Oracle Siebel Server <= 23.5 (July 2023 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the Siebel CRM product of Oracle Siebel CRM component: EAI JSON-java. Supported versions that are affected are 23.5 and prior...

GridGain Security update in Brocade SANnav version 2.3.1a (CVE-2023-32732, CVE-2023-34462, CVE-2023-33953, CVE-2023-40167, CVE-2023-36479, CVE-2023-41900, CVE-2022-2048, CVE-2023-26048, CVE-2023-26049)

Brocade has provided a Security update to the following GridGain related CVEs in Brocade SANnav version 2.3.1a. CVE-2023-32732, CVE-2023-34462, CVE-2023-33953, CVE-2023-40167, CVE-2023-36479, CVE-2023-41900, CVE-2022-2048, CVE-2023-26048, CVE-2023-26049 Products Confirmed Not Affected. Brocade...

Statement on Jetty vulnerabilities in Brocade SANav

A Security Researcher performing penetration testing raises CVEs in the Jetty version used by Brocade SANnav v2.1.1. Brocade Statement All supported versions of Brocade SANnav do not directly use Jetty. The code is present within some versions of the SANnav product as it is contained within other...

RHEL 8 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0777 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

RHCOS 4 : OpenShift Container Platform 4.8.56 (RHSA-2023:0017)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0017 advisory. - http2-server: Invalid HTTP/2 requests cause DoS CVE-2022-2048 - Libraries: Untrusted users can modify some Pipeline libraries in...

Security Bulletin: IBM Operational Decision Manager July 2023 - Multiple CVEs

Summary This Security Bulletin addresses the security vulnerabilities that have been fixed within the IBM Operational Decision Manager. This product now includes fixes for the following security vulnerabilities. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: Postgresql JDBC could allow a...

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining . CVE-2022-2048

Summary There is a vulnerability in Eclipse Jetty that could allow a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-2048 DESCRIPTION: Eclipse Jetty is vulnerable to ...

Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 2.3.0 release and security update

Red Hat AMQ Streams 2.3.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

OESA-2023-1030 jetty security update

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in order to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

Security Bulletin: Multiple Vulnerabilities discovered in libraries used by Apache Zookeeper that is included in ITNM (CVE-2020-36518, CVE-2022-2047, CVE-2022-2048, CVE-2022-24823)

Summary Multiple vulnerabilities CVE-2020-36518; CVE-2022-2047; CVE-2022-2048; CVE-2022-24823 found in apache zookeeper used by IBM Tivoli Network Manager ITNM IP Edition. The fix contains the updated versions of corresponding libraries. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION:...

Security Bulletin: Tivoli Netcool/Omnibus installation contains vulnerable Eclipse Jetty code libraries (Multiple CVEs)

Summary The 'Netcool MIb Manager GUI' use a version of the Eclipse Jetty libary that contains known vulnerabilities. These vulnerabilities have been addressed by an upgrade to Jetty 9.4.48. Vulnerability Details CVEID:CVE-2022-2048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service,...

Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect Eclipse Jetty. Rational Performance Tester has taken steps to mitigate these vulnerabilities.

Summary Eclipse Jetty contains a vulnerability around improper hostname input handling that could lead to failure in a proxy scenario, and a vulnerability that could lead to a potential denial of service attack. Vulnerability Details CVEID:CVE-2022-2191 DESCRIPTION: Eclipse Jetty is vulnerable to...

Security Bulletin: Vulnerability from Eclipse Jetty affect IBM Operations Analytics - Log Analysis (CVE-2022-2048)

Summary Eclipse Jetty HTTP/2 server shipped with Log Analysis is vulnerable to denial of service Vulnerability Details CVEID:CVE-2022-2048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw in the error handling of an invalid HTTP/2 request. By sending...

Security Bulletin: Multiple vulnerabilities in Zookeeper affecting IBM QRadar User Behavior Analytics (CVE-2022-2191, CVE-2022-2047, CVE-2022-2048, CVE-2022-24823, CVE-2020-36518)

Summary Multiple vulnerabilities exist in Zookeeper that are used by IBM QRadar User Behavior Analytics UBA. These vulnerabilities are addressed in UBA by upgrading to a version of Zookeeper and packages that are associated with Zookeeper that resolve the vulnerabilities. Vulnerability Details...

Jenkins HTTP/2 DoS Vulnerability (CVE-2022-2048) - Windows

Jenkins is prone to an HTTP/2 denial of service DoS vulnerability in Jetty. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Jenkins HTTP/2 DoS Vulnerability (CVE-2022-2048) - Linux

Jenkins is prone to an HTTP/2 denial of service DoS vulnerability in Jetty. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Jenkins LTS < 2.361.1 / Jenkins weekly < 2.363

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.361.1 or Jenkins weekly prior to 2.363. It is, therefore, affected by a vulnerability: - In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid...

[SECURITY] [DLA 3079-1] jetty9 security update

Debian LTS Advisory DLA-3079-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 22, 2022 https://wiki.debian.org/LTS Package : jetty9 Version : 9.4.16-0+deb10u2 CVE ID : CVE-2022-2047 CVE-2022-2048 Two security vulnerabilities were discovered in Jetty, a Jav...

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-2047 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security...

Debian DSA-5198-1 : jetty9 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5198 advisory. Two security vulnerabilities were discovered in Jetty, a Java servlet engine and webserver. CVE-2022-2047 In Eclipse Jetty the parsing of the authority segment of...