103 matches found
Security Bulletin: Vulnerability in IBM Sterling Order Management
Summary golang.org/x/net-v0.52.0 is vulnerable, When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0. Vulnerability Details CVEID:CVE-2026-33814 DESCRIPTION: When processing HTTP/2...
EUVD-2016-6887
Malware in sbrugna...
EUVD-2016-10774
Malware in sbrugna...
EUVD-2013-0516
Malware in sbrugna...
EUVD-2013-0517
Malware in sbrugna...
EUVD-2016-9742
Malware in sbrugna...
EUVD-2022-37288
Malicious code in bioql PyPI...
EUVD-2021-7972
Malicious code in bioql PyPI...
EUVD-2022-36995
Malicious code in bioql PyPI...
CVE-2022-33959
IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320...
CVE-2022-34333
IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698...
Security Bulletin: IBM Sterling Order Management using IBM WebSphere Application Server Liberty is vulnerable to a denial of service attack.
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service attack caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. Vulnerability Details CVEID:CVE-2023-38737 DESCRIPTION: I...
Security Bulletin: Order Management is subject to an Apache Batik vulnerability and could allow a remote attacker to obtain sensitive information.
Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2015-0250, however the specific code related to the vulnerability is not in use, therefore the risk is lower. This bulletin identifies the steps to take to address the vulnerability...
Security Bulletin: Order Management is subject to vulnerabilities regarding XML service where a remote attacker could exploit this vulnerability.
Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2009-2625, CVE-2013-4002, CVE-2012-0881, however the specific code related to the vulnerability is not in use, therefore the risk is lower. This bulletin identifies the steps to take to...
Security Bulletin: Apache Commons vulnerability
Summary Apache Commons vulnerability Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted...
Security Bulletin: Struts vulnerability
Summary Apache Struts is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an incomplete cleanup of the struts.multipart.saveDir directory after an upload request is denied. By sending a speciall...
Security Bulletin: Struts vulnerability
Summary Apache Struts is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-34149 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw with only handling setProperty but not getProperty. By sending a specially crafted request, a remote attacker cou...
Security Bulletin: Apache Struts Vulnerability
Summary Apache Struts Vulnerability Vulnerability Details CVEID:CVE-2023-34396 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw when processing Multipart request containing non-file normal form fields. By sending a specially crafted request, a remote attacker coul...
Security Bulletin: FasterXML jackson-databind vulnerabilites impact IBM Sterling Order Management
Summary Various FasterXML jackson-databind vulnerabilites include the following: could allow a remote attacker to execute arbitrary code on the system, could provide weaker than expected security, could allow a remote attacker to obtain sensitive information, could be vulnerable to a denial of...
Security Bulletin: IBM Sterling Order Management Golang Go Vulnerability
Summary Golang Go could allow a remote attacker to obtain sensitive information, Vulnerability Details CVEID:CVE-2022-29526 DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw in the Faccessat function when called with a non-zero flags parameter...