Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to Cryptographic Weakness in IBM Liberty Server ( CVE-2020-36732)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the cryptographic weakness vulnerability Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an intege...

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to bypass of Trust Restrictions due to Eclipse Jersey

Summary A race condition in Eclipse Jersey can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. IBM Sterling Secure Proxy has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: I...

EUVD-2025-25217

Malicious code in bioql PyPI...

Security Bulletin: AS4 of the IBM Stelring B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting (CVE-2025-33008)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the cross-site scripting security vulnerability Vulnerability Details CVEID:CVE-2025-33008 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows an...

Security Bulletin: IBM Sterling Control Center is vulnerable to denial of service due to Java SE (CVE-2023-21830, CVE-2023-21843)

Summary IBM Sterling Control Center uses Java SE. Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a denial of service resulting in a low integrity impact using unknown...

Security Bulletin: IBM Sterling Control Center is vulnerable to security bypass due to Eclipse Openj9 (CVE-2022-3676)

Summary IBM Sterling Control Center uses Eclipse Openj9 which could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. The issue has been addressed. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allo...

Security Bulletin: IBM Sterling Control Center is vulnerable to remote attack on MQXR service due to IBM WebSphere MQ (CVE-2015-4943)

Summary IBM WebSphere MQ is used by IBM Sterling Control Center. IBM WebSphere MQ could allow a remote attacker to crash the MQXR service, and the issue has been addressed. Vulnerability Details CVEID: CVE-2015-4943 DESCRIPTION: IBM WebSphere MQ could allow a remote attacker to crash the MQXR...

Security Bulletin: IBM Sterling Control Center is vulnerable to a denial of service vulnerability due to Apache Xerces2 Java XML Parser (CVE-2022-23437)

Summary Apache Xerces2 Java XML Parser is used by IBM Sterling Control Center. A denial of service vulnerability in Apache Xerces2 Java XML Parser has been addressed. Vulnerability Details CVEID: CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caus...

Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-35578)

Summary A maliciously crafted TLS 1.3 ClientHello packet can trigger a NullPointerException and an SSLException instead ofbeing rejected gracefully. The fix ensures that the invalid data is rejected gracefully. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified vulnerability ...

Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling Control Center (CVE-2021-44228)

Summary Apache Log4j is used by IBM Sterling Control Center. This bulletin provides fixes for the reported CVE-2021-44228 and work around mitigation. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused...

Cordaware bestinformed has an unspecified vulnerability.

Cordaware bestinformed is a mass notification system from the German company Cordaware. A security vulnerability exists in the Cordaware bestinformed Windows client prior to version 6.2.1.0, which stems from an insecure SSL certificate inspection and access mode. A remote attacker could exploit t...

ZH Yandex Map, 6.2.1.0, SQL Injection

ZH Yandex Map from zhuk.cc, versions 6.2.1.0 and previous, SQL Injection Resolution: update to version 6.3.1.0 Update notice: http://zhuk.cc/2018/02/21/zh-yandexmap-security-update-2/...

ZhandexMap SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other functions.Zh YandexMap is used in one of the distribution of maps through the Yandex Maps service component . A SQL injection...