47 matches found
Security Bulletin: IBM Content Navigator is affected by JDOM
Summary IBM Content Navigator is affected by CVE-2021-33813, an XML External Entity XXE injection vulnerability CWE-611 in the SAXBuilder component of the JDOM library through version 2.0.6. A remote attacker could exploit this via a crafted HTTP request to cause a denial of service condition. Th...
Security Bulletin: Vulnerabilities in SAXBuilder affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in SAXBuilder has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: An XX...
TencentOS Server 3: jdom2 (TSSA-2022:0275)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0275 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Amazon Linux 2022 : jdom, jdom-demo, jdom-javadoc (ALAS2022-2022-010)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-010 advisory. An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. CVE-2021-33813 Tenable has extracted the preceding description block directly...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Jdom-1.0
Summary A vulnerability has been identified in Jdom version 1.0, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a...
Security Bulletin: Potential denial of service vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2021-33813)
Summary An XXE issue allows attacker to cause denial of service in Apache Solr. Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By sending a specially-crafted HTTP request, a remote attacker could exploit thi...
SUSE: Security Advisory (SUSE-SU-2024:1874-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:1871-1 Security update for jdom
This update for jdom fixes the following issues: - CVE-2021-33813: Fixed possible denial-of-service XXE issue in SAXBuilder via a crafted HTTP request bsc1187446...
Security Bulletin: Multiple vulnerabilities affect embedded rules in IBM Business Automation Workflow
Summary Embedded rules in IBM Business Automation Workflow are affected by multiple vulnerabilities. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code o...
Security Bulletin: XML External Entity injection vulnerability in jdom may affect custom apps in IBM Business Automation Workflow - CVE-2021-33813
Summary IBM Business Automation Workflow packages jdom. An XML External Entity XXE injection vulnerability was reported for jdom: Due to insecure default settings in jdom, a careless client application may fail to disable XML External Entity expansion features in the XML parser used by the librar...
Security Bulletin: ITCAM for Transactions affected by the Security vulnerability CVE-2021-33813 found in jdom-1.0.jar
Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following jdom-1.0.jar vulnerability and updated jdom.jar from version 1.0 to 2.0.6.1 Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a denial of service,...
Security Bulletin: IBM App Connect Enterprise toolkit and IBM Integration Bus toolkit are vulnerable to a local authenticated attacker and a denial of service due to Guava and JDOM (CVE-2023-2976, CVE-2021-33813).
Summary IBM App Connect Enterprise toolkit and IBM Integration Bus toolkit are vulnerable to a local authenticated attacker and a denial of service due to Guava and JDOM CVE-2023-2976, CVE-2021-33813. The resolving fixes include Guava version =32.1.1 & JDOM version =2.0.6.1 Vulnerability Details...
Medium: jdom
Issue Overview: An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. CVE-2021-33813 Affected Packages: jdom Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...
Amazon Linux 2023 : jdom, jdom-demo, jdom-javadoc (ALAS2023-2023-014)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-014 advisory. An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. CVE-2021-33813 Tenable has extracted the preceding description block directly...
Security Bulletin: A denial of service vulnerability in JDOM affects IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Virtual Environments and IBM Spectrum Protect for Space Management (CVE CVE-2021-33813)
Summary IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Virtual Environments Data Protection for Microsoft Hyper-V and Data Protection for VMware and IBM Spectrum Protect for Space Management can be affected by a vulnerability in JDOM. The vulnerability can lead to a denial o...
SUSE CVE-2021-33813
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request...
EulerOS 2.0 SP3 : jdom (EulerOS-SA-2022-2618)
According to the versions of the jdom package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. CVE-2021-33813 Note that...
SUSE SLES15 Security Update : jdom (SUSE-SU-2022:3547-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3547-1 advisory. - CVE-2021-33813: Fixed XXE issue in SAXBuilder can cause a denial of service via a crafted HTTP request bsc1187446. Tenable has extracted t...
SUSE-SU-2022:3547-1 Security update for jdom
This update for jdom fixes the following issues: - CVE-2021-33813: Fixed XXE issue in SAXBuilder can cause a denial of service via a crafted HTTP request bsc1187446...
Security Bulletin: A security vulnerability has been identified in JDOM shipped with IBM Tivoli Netcool Impact (CVE-2021-33813)
Summary JDOM is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting JDOM has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By...