Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to cross-site scripting ( CVE-2022-46771 )

Summary IBM UrbanCode Deploy UCD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details...

Security Bulletin: TADDM Web UI security vulnerabilities (CVE-2012-5939,CVE-2012-5942)

Abstract IBM Tivoli Application Dependency Discovery Manager has security vulnerabilities in Web User Interface Data Management Portal Content VULNERABILITY DETAILS: CVEID: CVE-2012-5939 DESCRIPTION: IBM Tivoli Application Dependency Discovery Manager is vulnerable to cross-site scripting, caused...

CVE-2022-35716

IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360...

Security Bulletin: CVE-2021-29711 Agent Upgrade through CLI requires inconsistent permission.

Summary Security Bulletin: CVE-2021-29711 Agent Upgrade through CLI requires inconsistent permission set with UI. Vulnerability Details CVEID: CVE-2021-29711 DESCRIPTION: IBM UrbanCode Deploy UCD could allow an authenticated user with certain permissions to initiate an agent upgrade through the C...

Security Bulletin: Vulnerability in Node.js affects IBM DataPower Gateways (CVE-2017-11499)

Summary Potential Denial of Service in Node.js. IBM DataPower Gateways has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-11499 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by a flaw related to constant HashTable seeds. A remote attacker could exploit thi...