Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2018. Vulnerability Details CVEID: CVE-2018-2794 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 & 8 and IBM® Runtime Environment Java™ Version 7 & 8 used by Rational Business Developer. These issues were disclosed as part of the IBM Java SDK updates in April 2018. Vulnerability Details CVEID:...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6.0.16.60 and earlier, 6.1.8.60 and earlier, 7.0.10.20 and earlier, 7.1.4.20 and earlier, 8.0.5.10 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in April 2018...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects IBM WebSphere Application Server in IBM Cloud April 2018 CPU

Summary There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in April 2018. These may affect some configurations of IBM WebSphere Application Server...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Tivoli Business Service Manager

Summary IBM WebSphere Application Server is shipped as a component of Tivoli Business Service Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the Security Bulletin:...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring VMWare VI Agent (CVE-2015-2625, CVE-2015-1931, CVE-2015-7575)

Summary There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of the IBM Tivoli Monitoring ITM VMWare VI Agent. Vulnerability Details CVEID: CVE-2015-2625 DESCRIPTION: An unspecified vulnerability related to the JSSE component could allow a remote attacker...

Security Bulletin: A security vulnerability has been identified in an IBM Tivoli Monitoring shared component shipped with Agent for NetApp Storage(CVE-2015-2625, CVE-2015-1931, CVE-2015-7575, CVE-2015-4000)

Summary An IBM Tivoli Monitoring shared component is included as part of Agent for NetApp Storage. Information about a security vulnerability affecting an IBM Tivoli Monitoring shared component has been published in a security bulletin. Vulnerability Details CVEID: CVE-2015-2625 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Security SiteProtector System. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. Vulnerability Details CVEID: CVE-2018-2579 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerability in IBM Rational ClearCase (Java component) with potential for TLS Attack (CVE-2013-0169)

Summary IBM Rational ClearCase includes an IBM Java SDK that is based on the Oracle JDK. Oracle has released April 2013 critical patch updates CPU which contain security vulnerability fixes and the IBM Java SDK has been updated to incorporate those updates. Vulnerability Details | Subscribe to My...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM Watson Compare and Comply: Element Classification on IBM Cloud Private

Summary There is a vulnerability CVE-2018-2783 in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Watson™ Compare and Comply: Element Classification on IBM Cloud Private. The issue was disclosed as part of the IBM Java SDK updates for April 2018. Vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum LSF Analytics

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Spectrum LSF Analytics. These issues were disclosed as part of the IBM Java SDK updates in January 2018. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with...

CVE-2018-13439

WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL...

Design/Logic Flaw

WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL...

CVE-2018-13439

WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL...

CVE-2018-13439

The CVE-2018-13439 entry affects WXPayUtil in the WeChat Pay Java SDK, where the WXPayUtil class is vulnerable to XML External Entity (XXE) attacks via a merchant notification URL. The connected documents confirm XXE exploitation risk and describe the underlying issue as improper XML processing t...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Agile Lifecycle Manager

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 Service Refresh 5 Fix Pack 10 and earlier releases used by IBM Agile Lifecycle Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2018. Vulnerability Details If you run your own...

XXE in WeChat Pay SDK

Background “Mobile payments surge to $9 trillion a year, changing how people shop, borrow—even panhandle”, as WSJ.com once reported. As a payment security researcher, I occasionally found a perilous problem about WeChat Pay which I think may be esay to make use of. Therefore, I hope to be able to...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems, AIX-based, and Windows-based deployments for IBM PureApplication System

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7, used by the OS Images for IBM PureApplication System. Java 7 is used by IBM Base OS images. These issues were disclosed as part of the IBM Java SDK updates in April 2018. IBM OS Image for Red Hat Lin...

Security Bulletin: Vulnerability in IBM® Java SDK affects IBM SPSS Analytic Server (CVE-2018-2602, CVE-2018-2634)

Summary An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors, and could cause low confidentiality impact, low integrity impact, and low availability...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7, used by the IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK updates in April 2018 and the following vulnerabilities have been addressed. Vulnerability Details CVEI...