6 matches found
Security Bulletin: Multiple Vulnerabilities in IBM Sterling Configure, Price, Quote (on-prem).
Summary Multiple vulnerabilities were addressed in IBM Sterling Configure, Price, Quote on-prem version 10.0.0.0-Sterling-VM-All-fp00027 Vulnerability Details CVEID:CVE-2022-40152 DESCRIPTION: Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support...
CVE-2024-38453
The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. NOTE: the current version is 11 as of mid-2024...
Security Bulletin: IBM Sterling Configure Price Quote - Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)
Abstract Java API Documentation contains a frame injection vulnerability Content VULNERABILITY DETAILS: CVE ID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...
Security Bulletin: IBM Sterling Order Management and IBM Sterling Configure Price Quote are vulnerable to cross-site request forgery
Abstract Security Bulletin: IBM Sterling Order Management and IBM Sterling Configure Price Quote are vulnerable to cross-site request forgery Body IBM Sterling Order Management and IBM Sterling Configure Price Quote are vulnerable to cross-site request forgery which could allow an attacker to...
Security Bulletin: IBM Sterling Order Management and IBM Sterling Configure Price Quote are vulnerable to cross-site request forgery.
Summary IBM Sterling Order Management and IBM Sterling Configure Price Quote are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Vulnerability Details CVEID: CVE-2016-9991...
Security Bulletin: IBM Sterling Order Management and IBM Sterling Configure, Price, Quote are affected by multiple Apache Struts 2 security vulnerabilities.
Summary IBM Sterling Order Management and IBM Sterling Configure Price Quote use Apache Struts 2 and are affected by some of the vulnerabilities that exist in Apache Struts 2. Vulnerability Details CVEID: CVE-2013-4310 Description: Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to...