12 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-21742
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add...
Security Bulletin: Apache James and Bouncy Castle vulnerabilities in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2023-33202,CVE-2024-21742,CVE-2024-29857,CVE-2024-30172,CVE-2024-34447)
Summary There are potential denial of service and bypass security restrictions vulnerabilities in Apache James Mime4J and Bouncy Castle Crypto Package, which are used by Apache Solr and Logstash in IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-34447 DESCRIPTION: The...
Oracle Primavera Unifier (Jul 2024 CPU)
The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Integration Apache James MIME4J. Supported versio...
Security Bulletin: IBM Datapower Operations Dashboard could allow unintended headers to MIME messages CVE-2024-21742
Summary Apache James Mime4J is used by the IBM Datapower Operations Dashboard stream parsing implementation. Vulnerability Details CVEID:CVE-2024-21742 DESCRIPTION: Apache James Mime4J could allow a remote attacker to bypass security restrictions, caused by improper input validation. By sending a...
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information CVE-2024-28849,...
OESA-2024-1477 apache-mime4j security update
Java stream based MIME message parser. Security Fixes: Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages. CVE-2024-21742...
OESA-2024-1476 apache-mime4j security update
Java stream based MIME message parser. Security Fixes: Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages. CVE-2024-21742...
OESA-2024-1478 apache-mime4j security update
Java stream based MIME message parser. Security Fixes: Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages. CVE-2024-21742...
ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), au.com.turingg:turingg-files (=0.0.1) +1172 more potentially affected by CVE-2024-21742 via org.apache.james:apache-mime4j-core (>=0.7 <=0.8.1)
org.apache.james:apache-mime4j-core MAVEN version =0.7, =1.3, =1.0.1, =3.00.4, =3.00.3, =4.00.10, =3.6.1, =3.11.0, =0.1, =1.2.3, =1.1, =0.3, =0.2, =0.3 and more Source cves: CVE-2024-21742 Source advisory: OSV:GHSA-JW7R-RXFF-GV24...
CVE-2024-21742 vulnerabilities
Vulnerabilities for packages: opensearch, keycloak...
CVE-2024-21742
Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages...
CVE-2024-21742
CVE-2024-21742: IBM/connected IBM products show a vulnerability due to improper input validation in MIME4J DOM, enabling header injection in MIME messages. Affected: IBM API Connect v12 OnPrem 12.1.0.0 (per IBM bulletin); remediation: upgrade to 12.1.0.1. Other IBM docs also reference this CVE in...