Security Bulletin: Due to the use of jetty IBM webMethods BPM is vulnerable to multiple vulnerabilities

Summary IBM webMethods BPM is dependant on jetty which is affected by known vulnerabilities CVE-2020-27223, CVE-2021-28169, CVE-2022-2047, CVE-2023-26049, CVE-2023-36478, CVE-2023-40167 Vulnerability Details CVEID:CVE-2020-27223 DESCRIPTION: In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114...

K000157844: Jetty vulnerabilities CVE-2023-36478, CVE-2024-6763, CVE-2023-26049, CVE-2024-8184, and CVE-2023-41900

Security Advisory Description CVE-2023-36478 Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size...

Security Bulletin: Multiple Vulnerabilities in IBM StreamSets Data Collector

Summary Multiple vulnerabilities were addressed in IBM StreamSets Data Collector version 6.4.0 Vulnerability Details CVEID:CVE-2019-19135 DESCRIPTION: In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua...

TencentOS Server 4: jetty (TSSA-2025:0390)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0390 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-36478]

Summary The jetty-http package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEsCVE-2023-36478 Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow...

Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2023-36478].

Summary The jetty-http package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2023-36478. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow...

Security Bulletin: Vulnerability in jetty-http affects IBM Integrated Analytics System[CVE-2023-36478]

Summary The jetty-http package is used by IBM Integrated Analytics System. IBM Integrated Anayltics System has addresed the applicable CVE CVE-2023-36478. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and...

Security Bulletin: Vulnerabilities Addressed in IBM Tivoli Network Manager IP Edition (ITNM) version 4.2 Fix Pack 20 (4.2.0.20)

Summary Multiple vulnerabilities were addressed in ITNM version 4.2 Fix Pack 20 4.2.0.20 Vulnerability Details CVEID:CVE-2024-23944 DESCRIPTION: Apache ZooKeeper could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in persistent watchers handling. By...

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM watsonx.data

Summary Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in MetaDataBuilder.checkSize. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. This can affect...

Important: Red Hat Security Advisory: Red Hat Fuse 7.13.0 release and security update

Red Hat Fuse 7.13.0 release is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...

Atlassian Confluence < 7.19.20 / 7.20.x < 8.5.7 (CONFSERVER-94843)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-94843 advisory. - Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, a...

Security Bulletin: A security vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2023-36478)

Summary There is a potential denial of service in Eclipse Jetty that is used by Apache Solr shipped with IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer...

Security Bulletin: IBM Event Streams is vulnerable to a denial of service due to the Eclipse Jetty component (CVE-2023-36478).

Summary IBM Event Streams is vulnerable to a denial of service DoS due to the Eclipse Jetty component. Eclipse Jetty provides a Web server and javax. servlet container, plus support for Web Sockets, OSGi, JMX, JNDI, JASPI, AJP and many other integrations. Vulnerability Details CVEID:CVE-2023-3647...

openSUSE: Security Advisory for jetty (SUSE-SU-2023:4210-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-36478

creationtimestamp| type| source ---|---|--- 2024-02-07 17:16:54+00:00| seen| https://t.me/ctinow/180831...

Security Bulletin: There is a vulnerability in jetty-http-9.4.51.v20230217.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-40167 and CVE-2023-36478)

Summary There is a vulnerability in jetty-http-9.4.51.v20230217.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header...

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow a...

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining CVE-2023-36478

Summary There is a vulnerability in Eclipse Jetty that could allow an remote attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

Security Bulletin: IBM InfoSphere Information Server is affected by Eclipse Jetty vulnerability (CVE-2023-36478)

Summary A vulnerability in Eclipse Jetty used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in MetaDataBuilder.checkSize. By sendin...

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty.

Summary IBM Sterling Connect:Direct Browser User Interface uses Jetty server. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in MetaDataBuilder.checkSize. By sending a specially crafte...