H2O Security Breach

H2O is an in-memory platform for distributed, scalable machine learning. H2O suffers from a security vulnerability that stems from allowing an attacker to execute remote code via the POJO model import function...

Security Bulletin: Multiple vulnerabilities in Apache Camel core affect IBM Application Performance Management products

Summary Apache Camel core is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2014-0002 DESCRIPTION: Apache Camel could allow a remote attacker to obtain sensitive information, caused by an error in t...

Code injection

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry listening on TCP port 2099 by default and two RMI interfaces listening on a single, dynamically assigned TCP high port. Port 2099 serves as a Java Remote Method Invocation RMI...

CVE-2023-0925 Software AG webMethods OneData Deserialization Vulnerability

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry listening on TCP port 2099 by default and two RMI interfaces listening on a single, dynamically assigned TCP high port. Port 2099 serves as a Java Remote Method Invocation RMI...

Security Bulletin: Security vulnerability in IBM Java Object Request Broker (ORB) in FileNet Content Manager

Summary Security vulnerability in IBM Java Object Request Broker ORB in FileNet Content Manager, affected and vulnerable Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the...

PT-2023-19848 · Ibm · Ibm B2B Advanced Communications +1

Name of the Vulnerable Software and Affected Versions: IBM B2B Advanced Communications version 1.0.0.0 IBM Multi-Enterprise Integration Gateway version 1.0.0.1 Description: The issue allows a user to cause a denial of service due to the deserializing of untrusted serialized Java objects...

Remote code execution in Apache Jackrabbit

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

CVE-2023-37895

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

Deserialization of untrusted data

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

CVE-2023-37895

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

CVE-2023-37895

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary command execution due to com.ibm.ws.org.apache.commons.collections (CVE-2015-7501)

Summary A security vulnerability has been identified and addressed in com.ibm.ws.org.apache.commons.collections.3.2.1-1.0.9.jar shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2015-7501 DESCRIPTION: Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid...

GHSA-P4WR-9WFM-F9JW Jenkins SAML Single Sign On(SSO) Plugin missing permission check

Jenkins SAML Single Sign OnSSO Plugin 2.3.0 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to download a string representation of the current security realm Java ObjecttoString, which potentially includes sensitive...

Important: xstream

Issue Overview: XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code...

K04734219: Red Hat JBoss vulnerability CVE-2015-7501

Security Advisory Description Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works FSW 6.x; Operations Network JBoss ON 3.x; Portal 6.x; SOA Platform...

SUSE CVE-2016-9299

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...

Design/Logic Flaw

DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the idtoken is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the...

Fortra GoAnywhere MFT Unsafe Deserialization RCE

This module exploits CVE-2023-0669, which is an object deserialization vulnerability in Fortra GoAnywhere MFT. Module Options msf use exploit/multi/http/fortragoanywherercecve20230669 msf exploitfortragoanywherercecve20230669 show targets ...targets... msf exploitfortragoanywherercecve20230669 se...

Security Bulletin: Multiple vulnerabilities in Apache Commons Collections affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in Apache Commons Collections used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2015-4852 DESCRIPTION: The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers t...

CVE-2022-39311 Compromised agents may be able to execute remote code on GoCD Server

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation...