Security Bulletin: due to the use of Apache Commons IO, IBM Transformation Extender Advanced is vulnerable to excessive CPU consumption

Summary Apache Commons IO is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of .... CVE-2024-47554 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

Security Bulletin: IBM DataPower Gateway vulnerable to XSS

Summary IBM has addressed the following CVEs Vulnerability Details CVEID:CVE-2022-32750 DESCRIPTION: IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to...

CVE-2022-31776

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network...

Security Bulletin: IBM DataPower Gateway affected by multiple vulnerabilities in Java

Summary While core IBM DataPower Gateway does not use Java, certain components shipped with IDG may be vulnerable. IBM has addressed the CVEs. Vulnerability Details CVEID:CVE-2022-21434 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an...

CVE-2022-31775

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or...

Security Bulletin: IBM DataPower Gateway potentially vulnerable to DNS spoofing

Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2021-22931 DESCRIPTION: Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An attacker could exploit this vulnerability to cause output of wrong hostnames...

Code injection

IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. IBM X-Force ID: 208348...

Security Bulletin: IBM DataPower Gateway vulnerable to temporary DoS

Summary IBM has addressed the CVEs Vulnerability Details CVEID: CVE-2022-22356 DESCRIPTION: IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487. CVSS Base score: 5...

CVE-2021-39070

IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353...

IBM Security Verify Access 安全漏洞

IBM Security Verify Access ISAM is a service from IBM USA that improves user access security. IBM Security Verify Access versions 10.0.0.0, 10.0.1.0 and 10.0.2.0 have a security vulnerability that could be exploited by an attacker to authenticate as any user on the system authenticate as any user...

CVE-2021-38894

CVE-2021-38894 affects IBM Security Verify Access/Verify (10.0.0.x). Information disclosure occurs when a detailed technical error message is returned in a browser, allowing remote attackers to obtain sensitive information that could aid further attacks. Public sources confirm the issue is tied t...