MiracleLinux 4 : xalan-j2-2.7.0-9.9.AXS4 (AXSA:2014-224:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-224:01 advisory. Xalan is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It implements the W3C Recommendations for XSL...

MiracleLinux 3 : xalan-j2-2.7.0-6jpp.2.0.1.AXS3 (AXSA:2014-250:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-250:01 advisory. Xalan is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It implements the W3C Recommendations for XSL...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by improper access control and integer truncation issues due to flaw in Apache Xalan

Summary Apache Xalan in Logstash is used by IBM Operations Analytics - Log Analysis as part of the data transformation and integration. CVE-2014-0107, CVE-2022-34169. Vulnerability Details CVEID:CVE-2014-0107 DESCRIPTION: The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly...

Security Bulletin: ITCAM for Transactions affected by the Security vulnerability CVE-2022-34169, CVE-2014-0107 found in xalan-2.7.1.jar and its previous versions

Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following xalan-2.7.1.jar vulnerability and updated xalan.jar from version 2.7.0 to 2.7.3 Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library cou...

CVE-2022-47966

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain...

acegisecurity:acegi-security (=0.7.0), acegisecurity:acegi-security-cas (=0.7.0) +5436 more potentially affected by CVE-2014-0107 via xalan:xalan (>=2.3.1 <=2.7.1)

xalan:xalan MAVEN version =2.3.1, =1.3, =0.2.0, =0.2.0, =19.9.0, =9.1.1, =1.10.2, =1.14.1 and more Source cves: CVE-2014-0107 Source advisory: OSV:GHSA-RC2W-R4JQ-7PFX...

Mageia: Security Advisory (MGASA-2014-0152)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2014:0870-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Security Guardium is affected by an Apache Xalan-Java library vulnerability (CVE-2014-0107)

Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID: CVE-2014-0107 DESCRIPTION: Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability t...

Security Bulletin: Vulnerability exists in Apache-Xalan-Java used in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2014-0107)

Summary A security bypass vulnerability has been discovered in Apache Xalan-Java libraries used by IBM Sterling B2B Integrator and IBM Sterling File Gateway. Vulnerability Details CVEID: CVE-2014-0107 Description: Apache Xalan-Java could allow a remote attacker to bypass security restrictions...

Security Bulletin: A vulnerability exists in Apache Xalan-Java prior to 2.7.2 as used in IBM Sterling Control Center 5.2 (CVE-2014-0107)

Summary IBM Sterling Control Center 5.2 utilizes Apache Xalan-Java that contains a vulnerability. Vulnerability Details CVE-ID: CVE-2014-0107 DESCRIPTION: Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An...

Security Bulletin: Tivoli Common Reporting iFixes for multiple Security Vulnerabilities (CVE-2014-3566,CVE-2014-6145,CVE-2014-1568,CVE-2014-4263,CVE-2014-3513,CVE-2014-3567,CVE-2014-3568,CVE-2014-0107,CVE-2014-0075,CVE-2014-0096,CVE-2014-0099,CVE-2014-011

Summary Tivoli Common Reporting TCR interim fixes addresses Security Vulnerability and Exposure - CVE-2014-3566, CVE-2014-6145, CVE-2014-1568, CVE-2014-4263, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-0107, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0878 and...

Security Bulletin: Apache Xalan-Java の脆弱性 (CVE-2014-0107) による IBM FileNet Business Process Framework への影響

Summary Apache Xalan-Java にはリモートの攻撃者がセキュリティの制限をバイパスできてしまうおそれがあります。 ご利用の IBM FileNet Business Process Framework V4.1.0.x に4.1 Fix Pack 10 を適用後、4.1.0.10-P8BPF-IF002 を適用してください。修正を適用する以外の回避策はございません。 Vulnerability Details 影響を受ける製品およびバージョン： · IBM FileNet Business Process Framework V4.1.0.x 解決策および回避策：...

Security Bulletin: IBM FileNet Business Process Framework is affected by a vulnerability in Apache Xalan-Java (CVE-2014-0107)

Summary Open Source Apache Xalan-Java could allow a remote attacker to bypass security restrictions. Vulnerability Details CVE ID: CVE--2014-0107 Description: Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An...

Security Bulletin: A vulnerability exists in Apache Xalan-Java prior to 2.7.2 as used in IBM QRadar SIEM 7.1 MR2, and 7.2 MR2. (CVE-2014-0107)

Summary IBM QRadar Security Information and Event Manager SIEM 7.1 MR2 and 7.2 MR2 utilizes Apache Xalan-Java that contains a vulnerability. Vulnerability Details CVE ID: CVE-2014-0107 DESCRIPTION: The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certa...

Security Bulletin: Cognos BI Server is affected by the following vulnerabilities: CVE-2014-0107, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0878, CVE-2014-0460

Summary Security vulnerabilities have been discovered in Tomcat, XalanJ and the IBM JRE that were reported in late May, 2014. Vulnerability Details CVE-ID: CVE-2014-0107 DESCRIPTION: Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling o...

Security Bulletin: Security exposure in IBM Cognos Incentive Compensation Management (CVE-2014-0107)

Summary There is a security vulnerability whereby a remote attacker could bypass security restrictions in Apache Xalan-Java within IBM Cognos Incentive Compensation Management 8.x and 7.x. Vulnerability Details CVE IDs: CVE-2014-0107 DESCRIPTION: Apache Xalan-Java could allow a remote attacker to...

Security Bulletin: Vulnerabilities in IBM Business Process Manager (BPM) DocumentStore administration (CVE-2014-0107, CVE-2014-4763)

Summary IBM Business Process Manager BPMV8.5.5.0 includes a web based application for administering the IBM BPM DocumentStore. A cross-site scripting vulnerability CVE-2014-4763 and an open source library for XML processing vulnerability CVE-2014-0107 have been reported in this web based...

SUSE: Security Advisory for xalan-j2 (SUSE-SU-2014:0870-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 security update

An update for Red Hat JBoss SOA Platform 5.3.1 which fixes multiple security issues is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...