Security Bulletin: IBM Sterling Connect:Direct Browser User Interface has multiple vulnerabilities due to IBM Java

Summary Sterling Connect:Direct Browser User Interface uses IBM® Runtime Environment Java™ Versions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM compone...

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to server-side request forgery due to Eclipse Jetty (261776)

Summary IBM Sterling Connect:Direct Browser User Interface uses Eclipse Jetty server. Vulnerability Details IBM X-Force ID: 261776 DESCRIPTION: Eclipse Jetty is vulnerable to server-side request forgery, caused by improper handling of XML external entity XXE declarations by the XmlParser. By...

CVE-2021-20560

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and...

CVE-2021-34555

OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a multi-value From header field...

CVE-2021-34555

OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a multi-value From header field...