Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM CICS Transaction Gateway (CVE-2023-50310, CVE-2023-50311)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM CICS Transaction Gateway. This bulletin identifies the steps to take to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-50310 DESCRIPTION: IBM CICS...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote attacker (CVE-2020-11022)

Summary There is a vulnerability in jQuery used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting,...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-34103)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-34100)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

zfr authentication adapter did not verify validity of tokens

Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a release 0.1.2, tokens weren't checked for validity/expiration. This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication credentials...

CVE-2024-22345

IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192...

RHEL 5 : mutt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mutt: buffer overflow via base64 data CVE-2018-14359 - An issue was discovered in Mutt before 1.10.1 and...

PT-2024-19353 · Ibm · Ibm Txseries For Multiplatforms

Name of the Vulnerable Software and Affected Versions: IBM TXSeries for Multiplatforms version 8.2 Description: The issue concerns the transmission or storage of authentication credentials using an insecure method, making them susceptible to unauthorized interception and/or retrieval...

Security Bulletin: IBM TXSeries for Multiplatforms is vulnerable to multiple security vulnerabilities in the Administration Console shipped with the product (CVE-2024-22344, CVE-2024-22345 and CVE-2024-22343).

Summary There are vulnerabilities in the Administration console shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has been updated to address the applicable issues. Vulnerability Details CVEID:CVE-2024-22343 DESCRIPTION: IBM TXSeries for Multiplatforms allows web pages...

Security Bulletin: There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-23635)

Summary There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-23635 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...

DerbyNet racerid parameter cross-site scripting vulnerability

DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet racerid parameter due to improper validation of user-supplied input in the photo-thumbs.php script. An attacker could use this vulnerability to steal the victim's cookie-based...

DerbyNet . /inc/kiosks.inc Script Cross-Site Scripting Vulnerability

DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet . /inc/kiosks.inc script suffers from a cross-site scripting vulnerability that can be exploited by an attacker to steal a victim's cookie-based authentication credentials...

WonderCMS Home Page Cross-Site Scripting Vulnerability

WonderCMS is an open source PHP-based content management system CMS. A cross-site scripting vulnerability exists in WonderCMS v3.4.3, which stems from the lack of effective filtering and escaping of user-supplied data on the Home page, and can be exploited by an attacker to steal the victim's...

Security Bulletin: Multiple vulnerabilities in Dojo toolkit shipped with IBM WebSphere eXtreme Scale Liberty Deployment and eXtremescale Client

Summary Dojo toolkit is used for UI in IBM WebSphere eXtreme Scale Liberty Deployment and eXtremescale Client. These vulnerabilities are reported in Dojo toolkit CVE-2019-10785, CVE-2018-6561, CVE-2020-4051, CVE-2018-15494, CVE-2020-5259. Vulnerability Details CVEID:CVE-2019-10785 DESCRIPTION:...

DerbyNet 安全漏洞

DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet . /inc/kiosks.inc script suffers from a cross-site scripting vulnerability that can be exploited by an attacker to steal a victim's cookie-based authentication credentials...

Apache Solr Operator 日志信息泄露漏洞

Apache Solr is a search server based on Lucene a full-text search engine from the Apache Foundation. The product supports hierarchical search, vertical search, highlighting of search results, and more. A log information disclosure vulnerability exists in Apache Solr Operator versions 0.3.0 throug...

CVE-2024-31873

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317...

Security Bulletin: Vulnerabilities in cryptography and Jinja [CVE-2023-50782, CVE-2024-22195]

Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in cryptography and Jinja which include obtain sensitive information and cross-site scripting, as described by the CVEs in the "Vulnerability Details" section. These vulnerabilities have...

SUSE-SU-2024:1119-1 Security update for gradle, gradle-bootstrap

This update for gradle, gradle-bootstrap fixes the following issues: - CVE-2021-29429: Fixed information disclosure through temporary directory permissions bsc1184799. - CVE-2019-15052: Fixed authentication credentials disclosure bsc1145903. gradle: - Fixed RPM package building issues due to...

Security Bulletin: Cross-Site scripting vulnerability in ESAPI may affect IBM Business Automation Workflow - IBM X-Force ID: 273485

Summary IBM Business Automation Workflow is vulnerable to a Cross-Site scripting attack. Vulnerability Details IBM X-Force ID: 273485 DESCRIPTION: Enterprise Security API for Java is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...