Lucene search
+L

288 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.19 views

Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to cross-site scripting Attack (CVE-2016-9715)

Summary IBM InfoSphere Master Data Management is vulnerable to a cross-site scripting Attack and could allow users to embed arbitrary JavaScript code in the Web UI and lead to disclosure of credentials. Vulnerability Details CVEID: CVE-2016-9715 DESCRIPTION: IBM InfoSphere Master Data Management...

3.5CVSS0.9AI score0.00729EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.12 views

Security Bulletin: IBM InfoSphere Master Data Management Server is affected by WebSphere Application Server traditional vulnerability

Summary IBM WebSphere Application Server 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230. Vulnerability Details CVEID: CVE-2020-4449 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0...

5CVSS1.3AI score0.03932EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.19 views

Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to a Cross Site Request Forgery discovered in MDM User Interface (CVE-2016-9716)

Summary IBM InfoSphere Master Data Management Server is vulnerable to a Cross Site Request Forgery which could allow an attacker to execute malicious and unauthrized actions. Vulnerability Details CVEID: CVE-2016-9716 DESCRIPTION: IBM InfoSphere Master Data Management Server is vulnerable to...

6.8CVSS1.1AI score0.00668EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.18 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary Security Bulletin: WebSphere Application Server is vulnerable to an information disclosure vulnerability CVE-2020-4576. WebSphere Application Server is vulnerable to an information disclosure vulnerability. This has been addressed. Vulnerability Details CVEID: CVE-2020-4576 DESCRIPTION: I...

7.5CVSS1.1AI score0.02041EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.21 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management

Summary WebSphere Application Server traditional is vulnerable to an XML External Entity XXE Injection vulnerability Vulnerability Details CVEID: CVE-2021-20453 DESCRIPTION: IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection XXE attack when...

6.4CVSS1.8AI score0.02563EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.14 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management

Summary WebSphere Application Server traditional is vulnerable to an XML External Entity XXE Injection vulnerability Vulnerability Details CVEID: CVE-2021-20454 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection XXE attack when...

6.4CVSS1.8AI score0.02909EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.40 views

Security Bulletin: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.

Summary We are impacted as we ship WAS in docker image. As per security bulletin: https://www.ibm.com/support/pages/security-bulletin-information-disclosure-vulnerability-websphere-application-server-cve-2019-4441. For V9.0.0.0 through 9.0.5.1: · Upgrade to minimal fix pack levels as required by...

5.3CVSS0.7AI score0.01596EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.21 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management

Summary IBM WebSphere Application Server traditional is vulnerable to an XML External Entity XXE Injection vulnerability Vulnerability Details CVEID: CVE-2021-20492 DESCRIPTION: IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injectio...

6.4CVSS1.7AI score0.02071EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.18 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to read and delete arbitrary files on the system. IBM X-Force ID:...

8.8CVSS1.7AI score0.0186EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.19 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management Server 11.6

Summary IBM WebSphere Application Server 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984. Vulnerability Details CVEID: CVE-2020-4276 DESCRIPTION: IBM WebSphere Application...

6CVSS1AI score0.03121EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.50 views

Security Bulletin: IBM InfoSphere Master Data Management Server vulnerability in OpenSSL

Summary The vulnerability in CVE-2021-23839, CVE-2021-23840, CVE-2021-23841 have been addressed in the latest interim Fix iFix available on Fix Central for all 3 affected versions. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused...

7.5CVSS7AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.19 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by InfoSphere Master Data Management 11.6

Summary IBM WebSphere Application Server Network Deployment 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228. Vulnerability Details CVEID: CVE-2020-4448 DESCRIPTION: IBM...

10CVSS2.3AI score0.12224EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.22 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management 11.6

Summary IBM WebSphere Application Server ND 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured. Vulnerability Details CVEID: CVE-2020-4575 DESCRIPTION: IBM WebSphere Application Server ND 8.5 and 9.0...

4.3CVSS0.7AI score0.00921EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.28 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management

Summary There is a vulnerability in the Dojo library used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID:CVE-2020-5258 DESCRIPTION: Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By...

7.7CVSS6.9AI score0.0399EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.27 views

Security Bulletin: IBM InfoSphere Master Data Management is vulnerable to a Insecure JSF ViewState found in MDM User Interface (CVE-2016-9714)

Summary IBM InfoSphere Master Data Management is vulnerable to a Insecure JSF ViewState found in MDM Busines Admin User Interface which could allow an attacker to execute malicious and unauthorized actions. Vulnerability Details CVEID: CVE-2016-9714 DESCRIPTION: IBM InfoSphere Master Data...

6.8CVSS0.5AI score0.00556EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.12 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary There is a potential denial of service in the Admin Console of WebSphere Application Server. Vulnerability Details CVEID: CVE-2019-4270 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users...

5.4CVSS1.4AI score0.00708EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.23 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery SSRF. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502. Vulnerability Details CVEID:...

6.5CVSS1.7AI score0.01298EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.17 views

Security Bulletin: IBM InfoSphere Master Data Management Reference Data Management Hub is affected by a user password being stored in plain text vulnerability (CVE-2017-1309)

Summary IBM InfoSphere Master Data Management Reference Data Management Hub has addressed the following vulnerability. IBM InfoSphere Master Data Management Reference Data Management Hub stores user credentials in plain text which can be read by a local user. Vulnerability Details CVEID:...

2.1CVSS0.8AI score0.00232EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.20 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management

Summary WebSphere Application Server configured with a federated repository is vulnerable to information disclosure. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

5.3CVSS6AI score0.01345EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.34 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary IBM WebSphere Application Server 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370. Vulnerability Details CVEID:...

8.8CVSS1.1AI score0.00744EPSS
Exploits0Affected Software1
Rows per page
Query Builder