Lucene search
K

103 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 11:42 a.m.5 views

Security Bulletin: Vulnerability in IBM Sterling Order Management

Summary golang.org/x/net-v0.52.0 is vulnerable, When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0. Vulnerability Details CVEID:CVE-2026-33814 DESCRIPTION: When processing HTTP/2...

7.5CVSS5.8AI score0.00781EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-6887

Malware in sbrugna...

4.3CVSS4.6AI score0.00842EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2016-10774

Malware in sbrugna...

8CVSS8AI score0.00556EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2013-0516

Malware in sbrugna...

5.5CVSS6.4AI score0.01074EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2013-0517

Malware in sbrugna...

4.3CVSS6.4AI score0.01148EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-9742

Malware in sbrugna...

8.8CVSS8.8AI score0.00554EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-37288

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00595EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-7972

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00632EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-36995

Malicious code in bioql PyPI...

8.1CVSS8AI score0.00454EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 12:51 a.m.8 views

CVE-2022-33959

IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320...

8.1CVSS6.4AI score0.00454EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:55 p.m.4 views

CVE-2022-34333

IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698...

7.5CVSS6.5AI score0.00595EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/30 6:56 p.m.14 views

Security Bulletin: IBM Sterling Order Management using IBM WebSphere Application Server Liberty is vulnerable to a denial of service attack.

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service attack caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. Vulnerability Details CVEID:CVE-2023-38737 DESCRIPTION: I...

7.5CVSS6.5AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/12 5:40 p.m.30 views

Security Bulletin: Order Management is subject to an Apache Batik vulnerability and could allow a remote attacker to obtain sensitive information.

Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2015-0250, however the specific code related to the vulnerability is not in use, therefore the risk is lower. This bulletin identifies the steps to take to address the vulnerability...

6.4CVSS7.3AI score0.16677EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/12 5:33 p.m.30 views

Security Bulletin: Order Management is subject to vulnerabilities regarding XML service where a remote attacker could exploit this vulnerability.

Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2009-2625, CVE-2013-4002, CVE-2012-0881, however the specific code related to the vulnerability is not in use, therefore the risk is lower. This bulletin identifies the steps to take to...

7.8CVSS6.8AI score0.3038EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/10 9:42 p.m.37 views

Security Bulletin: Apache Commons vulnerability

Summary Apache Commons vulnerability Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted...

7.5CVSS7.6AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/10 9:40 p.m.46 views

Security Bulletin: Struts vulnerability

Summary Apache Struts is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an incomplete cleanup of the struts.multipart.saveDir directory after an upload request is denied. By sending a speciall...

7.5CVSS7.5AI score0.06286EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/10 9:39 p.m.38 views

Security Bulletin: Struts vulnerability

Summary Apache Struts is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-34149 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw with only handling setProperty but not getProperty. By sending a specially crafted request, a remote attacker cou...

6.5CVSS5.4AI score0.05403EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/10 6:2 p.m.28 views

Security Bulletin: Apache Struts Vulnerability

Summary Apache Struts Vulnerability Vulnerability Details CVEID:CVE-2023-34396 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw when processing Multipart request containing non-file normal form fields. By sending a specially crafted request, a remote attacker coul...

7.5CVSS5.7AI score0.05467EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/06 10:52 p.m.51 views

Security Bulletin: FasterXML jackson-databind vulnerabilites impact IBM Sterling Order Management

Summary Various FasterXML jackson-databind vulnerabilites include the following: could allow a remote attacker to execute arbitrary code on the system, could provide weaker than expected security, could allow a remote attacker to obtain sensitive information, could be vulnerable to a denial of...

9.8CVSS9.6AI score0.26587EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/17 6:38 p.m.39 views

Security Bulletin: IBM Sterling Order Management Golang Go Vulnerability

Summary Golang Go could allow a remote attacker to obtain sensitive information, Vulnerability Details CVEID:CVE-2022-29526 DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw in the Faccessat function when called with a non-zero flags parameter...

5.3CVSS7.7AI score0.02593EPSS
Exploits1Affected Software1
Rows per page
Query Builder