Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-3092)

Summary IBM WebSphere Application Server is shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

Security Bulletin: DataQuant for WebSphere is affected by a vulnerability in Apache Commons FileUpload (CVE-2014-0050)

Summary Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause the application to enter into an...

Oracle Enterprise Manager Cloud Control (Jan 2021 CPU)

The 13.3.0.0, 13.4.0.0, and 13.2.1.0 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2021 CPU advisory. - Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager...

Security Bulletin: Security vulnerability exists in the open source library Apache Commons FileUpload that is shipped with and used by IBM Emptoris S

Question Security Bulletin: Security vulnerability exists in the open source library Apache Commons FileUpload that is shipped with and used by IBM Emptoris Strategic Supply Management. Answer SUMMARY: IBM Emptoris Strategic Supply Management is vulnerable to denial of service due to a flaw in th...

IBM WebSphere Application Server 8.0.0.x < 8.0.0.15 / 8.5.x < 8.5.5.13 / 9.0.x < 9.0.0.7 RCE (CVE-2016-1000031)

The IBM WebSphere Application Server running on the remote host is version 8.0.0.x prior to 8.0.0.15, 8.5.0.x prior to 8.5.5.13 or 9.0.x prior to 9.0.0.7. It is, therefore, affected by a remote code execution vulnerability due to improper deserialization of untrusted data in the DiskFileItem clas...

Security Bulletin: Multiple security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance

Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2014-0050 DESCRIPTION: Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the...

Oracle Database Server Multiple Vulnerabilities (Jul 2020 CPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory. - Vulnerability in the MapViewer Apache Commons FileUpload component of Oracle Database Server. Supported versions that are affected are...

Security Bulletin: Apache Commons FileUpload (Publicly disclosed vulnerability) in IBM eDiscovery Manager

Summary Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this...

Oracle WebCenter Sites Multiple Vulnerabilities (July 2019 CPU)

Oracle WebCenter Sites component of Oracle Fusion Middleware is vulnerable to multiple vulnerabilities : - A deserialization vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware subcomponent: Advanced UI Apache Groovy due to a lack of isolation of object...

Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with Predictive Customer Intelligence (CVE-2016-0385, CVE-2016-0377, CVE-2016-2960, CVE-2016-3092)

Summary WebSphere Application Server is shipped with Predictive Customer Intelligence. Information about security vulnerabilities affecting WebSphere Application Server have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: A denial of service vulnerability affects IBM Sterling B2B Integrator (CVE-2014-0050)

Summary IBM Sterling B2B Integrator is vulnerable to denial of service attack Vulnerability Details CVEID: CVE-2014-0050 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests. By...

Security Bulletin: Vulnerability in Apache Commons affects IBM B2B Advanced Communications (CVE-2016-3092)

Summary IBM B2B Advanced Communications is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons...

Security Bulletin: Security Vulnerability in Apache Commons FileUpload Affects IBM Sterling B2B Integrator (CVE-2016-1000031)

Summary Security vulnerability in Apache Commons FileUpload affects IBM Sterling B2B Integrator. Vulnerability Details CVEID: CVE-2016-1000031 DESCRIPTION: Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on th...

Security Bulletin: Apache Commons FileUpload Vulnerability affects IBM Rational ClearQuest (CVE-2016-3092)

Summary IBM Rational ClearQuest is vulnerable to an Apache Commons FileUpload vulnerability. Vulnerability Details CVE-ID: CVE-2016-3092 Description: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests,...

Exploit for Deserialization of Untrusted Data in Apache Log4J

CVE-2019-17571 is a vulnerability in the Apache Commons FileUpload library. It allows an attacker to upload a malicious file with a .class extension, which can be used to execute arbitrary code on the server. The vulnerability is caused by the library not properly validating the file extension...

Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Sterling Secure Proxy (CVE-2016-3092)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Sterling Secure Proxy. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload...

Security Bulletin: Multiple Security Vulnerabilities found in IBM Sterling Secure Proxy (CVE-2014-0411, CVE-2014-0050)

Summary IBM Sterling Secure Proxy is shipped with IBM Runtime Environment, Java™ Technology Edition the “IBM JRE”, that is based on an Oracle Java Runtime Environment JRE. Oracle has released the January 2014 critical patch updates CPU that contain security vulnerability fixes for the JRE. The IB...

Security Bulletin: Vulnerability in Apache Commons FileUpload Affects IBM Sterling Secure Proxy

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Sterling Secure Proxy. Vulnerability Details CVEID: CVE-2016-1000031 DESCRIPTION: Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote...

Security Bulletin: Vulnerability in Apache Commons Fileupload affects IBM Control Center (CVE-2016-3092)

Summary Apache Commons Fileupload vulnerability affects IBM Control Center. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could...

Security Bulletin: Apache Commons FileUpload Vulnerabilities in IBM Control Center (CVE-2016-1000031)

Summary The DiskFileItem class in Apache Commons Fileupload before 1.3.3, as used in Control Center, could allow remote attackers to execute arbitrary code under current context of the current process causing an undefined behavior. Vulnerability Details CVEID: CVE-2016-1000031 Description: Apache...