Security Bulletin: Due to use of Eclipse Jersey, IBM Sterling External Authentication Server is affected by unauthorized trust in insecure servers.

Summary IBM Sterling External Authentication Server is affected by a vulnerability in Eclipse Jersey and it is addressed in the latest fixpack Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL...

EUVD-2025-199014

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Incorrect Access Control, leading to Remote Information Disclosure...

EUVD-2025-199015

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to disclose user hashes...

CVE-2025-54347

A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain conditions...

CVE-2025-54563

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Incorrect Access Control, leading to Remote Information Disclosure...

CVE-2025-54341

A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There are Hard-coded configuration values...

CVE-2025-54563

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Incorrect Access Control, leading to Remote Information Disclosure...

CVE-2025-54338

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to disclose user hashes...

CVE-2025-54338

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to disclose user hashes...

Desktop Alert PingAlert 安全漏洞

Desktop Alert PingAlert is a network status monitoring tool from Desktop Alert USA. A security vulnerability exists in Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2, which originates from a directory traversal and could result in writing to arbitrary files...

CVE-2025-54341

A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There are Hard-coded configuration values...

CVE-2025-54338

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to disclose user hashes...

Desktop Alert PingAlert 安全漏洞

Desktop Alert PingAlert is a network status monitoring tool from Desktop Alert USA. A security vulnerability exists in Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2, which stems from improper access control and could lead to remote information disclosure...

Desktop Alert PingAlert 安全漏洞

Desktop Alert PingAlert is a network status monitoring tool from Desktop Alert USA. A security vulnerability exists in Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2, which stems from the presence of hard-coded configuration values...

CVE-2025-54347

A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain conditions...

CVE-2025-54347

A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain conditions...

CVE-2025-54563

CVE-2025-54563 affects Desktop Alert PingAlert, with the Application Server vulnerable to an Incorrect Access Control flaw in versions 6.1.0.11–6.1.1.2, leading to remote information disclosure. The NVD/CERT-style metrics show CVSS v3.1 base score 7.5 (HIGH), attack vector NETWORK, attack complex...

CVE-2025-54346

A Reflected Cross Site Scripting XSS vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information...

CVE-2025-54343

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges...

EUVD-2025-197637

A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is a Broken or Risky Cryptographic Algorithm...