IBM多款产品 安全漏洞

IBM Verify Identity Access Container is a product of the American multinational company International Business Machines IBM. IBM Verify Identity Access Container is a containerized software that provides identity authentication and authorization capabilities for applications. IBM Security Verify...

CVE-2023-25848

ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. The information disclosed is limited to a single attribute in a database...

GHSA-23HV-MWM6-G8JF Apache Tomcat Session Fixation vulnerability

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 ...

IBM Controller 安全漏洞

IBM Cognos Controller is a corporate performance management CPM software for financial consolidation, reporting and analysis. A weak password vulnerability exists in IBM Cognos Controller versions 11.0.0 through 11.1.0, which stems from the fact that the system does not require users to set stron...

PT-2025-7407 · Ibm · Ibm Cognos Controller +1

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 FP3 IBM Controller version 11.1.0 Description: The issue concerns unrestricted deserialization in the application, allowing users to execute arbitrary code, escalate privileges, or cause...

IBM Cognos Controller SQL注入漏洞

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and creating and managing financial reports. An SQL injection vulnerability exists in IBM Cognos Controller...

Vulnerability discovered in Palo Alto PAN-OS

Palo Alto has discovered a vulnerability in PAN-OS. A unauthenticated malicious person can exploit the vulnerability to execute arbitrary code on the vulnerable system with root privileges. The vulnerability is found only in PAN-OS versions 10.2, 11.0 and 11.1, if both the GlobalProtect Gateway a...

PT-2024-19363 · Ibm · Ibm Semeru Runtime

Name of the Vulnerable Software and Affected Versions: IBM Semeru Runtime versions 8.0.302.0 through 8.0.392.0 IBM Semeru Runtime versions 11.0.12.0 through 11.0.21.0 IBM Semeru Runtime versions 17.0.1.0 through 17.0.9.0 IBM Semeru Runtime version 21.0.1.0 Description: The issue is related to the...

CVE-2023-25832

There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions...

PT-2023-6619 · Oracle +1 · Java +1

Name of the Vulnerable Software and Affected Versions: Adobe LiveCycle ES4 versions 11.0 and earlier Adobe LiveCycle ES4 version 11.0.1 and later with Java environment 7u21 and earlier Description: A Java insecure deserialization vulnerability allows unauthenticated remote attackers to gain...

SUSE CVE-2013-0626

Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0610...

Johnson Controls Metasys ADS/ADX/OAS 安全漏洞

Johnson Controls Metasys ADS/ADX/OAS Servers is an application and data server from Johnson Controls, Inc. A security vulnerability exists in Johnson Controls Metasys ADS/ADX/OAS version 10 up to and including 10.1.6, and version 11 up to and including 11.0.3, which stems from insufficient...

Eclipse Jetty 安全漏洞

Eclipse Jetty is an open source, Java-based Web server and Java Servlet container from the Eclipse Foundation. A security vulnerability exists in Eclipse Jetty, which stems from a pooled ByteBuffer that is not freed by SslConnection, and affects the following products and versions: versions 10.0....

PT-2021-22721 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.0 and later Description: The requirement to enforce 2-factor authentication 2FA is not honored when using git commands in the affected versions. Recommendations: For GitLab CE/EE versions 11.0 and later, consider...

Apple macOS Big Sur路径遍历漏洞

Apple macOS Big Sur is a mobile application app from Apple Inc. Apple macOS Big Sur suffers from a path traversal vulnerability that affects the following products and versions: macOS 11.0 20A2411, 11.0.1 20B29, 11.0.1 20B50, 11.1 20C69, 11.2 20D64, 11.2.1 20D74, 11.2.1 20D75, 11.2.2 20D80, 11.2....

HPE IceWall SSO 跨站脚本漏洞

HPE IceWall SSO is a single sign-on program from Hewlett Packard Enterprise hpe that provides authentication capabilities to users. A cross-site scripting vulnerability exists in HPE IceWall SSO Domain Gateway and affects the following products and versions: HPE IceWall SSO Domain Gateway 10.0 on...

CVE-2020-4377

IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156...

Unspecified Vulnerability in IBM Cognos Analytics

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A security vulnerability exists...

CVE-2019-4334

IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271...