104 matches found
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jetty-http (CVE-2026-2332)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-2332 reported for jetty-http-12.0.25.jar. Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "fun...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jetty-http (CVE-2025-11143)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-11143 reported for jetty-http-12.0.25.jar. Vulnerability Details CVEID:CVE-2025-11143 DESCRIPTION: The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differentia...
CVE-2023-43035
IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system...
EUVD-2014-0955
Malware in sbrugna...
EUVD-2013-2908
Malware in sbrugna...
EUVD-2013-2907
Malware in sbrugna...
EUVD-2023-39057
Malicious code in bioql PyPI...
EUVD-2023-47456
Malicious code in bioql PyPI...
EUVD-2023-46466
Malicious code in bioql PyPI...
CVE-2023-35020
IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 257874...
IBM Sterling Control Center Cross-Site Scripting Vulnerability (CNVD-2025-09285)
IBM Sterling Control Center is an application system from International Business Machines IBM. A centralized monitoring and management system. IBM Sterling Control Center suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping o...
CVE-2023-42007
IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
Security Bulletin: IBM Sterling Control Center is affected by sensitive information within URLs may be logged (CVE-2023-43035)
Summary Sensitive information may be logged Session token is passing in the URL within URLs is affecting IBM Sterling Control Center v6.2.1.0, v6.3.1.0 and v6.4.0.0. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2023-43035 DESCRIPTION:...
Security Bulletin: IBM Sterling Control Center is affected by improper input validation (CVE-2023-42007)
Summary Improper input validation is impacting IBM Sterling Control Center v6.4.0.0, v6.3.1.0 and v6.2.1.0. User supplied input is getting reflected as it is in the response without being validated at sever end. Customers must upgrade to latest patch below to address this vulnerability...
CVE-2023-43035
IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system...
CVE-2023-42007
IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities reported in Jetty server (CVE-2024-8184, CVE-2024-6763)
Summary Multiple vulnerabilities over Eclipse Jetty is affecting IBM Sterling Control Center v6.3.1.0 and v6.4.0.0. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service...
CVE-2023-43035 IBM Sterling Control Center information disclosure
IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system...
CVE-2023-43035
CVE-2023-43035 affects IBM Sterling Control Center 6.2.1.0, 6.3.1.0, and 6.4.0.0. The issue allows web pages to be stored locally and read by another user on the same system (information disclosure; CWE-525). IBM’s bulletin lists the vulnerable versions and fixes: upgrade to 6.2.1.0 iFix15, 6.3.1...
CVE-2023-43035 IBM Sterling Control Center information disclosure
IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system...