Security Bulletin: Due to the use of jetty IBM webMethods BPM is vulnerable to multiple vulnerabilities

Summary IBM webMethods BPM is dependant on jetty which is affected by known vulnerabilities CVE-2019-17638, CVE-2020-27218, CVE-2021-28169, CVE-2021-34428, CVE-2022-2047, CVE-2023-26048, CVE-2023-26049, CVE-2024-13009, CVE-2024-8184 Vulnerability Details CVEID:CVE-2019-17638 DESCRIPTION: In Eclip...

Security Bulletin: Due to the use of jetty IBM webMethods BPM is vulnerable to multiple vulnerabilities

Summary IBM webMethods BPM is dependant on jetty which is affected by known vulnerabilities CVE-2020-27223, CVE-2021-28169, CVE-2022-2047, CVE-2023-26049, CVE-2023-36478, CVE-2023-40167 Vulnerability Details CVEID:CVE-2020-27223 DESCRIPTION: In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114...

CVE-2025-28169

BYD QIN PLUS DM-i Dilink OS v3.013.1.7.2204050.1 to v3.013.1.7.2312290.10 was discovered to cend broadcasts to the manufacturer's cloud server unencrypted, allowing attackers to execute a man-in-the-middle attack...

CVE-2025-28169

BYD QIN PLUS DM-i Dilink OS v3.013.1.7.2204050.1 to v3.013.1.7.2312290.10 was discovered to cend broadcasts to the manufacturer's cloud server unencrypted, allowing attackers to execute a man-in-the-middle attack...

CVE-2025-28169

creationtimestamp| type| source ---|---|--- 2025-04-23 04:57:33+00:00| seen| https://gist.github.com/rainymode/bfd976ecbe0d0b776fd930375156c19c 2025-04-24 00:31:15+00:00| seen| https://t.me/cvedetector/23622 2025-04-24 15:48:27+00:00| seen|...

CVE-2025-28169

BYD QIN PLUS DM-i Dilink OS versions v3.0_13.1.7.2204050.1 through v3.0_13.1.7.2312290.1_0 send broadcasts to the manufacturer’s cloud server unencrypted. This enables a network-level attacker to perform a man-in-the-middle attack, compromising confidentiality, integrity, and availability. The CV...

CVE-2025-28169

BYD QIN PLUS DM-i Dilink OS v3.013.1.7.2204050.1 to v3.013.1.7.2312290.10 was discovered to cend broadcasts to the manufacturer's cloud server unencrypted, allowing attackers to execute a man-in-the-middle attack...

CVE-2025-28169

BYD QIN PLUS DM-i Dilink OS v3.013.1.7.2204050.1 to v3.013.1.7.2312290.10 was discovered to cend broadcasts to the manufacturer's cloud server unencrypted, allowing attackers to execute a man-in-the-middle attack...

Security Bulletin: Several Security Vulnerabilities were discovered in IBM Security Directory Suite

Summary Several Security Vulnerabilities in the IBM Security Directory Integrator and Eclipse Jetty were addressed in the IBM Security Directory Suite. Vulnerability Details CVEID:CVE-2022-32759 DESCRIPTION: IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0...

CVE-2024-28169

Cleartext transmission of sensitive information for some BigDL software maintained by IntelR before version 2.5.0 may allow an authenticated user to potentially enable denial of service via adjacent access...

Security Bulletin: Multiple security vulnerabilities in Eclipse Jetty affect IBM Security Directory Integrator

Summary The IBM Security Directory Integrator was vulnerable to multiple security vulnerabilities in the Eclipse Jetty component. This was addressed in version 10 of the IBM Security Directory Integrator. Vulnerability Details CVEID:CVE-2017-9735 DESCRIPTION: Jetty could allow a remote attacker t...

Statement on Jetty vulnerabilities in Brocade SANav

A Security Researcher performing penetration testing raises CVEs in the Jetty version used by Brocade SANnav v2.1.1. Brocade Statement All supported versions of Brocade SANnav do not directly use Jetty. The code is present within some versions of the SANnav product as it is contained within other...

Medium: jetty

Issue Overview: For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. Thi...

Amazon Linux 2 : jetty (ALAS-2024-2408)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2408 advisory. For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example...

Security Bulletin: Multiple Eclipse Jetty Vulnerabilities Affect IBM Analytic Accelerator Framework for Communication Service Providers & IBM Customer and Network Analytics

Summary Eclipse Jetty is used in the solution's microservices bis, auth, analytics, cna as the engine of the HTTP server, underpinning APIs and UI. Several CVEs were found in the version used. These vulnerabilities are addressed. Vulnerability Details CVEID:CVE-2021-28169 DESCRIPTION: Eclipse Jet...

CVE-2023-28169

creationtimestamp| type| source ---|---|--- 2023-05-08 16:51:27+00:00| seen| Telegram/h6OiP07vGyBylBv48fVQAdrLvTzLKtpTKllD993z3qg7wY4...

CVE-2023-28169

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in CoreFortress Easy Event calendar plugin = 1.0 versions...

CVE-2023-28169 WordPress Easy Event calendar Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in CoreFortress Easy Event calendar plugin = 1.0 versions...

CVE-2023-28169

CVE-2023-28169 affects the WordPress plugin CoreFortress Easy Event calendar (versions

CVE-2023-28169 WordPress Easy Event calendar Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in CoreFortress Easy Event calendar plugin = 1.0 versions...