15 matches found
CVE-2023-35887 vulnerabilities
Vulnerabilities for packages: hadoop-fips...
Security Bulletin: IBM B2B Sterling Integrator is affected by Apache MINA SSHD vulnerability to information disclosure (CVE-2023-35887)
Summary IBM B2B Sterling Integrator is affected by Apache MINA SSHD vulnerability to information disclosure. Vulnerability Details CVEID:CVE-2023-35887 DESCRIPTION: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.1 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.1 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.1 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 (RHSA-2023:7639)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7639 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
at.crea-doo.util.toughswitch:toughswitch (>=1.0.0 <=1.0.2), au.com.versent.jenkins.plugins:ignore-committer-strategy (>=29.v7c3891a_434c3 <=57.v0756db_b_f6926) +1840 more potentially affected by CVE-2023-35887 via org.apache.sshd:sshd-core (>=1.0.0 <=2.18.0)
org.apache.sshd:sshd-core MAVEN version =1.0.0, =1.0.0, =29.v7c3891a434c3, =3.3.0, =1.1.0, =0.5.4, =0.8.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =1.1.0, =2.7.6, =2.8.0 and more Source cves: CVE-2023-35887 Source advisory: OSV:GHSA-MJMQ-GWGM-5QHM...
ch.admin.bit.jeap:jeap-archrepo-docgen (>=2.10.0 <=6.2.0), ch.admin.bit.jeap:jeap-archrepo-importer-messagetype (>=1.10.0 <=6.2.0) +505 more potentially affected by CVE-2023-35887 via org.apache.sshd:sshd-sftp (>=2.0.0 <=2.9.2)
org.apache.sshd:sshd-sftp MAVEN version =2.0.0, =2.10.0, =1.10.0, =1.10.0, =1.15.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =3.26.0, =3.26.0, =3.26.0, =3.26.0, =1.1.0, =1.1.1 - com.ailbb:alt =1.5 - com.amashchenko.maven.plugin:gitflow-maven-plugin =1.21.0 and more Source cves: CVE-2023-35887 Source...
CVE-2023-35887
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the root...
CVE-2023-35887
CVE-2023-35887 affects Apache MINA SSHD when using RootedFileSystem in SFTP servers. The root cause is path traversal outside the rooted tree via paths with '..' or symlinks, allowing logged-in users to discover existence/non-existence of items outside the rooted directory. Affected: Apache MINA ...
CVE-2023-35887 Apache MINA SSHD: Information disclosure bugs with RootedFilesystem
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the root...
CVE-2023-35887
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the root...