809>) \nJanuary 2017| [Cognos Business Intelligence Server 2016Q4 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21995691>) \nJanuary 2017| [A vulnerability in IBM Java Runtime affects Cognos Metrics Manager (CVE-2016-3485)](<http://www.ibm.com/support/docview.wss?uid=swg21995206>) \nJanuary 2017| [Multiple vulnerabilities in libxml2 affect Cognos Metrics Manager (CVE-2016-3705, CVE-2016-4447, CVE-2016-4448)](<http://www.ibm.com/support/docview.wss?uid=swg21995198>) \nJanuary 2017| [Vulnerabilities in OpenSSL affect Cognos Metrics Manager (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-6306 CVE-2016-2181 CVE-2016-2183)](<http://www.ibm.com/support/docview.wss?uid=swg21993856>) \nJanuary 2017| [Cognos Business Intelligence Server 2016Q2 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21984323>) \nOctober 2016| [Cognos Business Intelligence Server 2016Q1 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21979767>) \nJuly 2016| [A vulnerability in the Apache Xerces-C XML parser affects Cognos Metrics Manager (CVE-2016-0729)](<http://www.ibm.com/support/docview.wss?uid=swg21986259>) \nJuly 2016| [A vulnerability in IBM Java Runtime affects Cognos Metrics Manager (CVE-2016-3427)](<http://www.ibm.com/support/docview.wss?uid=swg21985522>) \nJuly 2016| [A vulnerability in Apache Tomcat affects Cognos Metrics Manager (CVE-2015-5345)](<http://www.ibm.com/support/docview.wss?uid=swg21982821>) \nJuly 2016| [A vulnerability in OpenSSL affects Cognos Metrics Manager (CVE-2016-2106, CVE-2016-2107, CVE-2016-2108)](<http://www.ibm.com/support/docview.wss?uid=swg21977114>) \nMay 2016| [Cognos Business Intelligence Server is affected by CVE-2016-0398](<http://www.ibm.com/support/docview.wss?uid=swg21983247>) \nMay 2016| [Multiple vulnerabilities in libxml2 affect Cognos Metrics Manager (CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8035, CVE-2015-8241, CVE-2015-8317)](<http://www.ibm.com/support/docview.wss?uid=swg21977221>) \nMay 2016| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager (CVE-2016-0448, CVE-2016-0466)](<http://www.ibm.com/support/docview.wss?uid=swg21977134>) \nMarch 2016| [Multiple vulnerabilities in libpng affect Cognos Metrics Manager (CVE-2015-8126, CVE-2015-8472, CVE-2015-8540)](<http://www.ibm.com/support/docview.wss?uid=swg21976924>) \nFebruary 2016| [Several vulnerabilities in the libpng component of Cognos Business Intelligence Server (CVE-2015-8126, CVE-2015-8472, CVE-2015-8540)](<http://www.ibm.com/support/docview.wss?uid=swg21977053>) \nNovember 2015| [A vulnerability in IBM Java Runtime affects Cognos Metrics Manager (CVE-2015-4872)](<http://www.ibm.com/support/docview.wss?uid=swg21971753>) \nNovember 2015| [Vulnerability in Apache Commons affects Cognos Metrics Manager (CVE-2015-7450)](<http://www.ibm.com/support/docview.wss?uid=swg21971382>) \nNovember 2015| [Cognos Business Intelligence Server 2015Q4 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21959874>) \nAugust 2015| [Cognos Business Intelligence Sever 2015Q3 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21963468>) \nAugust 2015| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager (CVE-2015-2625, CVE-2015-4748, CVE-2015-4749)](<http://www.ibm.com/support/docview.wss?uid=swg21963263>) \nAugust 2015| [Vulnerability in Tomcat affects Cognos Metrics Manager (CVE-2014-0230)](<http://www.ibm.com/support/docview.wss?uid=swg21962903>) \nAugust 2015| [Vulnerabilities in OpenSSL affect Cognos Metrics Manager (CVE-2015-1789, CVE-2015-1790, CVE-2015-1792)](<http://www.ibm.com/support/docview.wss?uid=swg21962686>) \nAugust 2015| [Vulnerability in RC4 stream cipher affects Cognos Business Intelligence Server (CVE-2015-2808)](<http://www.ibm.com/support/docview.wss?uid=swg21715530>) \nJuly 2015| [Vulnerability in Diffie-Hellman ciphers affects Cognos Mobile app on Android (CVE-2015-4000)](<http://www.ibm.com/support/docview.wss?uid=swg21959481>) \nJuly 2015| [Cognos Business Intelligence Sever 2015Q2 Security Updater](<http://www.ibm.com/support/docview.wss?uid=swg21903752>) \nJuly 2015| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager (CVE-2015-0478, CVE-2015-0488, CVE-2015-2808)](<http://www.ibm.com/support/docview.wss?uid=swg21903565>) \nJuly 2015| [Vulnerability in Tomcat affects Cognos Metrics Manager (CVE-2014-0227)](<http://www.ibm.com/support/docview.wss?uid=swg21903036>) \nJuly 2015| [Vulnerabilities in OpenSSL affect Cognos Metrics Manager (CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293)](<http://www.ibm.com/support/docview.wss?uid=swg21902528>) \nJune 2015| [Vulnerability in Diffie-Hellman ciphers affects Cognos Metrics Manager (CVE-2015-4000)](<http://www.ibm.com/support/docview.wss?uid=swg21959812>) \nJune 2015| [Vulnerability in Diffie-Hellman ciphers affects Cognos Business Intelligence (CVE-2015-4000)](<http://www.ibm.com/support/docview.wss?uid=swg21959671>) \nMay 2015| [A vulnerability in the IBM Dojo Toolkit affects Cognos Business Intelligence (CVE-2014-8917)](<http://www.ibm.com/support/docview.wss?uid=swg21700709>) \nMay 2015| [A vulnerability in the IBM Dojo Toolkit affects Cognos Metrics Manager (CVE-2014-8917)](<http://www.ibm.com/support/docview.wss?uid=swg21697317>) \nApril 2015| [Vulnerability in RC4 stream cipher affects Cognos Mobile app on Android (CVE-2015-2808)](<http://www.ibm.com/support/docview.wss?uid=swg21883588>) \nApril 2015| [Vulnerability in RC4 stream cipher affects Cognos Metrics Manager (CVE-2015-2808)](<http://www.ibm.com/support/docview.wss?uid=swg21720187>) \nApril 2015| [Vulnerabilities in IBM WebSphere Application Server and GSKit affects Cognos Business Intelligence (CVE-2015-0138, CVE-2015-0159)](<http://www.ibm.com/support/docview.wss?uid=swg21701210>) \nApril 2015| [Vulnerability in IBM Runtime Environment Java Technology Edition affects Cognos Business Intelligence Server (CVE-2015-0138)](<http://www.ibm.com/support/docview.wss?uid=swg21701200>) \nApril 2015| [Vulnerability in IBM Java Runtime affects Cognos Metrics Manager (CVE-2015-0138)](<http://www.ibm.com/support/docview.wss?uid=swg21701192>) \nMarch 2015| [Cognos Business Intelligence Server is affected by multiple vulnerabilities](<http://www.ibm.com/support/docview.wss?uid=swg21698818>) \nMarch 2015| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager (CVE-2015-0410, CVE-2014-6593)](<http://www.ibm.com/support/docview.wss?uid=swg21698154>) \nMarch 2015| [Multiple vulnerabilities in the Libpng library affect Cognos Metrics Manager (CVE-2015-0973, CVE-2014-9495)](<http://www.ibm.com/support/docview.wss?uid=swg21697296>) \nMarch 2015| [Multiple vulnerabilities in OpenSSL affect Cognos Metrics Manager (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204)](<http://www.ibm.com/support/docview.wss?uid=swg21695694>) \nMarch 2015| [Multiple vulnerabilities in IBM Java Runtime affect Cognos Metrics Manager (CVE-2014-3566, CVE-2014-6457)](<http://www.ibm.com/support/docview.wss?uid=swg21691561>) \nFebruary 2015| [A vulnerability in IBM Java Runtime affects Cognos Metrics Manager (CVE-2014-4263)](<http://www.ibm.com/support/docview.wss?uid=swg21688596>) \nJanuary 2015| [TLS padding vulnerability affects Cognos Business Intelligence (CVE-2014-8730)](<http://www.ibm.com/support/docview.wss?uid=swg21693422>) \nDecember 2014| [Cognos Business Intelligence Server is affected by multiple vulnerabilities (CVE-2014-3566, CVE-2014-6145, CVE-2014-1568, CVE-2014-4263, CVE-2012-5784, CVE-2014-3513, CVE-2014-3567 and CVE-2014-3568)](<http://www.ibm.com/support/docview.wss?uid=swg21692267>) \nDecember 2014| [A vulnerability in the Mozilla Network Security Services (NSS) affects Cognos Metrics Manager (CVE-2014-1568)](<http://www.ibm.com/support/docview.wss?uid=swg21691656>) \nDecember 2014| [A vulnerability in Apache Axis affects Cognos Metrics Manager (CVE-2012-5784)](<http://www.ibm.com/support/docview.wss?uid=swg21691655>) \nDecember 2014| [Multiple vulnerabilities in OpenSSL affect Cognos Metrics Manager (CVE-2014-3567, CVE-2014-3513, CVE-2014-3568)](<http://www.ibm.com/support/docview.wss?uid=swg21689333>) \nDecember 2014| [Vulnerability in SSLv3 affects Cognos Metrics Manager (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21687710>) \nNovember 2014| [Cognos BI Server is affected by the following vulnerabilities: CVE-2014-0107, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0878, CVE-2014-0460](<http://www.ibm.com/support/docview.wss?uid=swg21682740>) \nSeptember 2014| [Cognos Business Intelligence is not affected by the Bash vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278)](<http://www.ibm.com/support/docview.wss?uid=swg21685556>) \nSeptember 2014| [Cognos Metrics Manager is affected by the following IBM Java Runtime vulnerabilities: CVE-2014-0878, CVE-2014-0460](<http://www.ibm.com/support/docview.wss?uid=swg21683527>) \nSeptember 2014| [Cognos Metrics Manager is affected by a vulnerability in Apache Xalan-Java (CVE-2014-0107)](<http://www.ibm.com/support/docview.wss?uid=swg21683524>) \nSeptember 2014| [Cognos Metrics Manager is affected by the following Tomcat vulnerabilities: CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119](<http://www.ibm.com/support/docview.wss?uid=swg21683430>) \nSeptember 2014| [OpenSSL Heartbleed Vulnerability](<http://www.ibm.com/support/docview.wss?uid=swg21669823>) \nAugust 2014| [Cognos Metrics Manager is affected by the following OpenSSL vulnerabilities: CVE-2014-0224](<http://www.ibm.com/support/docview.wss?uid=swg21677225>) \nJuly 2014| [Cognos BI Server is affected by the following OpenSSL vulnerability: CVE-2014-0224](<http://www.ibm.com/support/docview.wss?uid=swg21680511>) \nJuly 2014| [Security vulnerabilities have been identified in IBM DB2 shipped with Cognos Business Intelligence (CVE-2013-6747, CVE-2014-0963)](<http://www.ibm.com/support/docview.wss?uid=swg21674489>) \nJuly 2014| [A security vulnerability has been identified in IBM WebSphere Application Server shipped with Cognos Business Intelligence (CVE-2014-0114)](<http://www.ibm.com/support/docview.wss?uid=swg21674099>) \nMay 2014| [Multiple security exposures in Cognos BI Server (CVE-2014- 0416, CVE-2014-0423, CVE-2013-4322)](<http://www.ibm.com/support/docview.wss?uid=swg21671340>) \nMarch 2014| [Multiple security exposures in Cognos BI Server (CVE-2013-6954, CVE-2013-6732, CVE-2013-5802, CVE-2013-5825, CVE-2014-0854, CVE-2014-0861)](<http://www.ibm.com/support/docview.wss?uid=swg21662856>) \nNovember 2013| [Cognos Business Intelligence (CVE-2013-3030, CVE-2013-4002, CVE-2013-2407, CVE-2013-2450, CVE-2013-4034, CVE-2013-5372)](<http://www.ibm.com/support/docview.wss?uid=swg21652590>) \n \n\\-->\n\n[{\"Product\":{\"code\":\"SSTSF6\",\"label\":\"IBM Cognos Analytics\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"11.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}},{\"Product\":{\"code\":\"SSEP7J\",\"label\":\"Cognos Business Intelligence\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"10.2;10.2.1;10.2.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-07-19T16:57:09", "type": "ibm", "title": "Security Bulletins - Cognos Analytics and Cognos Business Intelligence", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2012-6153", "CVE-2013-2407", "CVE-2013-2450", "CVE-2013-3030", "CVE-2013-4002", "CVE-2013-4034", "CVE-2013-4322", "CVE-2013-5372", "CVE-2013-5802", "CVE-2013-5825", "CVE-2013-6732", "CVE-2013-6747", "CVE-2013-6954", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0107", "CVE-2014-0114", "CVE-2014-0119", "CVE-2014-0224", "CVE-2014-0227", "CVE-2014-0230", "CVE-2014-0423", "CVE-2014-0460", "CVE-2014-0854", "CVE-2014-0861", "CVE-2014-0878", "CVE-2014-0963", "CVE-2014-1568", "CVE-2014-3513", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3568", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-3577", "CVE-2014-4263", "CVE-2014-6145", "CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-6457", "CVE-2014-6593", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187", "CVE-2014-8275", "CVE-2014-8730", "CVE-2014-8917", "CVE-2014-9495", "CVE-2015-0138", "CVE-2015-0159", "CVE-2015-0204", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293", "CVE-2015-0410", "CVE-2015-0478", "CVE-2015-0488", "CVE-2015-0973", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1792", "CVE-2015-1819", "CVE-2015-2017", "CVE-2015-2625", "CVE-2015-2808", "CVE-2015-4000", "CVE-2015-4748", "CVE-2015-4749", "CVE-2015-4872", "CVE-2015-5312", "CVE-2015-5345", "CVE-2015-7450", "CVE-2015-7497", "CVE-2015-7498", "CVE-2015-7499", "CVE-2015-7500", "CVE-2015-7940", "CVE-2015-7941", "CVE-2015-7942", "CVE-2015-8035", "CVE-2015-8126", "CVE-2015-8241", "CVE-2015-8317", "CVE-2015-8472", "CVE-2015-8540", "CVE-2016-0201", "CVE-2016-0398", "CVE-2016-0448", "CVE-2016-0466", "CVE-2016-0729", "CVE-2016-0762", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2181", "CVE-2016-2183", "CVE-2016-3427", "CVE-2016-3485", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-5983", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306", "CVE-2016-6816", "CVE-2016-8960"], "modified": "2018-07-19T16:57:09", "id": "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "href": "https://www.ibm.com/support/pages/node/568041", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-27T22:03:06", "description": "## Question\n\nIs there a list that contains the security bulletins that apply to WebSphere Application Server and IBM HTTP Server?\n\n## Answer\n\nThe following table is provided to help you locate WebSphere Application Server and IBM HTTP Server security bulletins. These are listed numerically by CVE number not by the last one published.\n\nNote the IBM Java runtime included with WebSphere Application Server provides an execution environment for non-IBM code. While the below table includes all IBM Java vulnerabilities related to the WebSphere Application Server product, there might be additional IBM Java vulnerabilities which impact non-IBM code running in your WebSphere Application Server environment. For a listing of all IBM Java security bulletins, refer to [_IBM Java Security Alerts_](<https://www.ibm.com/developerworks/java/jdk/alerts/>). To determine the Java SDK version used with WebSphere Application Server, refer to the [_Verify Java SDK version shipped with WebSphere Application Server_](<http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27005002>).\n\nTo avoid preventable security issues, it is recommended that you stay up-to-date on the most current maintenance options for your products. You can also subscribe to the security bulletins for each of your products as provided in this link, [_IBM Security Bulletins_](<http://www.ibm.com/security/secure-engineering/bulletins.html>).\n\nWhen significant updates have been made to security bulletins, it will be noted with the date of the last update in the bulletin columns.\n\nNote: Starting 07/16/2020, the most recent fix published will be added to the top of this list below as well as in numerical order by year.\n\n**Recent CVEs (previous 15 published from most recent to least recent)**\n\n**Name **\n\n| \n\n**CVE**\n\n| \n\n**CVSS Score**\n\n| \n\n**WebSphere Application Server Bulletin or Assessment**\n\n| \n\n**IBM HTTP Server Bulletin or Assessment**\n\n| \n\n**Versions Affected** \n \n---|---|---|---|---|--- \n| CVE-2022-22477 | 6.1 | [Cross-site Scripting](<https://www.ibm.com/support/pages/node/6603417>) | Not affected | 9.0,8.5 \n| CVE-2022-22473 | 3.7 | [Information Disclosure](<https://www.ibm.com/support/pages/node/6603421>) | Not affected | 9.0,8.5,8.0,7.0 \n| CVE-2019-11777 | 7.5 | [Spoofing vulnerability](<https://www.ibm.com/support/pages/node/6602039>) | Not affected | Liberty \n| CVE-2022-22476 | 5.0 | [Identity Spoofing](<https://www.ibm.com/support/pages/node/6602015>) | Not affected | Liberty \n| CVE-2022-26377 | 7.3 | Not affected | [HTTP Request Smuggling](<https://www.ibm.com/support/pages/node/6595149>) | 7.0,8.0,8.5,9.0 \n| CVE-2022-28614 | 5.3 | Not affected | [Information Disclosure](<https://www.ibm.com/support/pages/node/6595149>) | 7.0,8.0,8.5,9.0 \n| CVE-2022-28615 | 6.5 | Not affected | [Information Disclosure](<https://www.ibm.com/support/pages/node/6595149>) | 7.0,8.0,8.5,9.0 \n| CVE-2022-29404 | 5.3 | Not affected | [Denial of Service](<https://www.ibm.com/support/pages/node/6595149>) | 7.0,8.0,8.5,9.0 \n| CVE-2022-30556 | 5.3 | Not affected | [Information Disclosure](<https://www.ibm.com/support/pages/node/6595149>) | 7.0,8.0,8.5,9.0 \n| CVE-2022-31813 | 5.3 | Not affected | [Bypass Security](<https://www.ibm.com/support/pages/node/6595149>) | 7.0,8.0,8.5,9.0 \n| CVE-2022-21496 | 5.3 | [IBM Java SDK for April 2022](<https://www.ibm.com/support/pages/node/6594523>) | Not affected | 9.0,8.5,Liberty \n| CVE-2022-21299 | 5.3 | [IBM Java SDK for April 2022](<https://www.ibm.com/support/pages/node/6594523>) | Not affected | 9.0,8.5,Liberty \n| CVE-2022-22365 | 5.6 | [Spoofing vulnerability](<https://www.ibm.com/support/pages/node/6587947>) | Not affected | 9.0,8.5,8.0,7.0 \n| CVE-2022-22475 | 7.1 | [Identity Spoofing](<https://www.ibm.com/support/pages/node/6586734>) | Not affected | Liberty \n \n**2022 CVEs**\n\n**Name **\n\n| \n\n**CVE**\n\n| \n\n**CVSS Score**\n\n| \n\n**WebSphere Application Server Bulletin or Assessment**\n\n| \n\n**IBM HTTP Server Bulletin or Assessment**\n\n| \n\n**Versions Affected** \n \n---|---|---|---|---|--- \n| CVE-2022-31813 | 5.3 | Not affected | [Bypass Security](<https://www.ibm.com/support/pages/node/6595149>) | 7.0,8.0,8.5,9.0 \n| CVE-2022-30556 | 5.3 | Not affected | [Information Disclosure](<https://www.ibm.com/support/pages/node/6595149>) | 7.0,8.0,8.5,9.0 \n| CVE-2022-29404 | 5.3 | Not affected | [Denial of Service](<https://www.ibm.com/support/pages/node/6595149>) | 7.0,8.0,8.5,9.0 \n| CVE-2022-28615 | 6.5 | Not affected | [Information Disclosure](<https://www.ibm.com/support/pages/node/6595149>) | 7.0,8.0,8.5,9.0 \n| CVE-2022-28614 | 5.3 | Not affected | [Information Disclosure](<https://www.ibm.com/support/pages/node/6595149>) | 7.0,8.0,8.5,9.0 \n| CVE-2022-26377 | 7.3 | Not affected | [HTTP Request Smuggling](<https://www.ibm.com/support/pages/node/6595149>) | 7.0,8.0,8.5,9.0 \n| CVE-2022-25315 | 7.8 | Not affected | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6560814>) | 9.0,8.5,8.0,7.0 \n| CVE-2022-25313 | 5.5 | Not affected | [Denial of Service](<https://www.ibm.com/support/pages/node/6560814>) | 9.0,8.5,8.0,7.0 \n| CVE-2022-25236 | 5.3 | Not affected | [Denial of Service](<https://www.ibm.com/support/pages/node/6560814>) | 9.0,8.5,8.0,7.0 \n| CVE-2022-25235 | 3.3 | Not affected | [Denial of Service](<https://www.ibm.com/support/pages/node/6560814>) | 9.0,8.5,8.0,7.0 \n| CVE-2022-23990 | 9.8 | Not affected | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6559296>) | 9.0,8.5,8.0,7.0 \n| CVE-2022-23852 | 9.8 | Not affected | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6559296>) | 9.0,8.5,8.0,7.0 \n| CVE-2022-23307 | 9.8 | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6557248>) | Not affected | 9.0,8.5,8.0,7.0,Liberty \n| CVE-2022-23305 | 6.5 | [SQL Injection](<https://www.ibm.com/support/pages/node/6557248>) | Not affected | 9.0,8.5,8.0,7.0,Liberty \n| CVE-2022-23302 | 8.8 | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6557248>) | Not affected | 9.0,8.5,8.0,7.0,Liberty \n| CVE-2022-22827 | 7.8 | Not affected | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6559296>) | 9.0,8.5,8.0,7.0 \n| CVE-2022-22826 | 7.8 | Not affected | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6559296>) | 9.0,8.5,8.0,7.0 \n| CVE-2022-22825 | 7.8 | Not affected | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6559296>) | 9.0,8.5,8.0,7.0 \n| CVE-2022-22824 | 7.8 | Not affected | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6559296>) | 9.0,8.5,8.0,7.0 \n| CVE-2022-22823 | 7.8 | Not affected | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6559296>) | 9.0,8.5,8.0,7.0 \n| CVE-2022-22822 | 7.8 | Not affected | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6559296>) | 9.0,8.5,8.0,7.0 \n| CVE-2022-22721 | 7.3 | Not affected | [Buffer Overflow](<https://www.ibm.com/support/pages/node/6565413>) | 9.0,8.5,8.0,7.0 \n| CVE-2022-22720 | 7.3 | Not affected | [HTTP Request Smuggling](<https://www.ibm.com/support/pages/node/6565413>) | 9.0,8.5,8.0,7.0 \n| CVE-2022-22719 | 5.3 | Not affected | [Denial of Service](<https://www.ibm.com/support/pages/node/6565413>) | 9.0,8.5,8.0,7.0 \n| CVE-2022-22477 | 6.1 | [Cross-site Scripting](<https://www.ibm.com/support/pages/node/6603417>) | Not affected | 9.0,8.5 \n| CVE-2022-22476 | 5.0 | [Identity Spoofing](<https://www.ibm.com/support/pages/node/6602015>) | Not affected | Liberty \n| CVE-2022-22475 | 7.1 | [Identity Spoofing](<https://www.ibm.com/support/pages/node/6586734>) | Not affected | Liberty \n| CVE-2022-22473 | 3.7 | [Information Disclosure](<https://www.ibm.com/support/pages/node/6603421>) | Not affected | 9.0,8.5,8.0,7.0 \n| CVE-2022-22393 | 3.1 | [Information Disclosure](<https://www.ibm.com/support/pages/node/6585704>) | Not affected | Liberty \n| CVE-2022-22365 | 5.6 | [Spoofing vulnerability](<https://www.ibm.com/support/pages/node/6587947>) | Not affected | 9.0,8.5,8.0,7.0 \n| CVE-2022-22310 | 4.8 | [Information Disclosure](<https://www.ibm.com/support/pages/node/6541530>) | Not affected | Liberty \n| CVE-2022-21496 | 5.3 | [IBM Java SDK for April 2022 CPU](<https://www.ibm.com/support/pages/node/6594523>) | | 9.0,8.5,Liberty \n| CVE-2022-21340 | 5.3 | [IBM Java SDK for January 2022 CPU](<https://www.ibm.com/support/pages/node/6559306>) | Not affected | 9.0,8.5,Liberty \n| CVE-2022-21229 | 5.3 | [IBM Java SDK for April 2022 CPU](<https://www.ibm.com/support/pages/node/6594523>) | | 9.0,8.5,Liberty \n \n**2021 CVEs**\n\n**Name **\n\n| \n\n**CVE**\n\n| \n\n**CVSS Score**\n\n| \n\n**WebSphere Application Server Bulletin or Assessment**\n\n| \n\n**IBM HTTP Server Bulletin or Assessment**\n\n| \n\n**Versions Affected** \n \n---|---|---|---|---|--- \n| CVE-2021-46708 | 4.3 | [Clickjacking vulnerability](<https://www.ibm.com/support/pages/node/6569505>) | Not affected | Liberty \n| CVE-2021-46143 | 7.8 | Not affected | [Remote Code Execution](<https://Denial of Service>) | 7.0,8.0,8.5,9.0 \n| CVE-2021-45960 | 5.5 | Not affected | [Denial of Service](<https://www.ibm.com/support/pages/node/6559296>) | 7.0,8.0,8.5,9.0 \n| CVE-2021-45105 | 7.5 | [Denial of Service](<https://www.ibm.com/support/pages/node/6538148>) | Not affected | 9.0, 8.5 \n| CVE-2021-45046 | 9.0 | [Denial of Service](<https://www.ibm.com/support/pages/node/6526750>) | Not affected | 9.0,8.5,8.0,7.0,Liberty \n| CVE-2021-44832 | 6.6 | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6538148>) | Not affected | 9.0, 8.5 \n| CVE-2021-44790 | 9.8 | Not affected | [Buffer overflow](<https://www.ibm.com/support/pages/node/6540288>) | 9.0 \nLog4Shell | CVE-2021-44228 | 10 | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6525706>) | Not affected | 9.0, 8.5 \n| CVE-2021-44224 | 8.2 | Not affected | [Denial of Service](<https://www.ibm.com/support/pages/node/6540288>) | 9.0 \n| CVE-2021-40438 | 9.0 | Not affected | [Server-side request forgery](<https://www.ibm.com/support/pages/node/6493841>) | 9.0 \n| CVE-2021-39275 | 3.7 | Not affected | [Buffer overflow](<https://www.ibm.com/support/pages/node/6493845>) | 9.0, 8.5, 8.0, 7.0 \n| CVE-2021-39038 | 4.4 | [Clickjacking vulnerability](<https://www.ibm.com/support/pages/node/6559044>) | Not affected | 9.0, Liberty \n| CVE-2021-39031 | 7.5 | [LDAP Injection](<https://www.ibm.com/support/pages/node/6550488>) | Not affected | Liberty \n| CVE-2021-38951 | 7.5 | [Denial of Service](<https://www.ibm.com/support/pages/node/6524674>) | Not affected | 9.0, 8.5, 8.0, 7.0 \n| CVE-2021-36090 | 7.5 | [Denial of Service](<https://www.ibm.com/support/pages/node/6489683>) | Not affected | Liberty \n| CVE-2021-35603 | 3.7 | [IBM Java SDK for January 2022 CPU](<https://www.ibm.com/support/pages/node/6559306>) | Not affected | 9.0,8.5,Liberty \n| CVE-2021-35578 | 5.3 | [IBM Java SDK for October 2021 CPU](<https://www.ibm.com/support/pages/node/6520468>) | Not affected | 9.0, 8.5, Liberty \n| CVE-2021-35564 | 5.3 | [IBM Java SDK for October 2021 CPU](<https://www.ibm.com/support/pages/node/6520468>) | Not affected | 9.0, 8.5, Liberty \n| CVE-2021-35550 | 5.9 | [IBM Java SDK for January 2022 CPU](<https://www.ibm.com/support/pages/node/6559306>) | Not affected | 9.0,8.5,Liberty \n| CVE-2021-35517 | 5.5 | [Denial of Service](<https://www.ibm.com/support/pages/node/6489683>) | Not affected | Liberty \n| CVE-2021-34798 | 5.9 | Not affected | [Denial of service](<https://www.ibm.com/support/pages/node/6493841>) | 9.0 \n| CVE-2021-30641 | 5.3 | Not affected | [Weaker Security](<https://www.ibm.com/support/pages/node/6464029>) | 9.0, 8.5, 8.0, 7.0 \n| CVE-2021-29842 | 3.7 | [Information Disclosure](<https://www.ibm.com/support/pages/node/6489485>) | Not affected | 9.0,8.5,8.0,7.0,Liberty \n| CVE-2021-29754 | 4.2 | [Privilege Escalation](<https://www.ibm.com/support/pages/node/6462627>) | Not affected | 9.0, 8.5, 8.0. 7.0 \n| CVE-2021-29736 | 5.0 | [Privilege Escalation](<https://www.ibm.com/support/pages/node/6476678>) | Not affected | 9.0, 8.5, 8.0, 7.0 \n| CVE-2021-26691 | 5.9 | Not affected | [Heap Buffer Overflow](<https://www.ibm.com/support/pages/node/6467651>) | 9.0 \n| CVE-2021-26690 | 3.7 | Not affected | [Denial of Service](<https://www.ibm.com/support/pages/node/6467651>) | 9.0 \n| CVE-2021-26296 | 8.8 | [Cross-site request forgery](<https://www.ibm.com/support/pages/node/6441433>) | Not affected | 9.0, 8.5, 8.0, Liberty \n| CVE-2021-23450 | 9.8 | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6558594>) | Not affected | 9.0,8.5,8.0,7.0,Liberty \n| CVE-2021-20517 | 6.4 | [Directory Traversal](<https://www.ibm.com/support/pages/node/6456955>) | Not affected | 9.0, 8.5 \n| CVE-2021-20492 | 6.5 | [XXE vulnerability](<https://www.ibm.com/support/pages/node/6456017>) | Not affected | 9.0, 8.5, 8.0, Liberty \n| CVE-2021-20480 | 4.3 | [Server-side request forgery](<https://www.ibm.com/support/pages/node/6441063>) | Not affected | 8.5, 8.0, 7.0 \n| CVE-2021-20454 | 8.2 | [XXE vulnerability](<https://www.ibm.com/support/pages/node/6445481>) | Not affected | 9.0, 8.5, 8.0, 7.0 \n| CVE-2021-20453 | 8.2 | [XXE vulnerability](<https://www.ibm.com/support/pages/node/6445171>) | Not affected | 9.0, 8.5, 8.0 \n| CVE-2021-20354 | 5.9 | [Directory traversal](<https://www.ibm.com/support/pages/node/6415959>) | Not affected | 9.0, 8.5, 8.0 \n| CVE-2021-20353 | 8.2 | [XXE vulnerability](<https://www.ibm.com/support/pages/node/6413709>) | Not affected | 9.0, 8.5, 8.0, 7.0 \n| CVE-2021-4104 | 8.1 | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6526750>) | Not affected | 9.0,8.5,8.0,7.0,Liberty \n| CVE-2021-2369 | 4.3 | [IBM Java SDK for July 2021 CPU](<https://www.ibm.com/support/pages/node/6481135>) | Not affected | 9.0, 8.5, Liberty \n| CVE-2021-2161 | 5.9 | [IBM Java SDK for April 2021 CPU](<https://www.ibm.com/support/pages/node/6454853>) | Not affected | 9.0, 8.5, Liberty \n \n**2020 CVEs**\n\n**Name **\n\n| \n\n**CVE**\n\n| \n\n**CVSS Score**\n\n| \n\n**WebSphere Application Server Bulletin or Assessment**\n\n| \n\n**IBM HTTP Server Bulletin or Assessment**\n\n| \n\n**Versions Affected** \n \n---|---|---|---|---|--- \n| CVE-2020-27221 | 9.8 | [IBM Java SDK for January 2021 CPU](<https://www.ibm.com/support/pages/node/6415639>) | Not affected | 9.0,8.5,Liberty \n| CVE-2020-14797 | 3.7 | [IBM Java SDK for October 2020 CPU](<https://www.ibm.com/support/pages/node/6379260>) | Not affected | 9.0,8.5,Liberty \n| CVE-2020-14782 | 3.7 | [IBM Java SDK for January 2021 CPU](<https://www.ibm.com/support/pages/node/6415639>) | Not affected | 9.0,8.5,Liberty \n| CVE-2020-14781 | 3.7 | [IBM Java SDK for January 2021 CPU](<https://www.ibm.com/support/pages/node/6415639>) | Not affected | 9.0,8.5,Liberty \n| CVE-2020-14621 | 5.3 | [IBM Java SDK for July 2020 CPU](<https://www.ibm.com/support/pages/node/6256732>) | Not affected | 9.0,8.5,Liberty \n| CVE-2020-14581 | 3.7 | [IBM Java SDK for July 2020 CPU](<https://www.ibm.com/support/pages/node/6256732>) | Not affected | 9.0,8.5,Liberty \n| CVE-2020-14579 | 3.7 | [IBM Java SDK for July 2020 CPU](<https://www.ibm.com/support/pages/node/6256732>) | Not affected | 9.0,8.5,Liberty \n| CVE-2020-14578 | 3.7 | [IBM Java SDK for July 2020 CPU](<https://www.ibm.com/support/pages/node/6256732>) | Not affected | 9.0,8.5,Liberty \n| CVE-2020-14577 | 3.7 | [IBM Java SDK for July 2020 CPU](<https://www.ibm.com/support/pages/node/6256732>) | Not affected | 9.0,8.5,Liberty \n| CVE-2020-13938 | 6.2 | Not affected | [Denial of Service](<https://www.ibm.com/support/pages/node/6464029>) | 9.0, 8.5, 8.0, 7.0 \n| CVE-2020-11985 | 5.3 | Not affected | [Spoofing Vulnerability](<https://www.ibm.com/support/pages/node/6324789>) | 9.0 \n| CVE-2020-10693 | 5.3 | [Bypass security](<https://www.ibm.com/support/pages/node/6348216>) | Not affected | Liberty \n| CVE-2020-5258 | 7.5 | [Information Disclosure](<https://www.ibm.com/support/pages/node/6443101>) | Not affected | 9.0, 8.5, 8.0, Liberty \n| CVE-2020-5016 | 5.3 | [Directory traversal](<https://www.ibm.com/support/pages/node/6427873>) | Not affected | 9.0, 8.5, 8.0, 7.0 \n| CVE-2020-4949 | 8.2 | [XXE vulnerability](<https://www.ibm.com/support/pages/node/6408244>) | Not affected | 9.0, 8.5, 8.0, 7.0 \n| CVE-2020-4782 | 6.5 | [Directory Traversal](<https://www.ibm.com/support/pages/node/6356083>) | Not affected | 9.0, 8.5, 8.0, 7.0 \n| CVE-2020-4643 | 7.5 | [Information Disclosure](<https://www.ibm.com/support/pages/node/6334311>) | Not affected | 9.0, 8.5, 8.0, 7.0 \n| CVE-2020-4629 | 2.9 | [Information Disclosure](<https://www.ibm.com/support/pages/node/6339255>) | Not affected | 9.0, 8.5, 8.0, 7.0 \n| CVE-2020-4590 | 5.3 | [Denial of Service](<https://www.ibm.com/support/pages/node/6333623>) | Not affected | Liberty \n| CVE-2020-4589 | 8.1 | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6258333>) | Not affected | 9.0,8.5,8.0,7.0 \n| CVE-2020-4578 | 5.4 | [Cross-site scripting](<https://www.ibm.com/support/pages/node/6328895>) | Not affected | 9.0, 8.5, 8.0, 7.0 \n| CVE-2020-4576 | 5.3 | [Information Disclosure](<https://www.ibm.com/support/pages/node/6339807>) | Not affected | 9.0, 8.5, 8.0, 7.0 \n| CVE-2020-4575 | 4.7 | [Cross-site scripting](<https://www.ibm.com/support/pages/node/6323293>) | Not affected | 9.0, 8.5, 8.0VE, 7.0VE \n| CVE-2020-4534 | 7.8 | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6255074>) | Not affected | 9.0,8.5,8.0,7.0 \n| CVE-2020-4464 | 8.8 | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6250059>) | Not affected | 9.0,8.5,8.0,7.0 \n| CVE-2020-4450 | 9.8 | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6220294>) | Not affected | 9.0,8.5 \n| CVE-2020-4449 | 7.5 | [Information Disclosure](<https://www.ibm.com/support/pages/node/6220296>) | Not affected | 9.0, 8.5, 8.0,7.0 \n| CVE-2020-4448 | 9.8 | [Remote Code Execution](<https://www.ibm.com/support/pages/node/6220336>) | Not affected | 9.0, 8.5, 8.0VE, 7.0VE \n| CVE-2020-4421 | 5.0 | [Identity spoofing](<https://www.ibm.com/support/pages/node/6205926>) | Not affected | Liberty \n| CVE-2020-4365 | 5.3 | [Server-side request forgery](<https://www.ibm.com/support/pages/node/6209099>) | Not affected | 8.5 \n| CVE-2020-4362 | 7.5 | [Privilege Escalation](<https://www.ibm.com/support/pages/node/6174417>) | Not affected | 9.0,8.5,8.0,7.0 \n| CVE-2020-4329 | 4.3 | [Information Disclosure](<https://www.ibm.com/support/pages/node/6201862>) | Not affected | 9.0,8.5,8.0,7.0,Liberty \n| CVE-2020-4304 | 6.1 | [Cross-site scripting](<https://www.ibm.com/support/pages/node/6147195>) | Not affected | Liberty \n| CVE-2020-4303 | 6.1 | [Cross-site scripting](<https://www.ibm.com/support/pages/node/6147195>) | Not affected | Liberty \n| CVE-2020-4276 | 7.5 | [Privilege Escalation](<https://www.ibm.com/support/pages/node/6118222>) | Not affected | 9.0,8.5,8.0,7.0 \n| CVE-2020-4163 | 6.6 | [Command Execution](<https://www.ibm.com/support/pages/node/1288786>) | Not affected | 9.0,8.5,8.0,7.0 \n| CVE-2020-2800 | 4.8 | [IBM Java SDK for April 2020 CPU](<https://www.ibm.com/support/pages/node/6206850>) | Not affected | 9.0,8.5,Liberty \n| CVE-2020-2781 | 5.3 | [IBM Java SDK for April 2020 CPU](<https://www.ibm.com/support/pages/node/6206850>) | Not affected | 9.0,8.5,Liberty \n| CVE-2020-2773 | 3.7 | [IBM Java SDK for January 2021 CPU](<https://www.ibm.com/support/pages/node/6415639>) | Not affected | 9.0,8.5,Liberty \n| CVE-2020-2755 | 3.7 | [IBM Java SDK for April 2020 CPU](<https://www.ibm.com/support/pages/node/6206850>) | Not affected | 9.0,8.5,Liberty \n| CVE-2020-2754 | 3.7 | [IBM Java SDK for April 2020 CPU](<https://www.ibm.com/support/pages/node/6206850>) | Not affected | 9.0,8.5,Liberty \n| CVE-2020-2654 | 3.7 | [IBM Java SDK for April 2020 CPU](<https://www.ibm.com/support/pages/node/6206850>) | Not affected | 9.0,8.5,Liberty \n| CVE-2020-2601 | 6.8 | [IBM Java SDK for July 2020 CPU](<https://www.ibm.com/support/pages/node/6256732>) | Not affected | 9.0,8.5,Liberty \n| CVE-2020-2593 | 4.8 | [IBM Java SDK for January 2020 CPU](<https://www.ibm.com/support/pages/node/1289194>) | Not affected | 9.0,8.5,Liberty \n| CVE-2020-2590 | 3.7 | [IBM Java SDK for July 2020 CPU](<https://www.ibm.com/support/pages/node/6256732>) | Not affected | 9.0,8.5,Liberty \n| CVE-2020-1934 | 8.1 | Not affected | [Denial of Service](<https://www.ibm.com/support/pages/node/6191631>) | 9.0,8.5,8.0,7.0 \n| CVE-2020-1927 | 7.4 | Not affected | [Phishing attack](<https://www.ibm.com/support/pages/node/6191631>) | 9.0,8.5,8.0,7.0 \n \n**2019 CVEs**\n\n**Name **\n\n| \n\n**CVE**\n\n| \n\n**CVSS Score**\n\n| \n\n**WebSphere Application Server Bulletin or Assessment**\n\n| \n\n**IBM HTTP Server Bulletin or Assessment**\n\n| \n\n**Versions Affected** \n \n---|---|---|---|---|--- \n| CVE-2019-17573 | 6.1 | [Cross-site Scripting](<https://www.ibm.com/support/pages/node/6100132>) | Not affected | Liberty \n| CVE-2019-17566 | 7.5 | [Server-side request forgery](<https://www.ibm.com/support/pages/node/6322683>) | Not affected | 9.0,8.5,8.0 \n| CVE-2019-17495 | 5.3 | [Information Disclosure](<https://www.ibm.com/support/pages/node/1274596>) | Not affected | Liberty \n| CVE-2019-12402 | 4.3 | [Denial of Service](<https://www.ibm.com/support/pages/node/1074156>) | Not affected | Liberty \n| CVE-2019-12406 | 5.3 | [Denial of Service](<https://www.ibm.com/support/pages/node/1288774>) | Not affected | 9.0,Liberty \n| CVE-2019-11777 | 7.5 | [Spoofing vulnerability](<https://www.ibm.com/support/pages/node/6602039>) | Not affected | Liberty \n| CVE-2019-10098 | 3.7 | Not affected | [Phishing attack](<https://www.ibm.com/support/pages/node/964768>) | 9.0, 8.5, 8.0, 7.0 \n| CVE-2019-10092 | 4.7 | Not affected | [Cross-site scripting](<https://www.ibm.com/support/pages/node/964768>) | 9.0, 8.5, 8.0, 7.0 \n| CVE-2019-10086 | 5.3 | [Unauthorized Access](<https://www.ibm.com/support/pages/node/1115085>) | Not affected | 9.0, 8.5, 8.0, 7.0 \n| CVE-2019-9518 | 7.5 | [Denial of Service](<https://www.ibm.com/support/pages/node/1072860>) | Not affected | Liberty \n| CVE-2019-9517 | 7.5 | [Denial of Service](<https://www.ibm.com/support/pages/node/1072860>) | Not affected | Liberty \n| CVE-2019-9515 | 7.5 | [Denial of Service](<https://www.ibm.com/support/pages/node/1072860>) | Not affected | Liberty \n| CVE-2019-9514 | 7.5 | [Denial of Service](<https://www.ibm.com/support/pages/node/1072860>) | Not affected | Liberty \n| CVE-2019-9513 | 7.5 | [Denial of Service](<https://www.ibm.com/support/pages/node/1072860>) | Not affected | Liberty \n| CVE-2019-9512 | 7.5 | [Denial of Service](<https://www.ibm.com/support/pages/node/1072860>) | Not affected | Liberty \n| CVE-2019-4732 | 7.2 | [IBM Java SDK for January 2020 CPU](<https://www.ibm.com/support/pages/node/1289194>) | Not affected | 9.0,8.5,Liberty \n| CVE-2019-4720 | 7.5 | [Denial of Service](<https://www.ibm.com/support/pages/node/1285372>) | Not affected | 9.0, 8.5, 8.0, 7.0 Liberty \n| CVE-2019-4670 | 6.5 | [Information Disclosure](<https://www.ibm.com/support/pages/node/1289152>) | Not affected | 9.0,8.5,8.0,7.0 \n| CVE-2019-4663 | 5.4 | [Cross-site scripting](<https://www.ibm.com/support/pages/node/1127367>) | Not affected | Liberty \n| CVE-2019-4505 | 3.7 | [Information Disclosure](<https://www.ibm.com/support/pages/node/964766>) | Not affected | 9.0, 8.5, 7.0Virtual Enterprise \n| CVE-2019-4477 | 5.3 | [Information Disclosure](<https://www.ibm.com/support/pages/node/960290>) | Not affected | 9.0, 8.5, 8.0, 7.0 \n| CVE-2019-4442 | 4.3 | [Path Traversal](<https://www.ibm.com/support/pages/node/959021>) | Not affected | 9.0, 8.5, 8.0, 7.0 \n| CVE-2019-4441 | 5.3 | [Information disclosure](<https://www.ibm.com/support/pages/node/959023>) | Not affected | 9.0, 8.5, 8.0, 7.0 Liberty \n| CVE-2019-4305 | 5.3 | [Information disclosure](<https://www.ibm.com/support/pages/node/960171>) | Not affected | Liberty \n| CVE-2019-4304 | 6.3 | [Bypass security](<https://www.ibm.com/support/pages/node/960171>) | Not affected | Liberty \n| CVE-2019-4285 | 5.4 | [Clickjacking vulnerability](<https://www-01.ibm.com/support/docview.wss?uid=ibm10884064>) | Not affected | Liberty \n| CVE-2019-4279 | 9.0 | [Remote Code Execution](<https://www-01.ibm.com/support/docview.wss?uid=ibm10883628>) | Not affected | 9.0, 8.5, 7.0Virtual Enterprise \n| CVE-2019-4271 | 3.5 | [HTTP Parameter Pollution](<https://www.ibm.com/support/pages/node/884040>) | Not affected | 9.0, 8.5, 7.0Virtual Enterprise \n| CVE-2019-4270 | 5.4 | [Cross-site scripting](<https://www.ibm.com/support/pages/node/884036>) | Not affected | 9.0, 8.5, 8.0, 7.0 \n| CVE-2019-4269 | 5.3 | [Information Disclosure](<https://www-01.ibm.com/support/docview.wss?uid=ibm10884032>) | Not affect