Lucene search
K

81 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 7:22 p.m.49 views

Security Bulletin: Multiple vulnerabilities in IBM Liberty for Java for IBM Cloud

Summary There are vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM Liberty for Java for IBM Cloud. This product has addressed the applicable CVE. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code t...

9.8CVSS8.2AI score0.99999EPSS
Exploits19
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/06 6:4 p.m.34 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud due to April 2023 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. The CVEs listed in this document might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you...

9.1CVSS8.6AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 6:19 p.m.29 views

Security Bulletin: IBM Liberty for Java for IBM Cloud is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary There is a vulnerability in the Apache Commons FileUpload library used by IBM Liberty for Java for IBM Cloud with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. This has been addressed in the remediation section. Vulnerability Details...

7.5CVSS7.8AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/09 3:38 p.m.38 views

Security Bulletin: IBM Liberty for Java for IBM Cloud is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)

Summary There is a vulnerability in the Apache CXF library used by IBM Liberty for Java for IBM Cloud with the jaxws-2.2 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a flaw in...

9.8CVSS9.3AI score0.0193EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/10 6:48 p.m.35 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects Liberty for Java for IBM Cloud due to the October 2022 CPU plus CVE-2022-3676

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. The CVEs listed in this document might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you...

6.5CVSS6.3AI score0.02376EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/27 2:55 a.m.33 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to a Denial of Service due to Neko HTML (CVE-2022-24839)

Summary There is a vulnerability in the Neko HTML library used by Liberty for Java for IBM Cloud with the openid-2.0 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-24839 DESCRIPTION: Sparkle Motion Nokogiri is vulnerable to a denial of service, caused by a...

7.5CVSS7.5AI score0.02114EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 5:40 p.m.29 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to Identity Spoofing (CVE-2022-22475)

Summary Liberty for Java for IBM Cloud is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Op...

6.5CVSS6.1AI score0.00564EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:9 p.m.51 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud due to July 2022 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code usin...

5.9CVSS7AI score0.0296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:9 p.m.14 views

Security Bulletin: Vulnerability in IBM® Java SDK affects Liberty for Java for IBM Cloud due to July 2022 CPU plus deferred CVE-2021-2163

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code usin...

5.3CVSS6AI score0.03566EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.38 views

Security Bulletin: A vulnerability may affect IBM® SDK, Java™ Technology Edition used in Liberty for Java for IBM Cloud (CVE-2020-2590)

Summary CVE-2020-2590 was disclosed in the Oracle January 2020 Critical Patch Update. Vulnerability Details CVEID:CVE-2020-2590 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact...

3.7CVSS5.3AI score0.03085EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.77 views

Security Bulletin: Vulnerability in Apache CXF affects Liberty for Java for IBM Cloud(CVE-2019-12406)

Summary There is a denial of service in the Apache CXF library used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID:CVE-2019-12406 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by the failure to restrict the number of message attachment...

6.5CVSS6.5AI score0.06257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.25 views

Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition used in Liberty for Java

Summary CVE-2019-2949 was disclosed in the Oracle October 2019 Critical Patch Update Vulnerability Details CVEID:CVE-2019-2949 DESCRIPTION: An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting i...

6.8CVSS6.2AI score0.03603EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.34 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud January 2020 CPU

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These may affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application...

8.1CVSS8.2AI score0.04903EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.29 views

Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition included in Liberty for Java for IBM Cloud

Summary CVE-2020-2654 was disclosed as part of the Oracle January 2020 Critical Patch Update. Vulnerability Details CVEID:CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of...

3.7CVSS5.5AI score0.03823EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.21 views

Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting that affects Liberty for Java for IBM Cloud (CVE-2020-4303, CVE-2020-4304)

Summary There is a cross-site scripting vulnerability in the OAuth, OpenID Connect and SAML features. This has been addressed. Vulnerability Details CVEID:CVE-2020-4303 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This...

6.1CVSS6AI score0.00797EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.15 views

Security Bulletin: A vulnerability in IBM® Java SDK affects Liberty for Java for IBM Cloud CVE-2021-35561 (deferred from Oracle Jul 2021 CPU)

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code using the IBM...

5.3CVSS6.3AI score0.06468EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.61 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud due to April 2022 CPU (minus CVE-2022-21426)

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code usin...

5.3CVSS6.7AI score0.03203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.23 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to LDAP Injection (CVE-2021-39031)

Summary Liberty for Java for IBM Cloud is vulnerable to LDAP injection. This has been addressed. Vulnerability Details CVEID:CVE-2021-39031 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. B...

8.8CVSS8.5AI score0.02017EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.22 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to a denial of service (CVE-2019-4720)

Summary There is a denial of service vulnerablility in WebSphere Application Server. Vulnerability Details CVEID:CVE-2019-4720 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacke...

7.5CVSS7.5AI score0.0207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.20 views

Security Bulletin: Man in the middle vulnerability in Liberty for Java for IBM Cloud (CVE-2014-3603)

Summary There is a man in the middle vulnerability in WebSphere Application Server Liberty. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2014-3603 DESCRIPTION: The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4....

5.9CVSS5.5AI score0.00844EPSS
Exploits1Affected Software1
Rows per page
Query Builder