46 matches found
Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Json-smart
Summary A vulnerability has been identified in Json-smart library, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION:Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON...
json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)
A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370...
RHEL 9 : Red Hat Product OCP Tools 4.17 OpenShift Jenkins (RHSA-2025:10097)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10097 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by...
ai.ancf.lmos:arc-runner (>=0.1.1 <=0.120.0), ai.bizone:json-transform (>=1.0.0 <=1.16.0) +5216 more potentially affected by CVE-2023-1370 +1 more via net.minidev:json-smart (>=2.5.0 <=2.5.1)
net.minidev:json-smart MAVEN version =2.5.0, =0.1.1, =1.0.0, =0.6.0, =0.5.0, =0.7.0, =3.10.0.5, =0.5.0, =0.1.0, =1.5.3.RELEASE, =1.5.4.RELEASE, =1.5.4.RELEASE, =2.0.0, =1.3.3, =1.4.0 and more Source cves: CVE-2023-1370, CVE-2024-57699 Source advisory: OSV:GHSA-PQ2G-WX69-C263...
Netplex Json-smart Uncontrolled Recursion vulnerability
A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service DoS. This issue exists because of an incomplete fix for...
Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 2.7.0 release and security update
Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
RHEL 8 : OpenShift Container Platform 4.10.61 (RHSA-2023:3362)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3362 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud...
RHCOS 4 : OpenShift Container Platform 4.10.61 (RHSA-2023:3362)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3362 advisory. - json-smart: Uncontrolled Resource Consumption vulnerability in json-smart Resource Exhaustion CVE-2023-1370 Note that Nessus has not tested...
Security Bulletin: There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-1471, CVE-2023-1370 and CVE-2021-42550)
Summary There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the syste...
Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access.
Summary There were multiple Security Vulnerabilities that were reported against IBM Security Verify Access. These have been addressed in IBM Security Verify Access 10.0.7.0 Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is vulnerable to a denial of service, caused by stack-based...
Moderate: Red Hat Security Advisory: AMQ Clients 2023.Q4
An update is now available for Red Hat AMQ Clients Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Reference...
Security Bulletin: mas-data-dictionary-lib-1.0.3.jar is vulnerable to CVE-2022-1471, CVE-2023-1370, and PRISMA-2023-0067 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses mas-data-dictionary-lib-1.0.3.jar which is vulnerable to CVE-2022-1471, CVE-2023-1370, and PRISMA-2023-0067. Vulnerability Details CVEID: CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute...
Security Bulletin: IBM Spectrum Symphony with json-smart-v2 is vulnerable to a denial of service
Summary IBM Spectrum Symphony with json-smart-v2 is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a...
Security Bulletin: Mutiple Vulnerabilties Affecting IBM Watson Machine Learning Accelerator
Summary IBM Watson Machine Learning Accelerator 1.2.x is vulnerable to several vulnerabilities coming from dependent compoents. These are addressed. Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input...
Security Bulletin: netplex json-smart-v2 component is vulnerable to CVE-2023-1370 is used by IBM Maximo Application Suite
Summary IBM Maximo Application Suite uses netplex json-smart-v2 package which is vulnerable to CVE-2023-1370. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a...
Oracle Primavera Unifier (Jul 2023 CPU)
The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Security-in-Depth issue in the Primavera Unifier product of Oracle Construction and Engineering component: User Interface JSZip. This vulnerabilit...
Security Bulletin: Netplex json-smart-v2 is vulnerable to CVE-2023-1370 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses Netplex json-smart-v2 which is vulnerable to CVE-2023-1370. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By...
Oracle Primavera Gateway (Jul 2023 CPU)
The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin Apache Commons Net. Supported versions that...
Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in netplex json-smart-v2 (CVE-2023-1370)
Summary A denial of service vulnerability in netplex json-smart-v2 used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to netplex json-smart-v2 denial of service vulnerability( CVE-2023-1370)
Summary Potential netplex json-smart-v2 denial of service vulnerability CVE-2023-1370 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is...