Lucene search
+L

288 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/10/02 10:46 p.m.20 views

Security Bulletin: IBM Master Data Management vulnerable to denial of service from IBM Business Automation Workflow using Apache Johnzon

Summary IBM Master Data Management version 14.0 is impacted by vulnerability in IBM Business Automation Workflow. Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON input, a remote attacker could exploit...

5.3CVSS5.7AI score0.01454EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/02 10:41 p.m.28 views

Security Bulletin: IBM Master Data Management is vulnerable to denial of service from Apache Commons Compress used in IBM Business Workflow Automation

Summary IBM Master Data Management v14.0 is vulnerable to denial of service from Apache commons compress used in IBM Business Workflow Automation. Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially crafted DUMP...

8.1CVSS6.8AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/13 6:33 p.m.24 views

Security Bulletin: IBM Master Data Management affected by vulnerabilites in IBM WebSphere Application Server to cross-site scripting (CVE-2024-35153)

Summary IBM Master Data Management version 11.6, 12.0 and 14.0 are impacted by vulnerability in IBM WebSphere Application Server. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential...

4.8CVSS4.9AI score0.00362EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/09 4:11 p.m.17 views

Security Bulletin: IBM Master Data Management vulnerable to remote code execution from vulnerability in IBM WebSphere Application Server (CVE-2024-35154)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server. IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Usin...

7.2CVSS7.7AI score0.01163EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/28 2:18 p.m.21 views

Security Bulletin: IBM Master Data Management is vulnerable to identity spoofing caused by vulnerabilites in IBM WebSphere Application Server

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability to identity spoofing in WebSphere Application Server. IBM WebSphere Application Server is vulnerable to identity spoofing by an authenticated user due to improper signature validation. Vulnerability Details...

8.8CVSS8.4AI score0.00353EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/10 7:30 p.m.27 views

Security Bulletin: IBM Master Data Management affected by vulnerabilities in IBM WebSphere Application Server (CVE-2023-51775)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server . IBM WebSphere Application uses the jose4j library which was found to be vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2...

6.5CVSS6.6AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/10 2:18 p.m.22 views

Security Bulletin: IBM Master Data Management affected by IBM WebSphere Application Server vulnerabilities to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server. IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expo...

7CVSS7.3AI score0.00649EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/07 10:22 p.m.22 views

Security Bulletin: IBM Master Data Management affected by IBM WebSphere Application Server vulnerabilities to server-side request forgery (CVE-2024-22329)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server. WebSphere Application Server is vulnerable to server-side request forgery SSRF. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct th...

4.3CVSS5.4AI score0.00302EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/07 5:19 p.m.21 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2024-25026)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server which is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

7.5CVSS6.4AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/06 8:34 p.m.23 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2023-50313)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server which could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. This may result in SSL cipher suites being ignored...

6.5CVSS5.8AI score0.00177EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/06 1:41 p.m.36 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2022-40609)

Summary IBM Master Data Management is impacted by vulnerabilities in IBM WebSphere Application Server where IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending...

9.8CVSS9.2AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/06 1:29 a.m.35 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2023-35890)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server which could provide weaker than expected security, caused by the improper encoding in a local configuration file. Vulnerability Details CVEID:CVE-2023-35890 DESCRIPTION: IBM...

5.5CVSS5.3AI score0.00122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/21 5:34 p.m.37 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary IBM WebSphere Application Server could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. Vulnerability Details CVEID:CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Serve...

4.3CVSS4.2AI score0.0112EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 5:22 p.m.23 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary There is a vulnerability in the Apache Commons FileUpload library used by IBM WebSphere Application Server and used by IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. This has been addressed in the...

7.5CVSS7.6AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 5:18 p.m.18 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary IBM WebSphere Application Server, used by Master Data Management, is vulnerable to spoofing via the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. This has been addressed in the remediation section. Vulnerability Details...

5.3CVSS5.1AI score0.00362EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 5:16 p.m.24 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185. Vulnerability Details...

9.1CVSS7.6AI score0.00859EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/27 7:1 p.m.30 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2023-30441)

Summary IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE components could expose sensitive information using a combination of flaws and configurations within WebSphere Application Server used by Master Data Management. Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IB...

7.5CVSS7.5AI score0.00609EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/27 6:51 p.m.19 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

7.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/27 1:56 a.m.43 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary IBM Master Data Management is affected by vulnerablity in IBM WebSphere Application Server being vulnerable to cross-site scripting in the Admin Console when using the Application Migration Report function. This has been addressed. Vulnerability Details CVEID:CVE-2022-40750 DESCRIPTION: I...

5.4CVSS5.4AI score0.00371EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/11 9:10 p.m.47 views

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM WebSphere Application Servers used by IBM Master Data Management (CVE-2022-21496, CVE-2022-21434, CVE-2022-21443)

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. These might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere...

5.3CVSS6.2AI score0.03458EPSS
Exploits0Affected Software1
Rows per page
Query Builder