68 matches found
EUVD-2016-6901
Malware in sbrugna...
Security Bulletin: Rational Asset Analyzer is affected by two WebSphere Application Server vulnerabilities. (CVE-2021-23450, CVE-1999-0001)
Summary WebSphere Application Server Liberty used by Rational Asset Analyzer is vulnerable to remote code execution due to Dojo. This has been addressed. Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a...
Security Bulletin: Rational Asset Analyzer is vulnerable to denial of service due to GraphQL Java (CVE-2022-37734)
Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by Rational Asset Analyzer. This vulnerability is located in the GraphQL Java library used by IBM WebSphere Application Server Liberty, with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. This has been addresse...
Security Bulletin: Rational Asset Analyzer is vulnerable to HTTP header injection (CVE-2022-34165)
Summary IBM WebSphere Application Server Liberty used by Rational Asset Analyzer is vulnerable to HTTP header injection. This has been addressed. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server...
Security Bulletin: Rational Asset Analyzer is vulnerable to an Information disclosure (CVE-2022-22393)
Summary IBM WebSphere Application Server Liberty used by Rational Asset Analyzer could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. This has been addressed. Vulnerability Details CVEID:CVE-2022-22393...
Security Bulletin: Rational Asset Analyzer is vulnerable to identity spoofing by an authenticated user using a specially crafted request (CVE-2022-22476)
Summary IBM WebSphere Application Server Liberty used by Rational Asset analyzer is vulnerable to identity spoofing by an authenticated user using a specially crafted request. This has been addressed. Vulnerability Details CVEID:CVE-2022-22476 DESCRIPTION: IBM WebSphere Application Server Liberty...
Security Bulletin: Rational Asset analyzer is vulnerable to spoofing due to Eclipse Paho (CVE-2019-11777)
Summary IBM WebSphere Application Server Liberty used by Rational Asset Analyzer is vulnerable to spoofing in the Eclipse Paho library with the rtcomm-1.0 or rtcommGateway-1.0 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: Eclipse Paho Java clien...
Security Bulletin: Rational Asset Analyzer is vulnerable to Identity Spoofing (CVE-2022-22475)
Summary IBM WebSphere Application Server Liberty used by Rational Asset analyzer is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-22475 DESCRIPTION: IBM...
Security Bulletin: Rational Asset Analyzer is affected by two WebSphere Application Server vulnerabilities. (CVE-2021-39038, CVE-1999-0002)
Summary WebSphere Application Server used by Rational Asset analyzer is vulnerable to Clickjacking. This has been addressed. Vulnerability Details CVEID: CVE-2021-39038 DESCRIPTION: IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could...
Security Bulletin: Rational Asset Analyzer is affected by a WebSphere Application Server vulnerability (CVE-2022-22310).
Summary WebSphere Application Server Liberty used by Rational Asset Analyzer is vulnerable to an Information Disclosure attack. This has been addressed. Vulnerability Details CVEID:CVE-2022-22310 DESCRIPTION: IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weake...
Security Bulletin: A vulnerability in IBM® SDK, Java™ may affect Rational Asset Analyzer (CVE-2021-35550)
Summary There is a vulnerability in IBM® Java™ version 8 used by Rational Asset Analyzer. This has been addressed. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain...
Security Bulletin: Rational Asset Analyzer is affected by two WebSphere Application Server vulnerabilities (CVE-2018-25031, CVE-2021-46708)
Summary There are multiple vulnerabilities in the swagger-ui library used by IBM WebSphere Application Server Liberty. These vulnerabilities could allow spoofing attacks or clickjacking vulnerabilities. This has been addressed. Vulnerability Details CVEID: CVE-2018-25031 DESCRIPTION: swagger-ui...
Security Bulletin: A vulnerability in IBM® SDK, Java™ affects Rational Asset Analyzer (CVE-2021-35603)
Summary There is a vulnerability in IBM® Java™ version 8 used by Rational Asset Analyzer. This has been addressed. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain...
Security Bulletin: Rational Asset Analyzer (RAA) is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)
Summary A vulnerability in Apache Log4j CVE-2021-4104 affects WebSphere Application Server WAS Liberty which is used by RAA. The vulnerability was addressed by removing Apache Log4j from WAS Liberty. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacke...
Security Bulletin: Rational Asset Analyzer is affected by vulnerabilities in WebSphere Application Server Liberty.
Summary Rational Asset Analyzer team has addressed the following vulnerabilities in WebSphere Application Server Liberty: CVE-2021-35517 and CVE-2021-36090 Vulnerability Details CVEID: CVE-2021-35517 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of...
Security Bulletin: Vulnerabilities in IBM Java affecting IBM Rational Asset Analyzer.
Summary Multiple vulnerabilities are identified in IBM® SDK Java™ Technology Edition Version 1.8 that is used by IBM Rational Asset Analyzer. These issues were disclosed as part of the IBM Java SDK updates in October 2021 . Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified...
Security Bulletin: Rational Asset Analyzer is affected by a WebSphere Application Server vulnerability.
Summary WebSphere Application Server Liberty used by Rational Asset Analyzer is vulnerable to an XML External Entity Injection XXE vulnerability. This has been addressed. Vulnerability Details CVEID: CVE-2021-20492 DESCRIPTION: IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batc...
Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability (CVE-2021-26296)
Summary Rational Asset Analyzer RAA has addressed the following vulnerability: CVE-2021-26296 Vulnerability Details CVEID: CVE-2021-26296 DESCRIPTION: Apache MyFaces is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated...
Security Bulletin: Rational Asset Analyzer is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2020-5258)
Summary Rational Asset Analyzer team has addressed the following vulnerability: CVE-2020-5258. Vulnerability Details CVEID: CVE-2020-5258 DESCRIPTION: Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By injecting other values, a...
Security Bulletin: A vulnerabilities in IBM Java affects IBM Rational Asset Analyzer.
Summary A vulnerability identified in IBM® SDK Java™ Technology Edition Version 1.8 that is used by IBM Rational Asset Analyzer. These issues were disclosed as part of the IBM Java SDK updates in January 2021. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability i...