Security Bulletin: The B2B API of the IBM Stelring B2B Integrator and IBM Sterling File Gateway are Vulnerable to Denial of Service (CVE-2025-23184)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the denial of service security vulnerability Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service (CVE-2022-34335)

Summary IBM Sterling Partner Engagement Manager has addressed a vulnerablity in the PCM APIs. Vulnerability Details CVEID:CVE-2022-34335 DESCRIPTION: IBM Sterling Partner Engagement Manager could allow a an authenticated user to exhaust server resources which could lead to a denial of service. CV...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to cross-site scripting due to Apache Tomcat (CVE-2022-34305)

Summary IBM Sterling Partner Engagement Manager has addressed a vulnerability published by Apache Tomcat for cross-site scripting. Vulnerability Details CVEID:CVE-2022-34305 DESCRIPTION: Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A...

CVE-2017-14370

RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application...

CVE-2017-14370

RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application...

Cross site scripting

RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application...

CVE-2017-14369

RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records...

CVE-2017-14371

RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application...

CVE-2017-8016

RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting (XSS) via the Questionnaire ID field, allowing an authenticated attacker to execute arbitrary HTML in the user’s browser session. The issue is addressed in version 6.2.0.5 (per Nessus advisory), which also notes m...

CVE-2017-14369

CVE-2017-14369 affects the RSA Archer GRC Platform prior to version 6.2.0.5. A low privileged user may exploit a privilege escalation vulnerability to elevate privileges and export certain application records. The provided documents do not specify the exact root cause or exploit details. A remedi...

CVE-2017-14371

CVE-2017-14371 affects RSA Archer GRC Platform before 6.2.0.5. The issue is a reflected cross-site scripting vulnerability via the request URL, allowing an attacker to cause arbitrary HTML execution in the user’s browser within the affected RSA Archer application. The connected sources corroborat...