138 matches found
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Hypervisor Edition shipped with IBM PureApplication System (CVE-2015-0138)
Summary IBM WebSphere Application Server is shipped as a component of IBM PureApplication System. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin:...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM PureApplication System (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568)
Summary OpenSSL vulnerabilities along with SSL 3 Fallback protection TLSFALLBACKSCSV were disclosed on October 15, 2014 by the OpenSSL Project. OpenSSL is used by IBM PureApplication System. IBM PureApplication System has addressed the applicable CVEs and included the SSL 3.0 Fallback protection...
Security Bulletin: Log viewer vulnerability affects IBM PureApplication System (CVE-2014-6190)
Summary Log viewer vulnerability affects IBM PureApplication System. Vulnerability Details CVEID: CVE-2014-6190 DESCRIPTION: Defined system users without proper permissions can access the log viewer functionality by entering the log page URLs in their browser. CVSS Base Score: 5.0 CVSS Temporal...
Security Bulletin: A security vulnerability has been identified in IBM Tivoli Directory Server and IBM Security Directory Server shipped with IBM PureApplication System. (CVE-2015-0138)
Summary IBM Tivoli Directory Server and IBM Security Directory Server are shipped as a component of IBM PureApplication System. Information about a security vulnerability affecting IBM Tivoli Directory Server and IBM Security Directory Server has been published in a security bulletin. Vulnerabili...
Security Bulletin: Vulnerability in SSLv3 affects IBM PureApplication System (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM PureApplication System. Vulnerability Details CVEID: CVE-2014-3566 DESCRIPTION: The product might allow a remote attacker to obtain sensiti...
Security Bulletin: GNU C library (glibc) vulnerability affects IBM PureApplication System (CVE-2015-0235)
Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM PureApplication System. Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION: The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted, but...
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM PureApplication System (CVE-2014-8730)
Summary IBM HTTP Server is shipped as a component that can be deployed as part of a virtual application pattern or virtual system. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Consult the following security...
Security Bulletin: File path traversal vulnerabilities affect IBM PureApplication System (CVE-2014-6158)
Summary File upload functionality within IBM PureApplication System might lead to server compromise and Denial of Service DoS. Vulnerability Details CVEID: CVE-2014-6158 DESCRIPTION: IBM PureApplication System’s file upload functions might lead to server compromise and DoS when authorized users...
Security Bulletin: Vulnerabilities in Bash affect IBM PureApplication System (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM PureApplication System. Vulnerability Details CVE-ID: CVE-2014-627...
Security vulnerability found in IBM WebSphere Application Server shipped with IBM PureApplication System (CVE-2014-0114)
Abstract Information about a security vulnerability affecting IBM WebSphere Application Server shipped as a component of IBM PureApplication System has been published in a security bulletin. Content IBM WebSphere Application Server is shipped as a component of IBM PureApplication System...
IBM PureApplication System Information Disclosure Vulnerability
IBM PureApplication System is a platform system designed for transactional Web and database applications. An information disclosure vulnerability exists in IBM PureApplication System, which allows remote attackers to bypass privilege checks and read sensitive information...
CVE-2014-6158
Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a 1 Script Package, ...
Directory traversal
Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a 1 Script Package, ...
CVE-2014-6158
Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a 1 Script Package, ...
CVE-2014-6158
CVE-2014-6158 is a directory-traversal flaw affecting IBM PureApplication System (versions 1.0 up to 1.0.0.4 iFix 10; 1.1 up to 1.1.0.5; 2.0 up to 2.0.0.1) and IBM Workload Deployer (3.1.0.7 up to IF5). The vulnerability arises in the file-upload mechanism where authenticated users can manipulate...
CVE-2014-0960
IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine...
CVE-2014-0960
CVE-2014-0960 affects IBM PureApplication System 1.0 (before 1.0.0.4 cfix8) and 1.1 (before 1.1.0.4 IF1). A remote authenticated user can bypass intended access restrictions by establishing an SSH session from a deployed VM. No exploitation details are provided beyond the description. Remediation...
CVE-2014-0960
IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine...