41 matches found
Security Updates for Azure CycleCloud (July 2024)
The Azure CycleCloud product is missing security updates. It is, therefore, affected by an elevation of privilege vulnerability. The attacker who successfully exploited this vulnerability could elevate privileges to the SuperUser role in the affected Azure CycleCloud instance. To exploit this...
Oracle Business Intelligence Enterprise Edition (OAS 7.0) (January 2024 CPU)
The version of Oracle Business Intelligence Enterprise Edition OAS 7.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product o...
Oracle Application Testing Suite DoS (October 2023 CPU)
The version of Oracle Application Testing Suite installed on the remote host is affected by a denial of service vulnerability as referenced in the October 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for We...
Critical Security Vulnerabilities Discovered in Atlassian Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Atlassian have revealed the existence of several security vulnerabilities, namely CVE-2022-25647, CVE-2023-22512, CVE-2023-22513, and CVE-2023-28709, which affect their products. These...
Atlassian JIRA Service Desk < 4.20.25 / 5.3.x < 5.4.9 / 5.9.x < 5.9.2 / 5.10.x < 5.10.1 (JSDSERVER-14007)
The version of Atlassian JIRA Service Desk Server running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14007 advisory. - The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace method in intern...
Security Bulletin: IBM Cloud Pak for Network Automation 2.6 addresses multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.6 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the...
Oracle Java SE Multiple Vulnerabilities (July 2022 CPU update) CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-25647 CVE-2022-34169
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory: - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot...
Security Bulletin: Vulnerability in Google gson 2.2.4 libraries (CVE-2022-25647) affects IBM Operations Analytics Predictive Insights
Summary IBM Operations Analytics Predictive Insights uses Google gson libraries for serialization/deserialization of objects in REST mediation service. A security vulnerability in versions prior to gson 2.8.9. could be exploited to compromise Operations Analytics Predictive Insights services...
Security Bulletin: IBM Storage Protect is vulnerable to a denial of service attack due to Google Gson (CVE-2022-25647)
Summary IBM Spectrum Protect is uses Google Gson for object serialization and is vulnerable to this attack. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace method, ...
Security Bulletin: Vulnerability from Google Gson affect IBM Operations Analytics - Log Analysis (CVE-2022-25647)
Summary Google Gson shipped with Log Analysis is vulnerable to denial of service Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace method, a remote attacker could...
Security Bulletin: Vulnerability in gson-2.8.0.jar affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)(CVE-2022-25647).
Summary The gson-2.8.0.jar package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVECVE-2022-25647 Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserializatio...
Security Bulletin: IBM Security Guardium is affected by a denial of service vulnerability (CVE-2022-25647)
Summary IBM Security Guardium has fixed this vulnerability. Please update your product as detailed below. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace method, a...
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to Google Gson (CVE-2022-25647)
Summary IBM Sterling B2B Integrator has addressed a denial of service vulnerability in Google Gson. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace method, a remote...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Google Gson denial of service vulnerabilities ( CVE-2022-25647, ID217225)
Summary Potential denial of service vulnerabilities in Google gson , CVE-2022-25647, ID217225 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands that use the JDBC connector may be vulnerable to denial of service due to CVE-2022-25647
Summary Google Gson is used by IBM App Connect Enterprise Certified Container in the JDBC connector. IBM App Connect Enterprise Certified Container IntegrationServer operands that use the JDBC connector may be vulnerable to denial of service. This bulletin provides patch information to address th...
SUSE-SU-2022:3706-1 Security update for google-gson
This update for google-gson fixes the following issues: Fixed security issue: - CVE-2022-25647: Deserialization of Untrusted Data bsc1199064 Other non security fixes: - Build with Java = 9 in order to produce a modular jar by compiling the module-info.java sources with all other classes built wit...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Oracle has fixed vulnerabilities in the...
Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.2.0 release and security update
Red Hat AMQ Streams 2.2.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Updated google-gson packages fix security vulnerability
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes, which may lead to DoS attacks. CVE-2022-25647...
[SECURITY] [DSA 5227-1] libgoogle-gson-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5227-1 [email protected] https://www.debian.org/security/ Markus Koschany September 07, 2022 https://www.debian.org/security/faq -...