Lucene search
K

27 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/11 8:59 p.m.13 views

Security Bulletin: Due to the use of jetty IBM webMethods BPM is vulnerable to multiple vulnerabilities

Summary IBM webMethods BPM is dependant on jetty which is affected by known vulnerabilities CVE-2020-27223, CVE-2021-28169, CVE-2022-2047, CVE-2023-26049, CVE-2023-36478, CVE-2023-40167 Vulnerability Details CVEID:CVE-2020-27223 DESCRIPTION: In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114...

7.5CVSS6AI score0.7848EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/18 9:41 p.m.22 views

Security Bulletin: Several Security Vulnerabilities were discovered in IBM Security Directory Suite

Summary Several Security Vulnerabilities in the IBM Security Directory Integrator and Eclipse Jetty were addressed in the IBM Security Directory Suite. Vulnerability Details CVEID:CVE-2022-32759 DESCRIPTION: IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0...

9.8CVSS8AI score0.7848EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/15 12:45 a.m.46 views

Security Bulletin: Multiple security vulnerabilities in Eclipse Jetty affect IBM Security Directory Integrator

Summary The IBM Security Directory Integrator was vulnerable to multiple security vulnerabilities in the Eclipse Jetty component. This was addressed in version 10 of the IBM Security Directory Integrator. Vulnerability Details CVEID:CVE-2017-9735 DESCRIPTION: Jetty could allow a remote attacker t...

9.8CVSS9AI score0.7848EPSS
Exploits5Affected Software1
Broadcom
Broadcom
added 2024/05/01 12:0 a.m.14 views

Statement on Jetty vulnerabilities in Brocade SANav

A Security Researcher performing penetration testing raises CVEs in the Jetty version used by Brocade SANnav v2.1.1. Brocade Statement All supported versions of Brocade SANnav do not directly use Jetty. The code is present within some versions of the SANnav product as it is contained within other...

9.4CVSS5.8AI score0.99298EPSS
Exploits19
Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Medium: jetty

Issue Overview: For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. Thi...

5.3CVSS6.6AI score0.7848EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/01/09 12:0 a.m.44 views

Amazon Linux 2 : jetty (ALAS-2024-2408)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2408 advisory. For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example...

5.3CVSS7.1AI score0.7848EPSS
Exploits2References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/15 1:35 p.m.59 views

Security Bulletin: Multiple Eclipse Jetty Vulnerabilities Affect IBM Analytic Accelerator Framework for Communication Service Providers & IBM Customer and Network Analytics

Summary Eclipse Jetty is used in the solution's microservices bis, auth, analytics, cna as the engine of the HTTP server, underpinning APIs and UI. Several CVEs were found in the version used. These vulnerabilities are addressed. Vulnerability Details CVEID:CVE-2021-28169 DESCRIPTION: Eclipse Jet...

7.8CVSS6.5AI score0.99298EPSS
Exploits16Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.3 views

SUSE CVE-2021-28169

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

6.5CVSS8AI score0.7848EPSS
Exploits2References5
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/17 1:12 p.m.45 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable due to Eclipse Jetty

Summary IBM Sterilng B2B Integrator has addressed multiple security vulnerabilities in Eclipse Jetty. Vulnerability Details CVEID:CVE-2021-34428 DESCRIPTION: Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an...

5.3CVSS5.5AI score0.99298EPSS
Exploits9Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/09/15 12:0 a.m.52 views

RHEL 7 / 8 : OpenShift Container Platform 4.9.0 (RHSA-2021:3758)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3758 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

7.5CVSS7.2AI score0.7848EPSS
Exploits4References12
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/29 8:34 p.m.157 views

Security Bulletin: Vulnerabilities in Eclipse Jetty affect Rational Service Tester (CVE-2021-28169, CVE-2021-34428, CVE-2021-28163, CVE-2021-28164, CVE-2021-34429, CVE-2021-28165)

Summary There are vulnerabilities in Eclipse Jetty that affect Rational Service Tester. Rational Service Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw ...

7.8CVSS6.4AI score0.99298EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/21 4:32 a.m.67 views

Security Bulletin: There are multiple security vulnerabilities in Apache Storm used by IBM Tivoli Netcool Manager.

Summary Apache-storm, used by IBM Tivoli Network Manager, contains many internal libraries which are vulnerable to various types of CVEs. Revealing sensitive information CVE-2021-28169, bypassing ACL validations CVE-2018-17196, heap based buffer overflow CVE-2015-5237, denial of service...

9CVSS9.2AI score0.7848EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/07 6:55 a.m.39 views

Security Bulletin: IBM Tivoli Network Manager is vulnerable to information disclosure attacks due to vulnerabilities in Eclipse Jetty (CVE-2021-28169)

Summary Eclipse Jetty libraries jetty-io, jetty-client, jetty-http, jetty-util used by IBM Tivoli Network Manager, in versions = 9.4.40, = 10.0.2, = 11.0.2 , it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For...

5.3CVSS0.5AI score0.7848EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/29 6:27 a.m.78 views

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, cause...

7.8CVSS7.2AI score0.99298EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 5:19 p.m.55 views

Security Bulletin: IBM MQ is vulnerable to multiple Jetty vulnerabilities (CVE-2021-34428, CVE-2021-34429, CVE-2021-28169)

Summary Multiple issues were identified in Eclipse Jetty that IBM MQ Explorer uses and is affected by. Vulnerability Details CVEID: CVE-2021-34428 DESCRIPTION: Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an...

5.3CVSS5.3AI score0.99298EPSS
Exploits9Affected Software1
RedHat Linux
RedHat Linux
added 2021/10/18 5:45 p.m.64 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.9.0 packages and security update

Red Hat OpenShift Container Platform release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

7.5CVSS6.7AI score0.7848EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2021/10/04 12:0 a.m.846 views

Jetty < 9.4.41 Multiple Vulnerabilities

According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.41, 10.0.x prior to 10.0.3 or 11.0.x prior to 11.0.3. It is, therefore, affected by multiple vulnerabilities: - An issue with failure to invalidate sessions after an exception in t...

5.3CVSS5.7AI score0.7848EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2021/07/13 12:0 a.m.38 views

openSUSE: Security Advisory for jetty-minimal (openSUSE-SU-2021:2005-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS6.7AI score0.82371EPSS
Exploits11References2
OSV
OSV
added 2021/07/11 8:5 a.m.12 views

OPENSUSE-SU-2021:2005-1 Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: Update to version 9.4.42.v20210604 - Fix: bsc1187117, CVE-2021-28169 - possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory - Fix: bsc1184367, CVE-2021-28165 - jet...

7.8CVSS5AI score0.82371EPSS
Exploits11References9
OPENSUSE Linux
OPENSUSE Linux
added 2021/07/11 12:0 a.m.110 views

Security update for jetty-minimal (important)

openSUSE Security Update: Security update for jetty-minimal Announcement ID: openSUSE-SU-2021:2005-1 Rating: important References: 1184366 1184367 1184368 1187117 Cross-References: CVE-2021-28163 CVE-2021-28164 CVE-2021-28165 CVE-2021-28169 CVSS scores: CVE-2021-28163 NVD : 2.7...

7.5CVSS7.6AI score0.82371EPSS
Exploits11References4
Rows per page
Query Builder