Security Bulletin: IBM Security SiteProtector System is affected by Cross-Site Scripting (CVE-2020-4140)

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Core XPU Vulnerability Details CVEID: CVE-2020-4140 DESCRIPTION: IBM SiteProtector Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We...

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities (CVE-2020-13938, CVE-2021-30641)

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2020-13938 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by the improper handling of insufficient privileges. A local attack...

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2020-1927 DESCRIPTION: Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the...

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2019-10092 DESCRIPTION: In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacke...

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2018-20843 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a...

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2018-17199 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by checking the session expiry time before...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.5.37 used by IBM Security SiteProtector System. IBM Security SiteProtector System has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2684 DESCRIPTION: An unspecified vulnerability in...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.5.30 used by IBM Security SiteProtector System. IBM Security SiteProtector System has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-3139 DESCRIPTION: An unspecified vulnerability in...

March 19, 2019—KB4489888 (OS Build 15063.1716)

March 19, 2019—KB4489888 OS Build 15063.1716 Reminder: March 12th and April 9th will be the last two Delta updates for Windows 10, version 1703. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change plea...

Security Bulletin: IBM Security SiteProtector System is affected by GSKit vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in GSKit. Vulnerability Details CVEID: CVE-2018-1428 DESCRIPTION: IBM GSKit uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base Scor...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Security SiteProtector System. These issues were disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: An unspecified vulnerability...

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server Vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmime. By sending a...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Security SiteProtector System. These issues were disclosed as part of the IBM Java SDK updates in Apr 2017. Vulnerability Details CVEID: CVE-2017-3539 DESCRIPTION: An unspecified vulnerability relat...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System (CVE-2016-0483 and CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® Java™ Runtime, Version 7 that is used by IBM Security SiteProtector System. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as "SLOTH". Vulnerability Details CVEI...

Security Bulletin: Vulnerability in OpenSSL affects IBM Security SiteProtector System (CVE-2015-1788)

Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM Security SiteProtector System uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an erro...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System (CVE-2015-2808, CVE-2015-0488 and CVE-2015-0478)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 that is used by IBM Security SiteProtector System. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID:CVE-2015-2808 DESCRIPTION:The RC4 algorithm, as us...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System (CVE-2015-2601, CVE-2015-2613 and CVE-2015-1931)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 that is used by IBM Security SiteProtector System. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2601 DESCRIPTION: An unspecified...

Security Bulletin: IBM Security SiteProtector System is impacted by a vulnerability in Apache Tomcat (CVE-2014-0227)

Summary The IBM Security SiteProtector System uses Apache Tomcat, which is vulnerable to HTTP request smuggling. Vulnerability Details CVEID: CVE-2014-0227 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling. A remote attacker could send a specially-crafted request in a malformed...

Security Bulletin: TLS padding vulnerability affects IBM Security SiteProtector (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM Security SiteProtector System and IBM Security SiteProtector Appliance. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a...

Security Bulletin: IBM Security SiteProtector System can be affected by a vulnerability in IBM Global Security Kit (CVE-2014-0963) and in Apache Struts V1.x (CVE-2014-0114)

Summary The IBM Security SiteProtector System product can be impacted by a vulnerability in IBM Global Security Kit GSKit as well as a vulnerability in Apache Struts V1.x Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: A GSKit vulnerability in relation to TLS Record Processing has been...