Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to json-20190722.jar

Summary IBM webMethods BPM uses json-20190722.jar for reading and parsing of JSON data. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite...

CVE-2024-2223

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux...

IBM Security Verify Privilege Manager Access Control Error Vulnerability

IBM Security Verify Privilege Manager is a security management software from International Business Machines IBM for endpoint privilege management and application control in corporate environments. The software stops unintentional downloads of malware and ransomware from attacking applications by...

KLA48561 Multiple vulnerabilities in Microsoft Dynamics

Multiple vulnerabilities were found in Microsoft Dynamics 365. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in Microsoft Dynamics 365 on-premises can be exploited...

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro, Inc. An elevation of privilege vulnerability exists in the 2019 on-prem, SaaS version of Trend Micro Apex One, which stems from the use of local time for Vulnerability Protection Service checks, which could be exploited to...

CVE-2020-7390

Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component. Updates are available for on-premises versions of Version 12 components shipped with Syracuse...

CVE-2018-8608

A cross site scripting vulnerability exists when Microsoft Dynamics 365 on-premises version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 on-premises version 8 Cross Site Scripting Vulnerability." This affects Microsoft...

Remote code execution

A remote code execution vulnerability exists in Microsoft Dynamics 365 on-premises version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 on-premises version 8 Remote Code Execution Vulnerability." This affects Microsoft...