15 matches found
IBM Process Mining 输入验证错误漏洞
IBM Process Mining is a process mining solution from International Business Machines IBM. An input validation error vulnerability exists in IBM Process Mining versions 2.0.1 IF001 and 2.0.1, which stems from an open redirect and could lead to a phishing attack...
Security Bulletin: IBM Operations Analytics - Log Analysis is vulnerable to an XML External Entity Injection (XXE) vulnerability
Summary There is a potential XML External Entity Injection XXE vulnerability with reload4j library that is used in IBM Operations Analytics - Log Analysis. This has been addressed. Vulnerability Details IBM X-Force ID: 294027 DESCRIPTION: QOS.CH reload4j allow a remote attacker to obtain sensitiv...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF001
Summary The following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF001 Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip the Proxy-Authorization...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 1.14.4 IF001
Summary The following security vulnerabilities are addressed with IBM Process Mining 1.14.4 IF001 Vulnerability Details CVEID:CVE-2024-22259 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...
Security Bulletin: Vulnerability in openjdk affects IBM Process Mining CVE-2023-21930
Summary There is a vulnerability in openjdk that could allow an authenticated attacker with network access via TLS to compromise Java on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 1.14.3 IF001
Summary The following security vulnerabilities are addressed with IBM Process Mining 1.14.3 IF001 Vulnerability Details CVEID:CVE-2023-46589 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP trailer headers. By sending a specially crafted...
Security Bulletin: CVE-2021-35561 may affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary CVE-2021-35561 was disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in Java SE related to the Utility component could allow an unauthenticated attacker to cause a denial of service...
Security Bulletin: Apache Log4j vulnerability affects IBM Cloud Pak for Automation (CVE-2021-44228)
Summary A remote code execution vulnerability has been reported for log4j-core-2.x libraries, which are used in various components of IBM Cloud Pak for Business Automation. Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code...
Security Bulletin: Vulnerabilities in Oracle Outside In Technology component affect Content Collector for Email (CVE-2021-35572)
Summary There are vulnerabilities in in Oracle Outside In Technology related to Outside In Filters used by Content Collector for Email. Vulnerability Details CVEID: CVE-2021-35572 DESCRIPTION: An unspecified vulnerability in Oracle Outside In Technology related to the Outisde in Filters component...
Security Bulletin: Vulnerabilities in Oracle Outside In Technology component affect Content Collector for Email (CVE-2021-35657)
Summary There are vulnerabilities in in Oracle Outside In Technology related to Outside In Filters used by Content Collector for Email. Vulnerability Details CVEID:CVE-2021-35657 DESCRIPTION: An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Filters component...
Security Bulletin: Vulnerabilities in Oracle Outside In Technology component affect Content Collector for Email (CVE-2021-35573)
Summary There are vulnerabilities in in Oracle Outside In Technology related to Outside In Filters used by Content Collector for Email. Vulnerability Details CVEID: CVE-2021-35573 DESCRIPTION: An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Filters component...
Security Bulletin: Vulnerabilities in Oracle Outside In Technology component affect Content Collector for Email (CVE-2021-35574)
Summary There are vulnerabilities in in Oracle Outside In Technology related to Outside In Filters used by Content Collector for Email. Vulnerability Details CVEID: CVE-2021-35574 DESCRIPTION: An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Filters component...
Security Bulletin: Embedded WebSphere Application Server is vulnerable to Apache MyFaces, which affects Content Collector for Email
Summary Vulnerability in Apache MyFaces affects embedded WebSphere Application Server which affects Content Collector for Email. Vulnerability Details CVEID: CVE-2021-26296 DESCRIPTION: Apache MyFaces is vulnerable to cross-site request forgery, caused by improper validation of user-supplied inpu...
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2019-11745)
Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to security vulnerability. The vulnerability concerns Network Security Services Softoken Cryptographic Module that could allow an attacker to execute arbitrary code on the system or cause a...
Security Bulletin: Vulnerability in Apache Struts affects FileNet Content Manager and IBM Content Foundation (CVE-2016-1181, CVE-2016-1182)
Summary Security vulnerabilitiy exists in IBM FileNet Content Manager and IBM Content Foundation in Apache Struts. Vulnerability Details CVEID: CVE-2016-1181 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against...