213 matches found
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager
Summary IBM WebSphere Application Server is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Older version of common Open Source: batik-dom-1.9.1.jar found in the MaximoForgeViewerPlugIn which is shipped with IBM Maximo for Civil Infrastructure
Summary There is an older version of common Open Source: batik-dom-1.9.1.jar found in the Maximo data loader which is shipped with IBM Maximo for Civil Infrastructure. In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream a...
Security Bulletin: A vulnerability has been identified in Apache Batik, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2019-17566)
Summary Apache Batik is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in t...
Security Bulletin: A vulnerability has been identified in Apache Batik, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2019-17566)
Summary Apache Batik is a required product forwith IBM Tivoli Network Manager version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server traditional shipped with IBM Operations Analytics
Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WebSphere Application Server security vulnerability CVE-2019-17566 due to Apache Batik vulnerability has been published in a security bulletin. Vulnerability Detai...
CVE-2019-17566
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...
DEBIAN-CVE-2019-17566
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...
CVE-2019-17566
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...
Server side request forgery (ssrf)
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...
CVE-2019-17566
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...
CVE-2019-17566
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...
CVE-2019-17566
CVE-2019-17566 (Apache Batik) is a server-side request forgery caused by improper input validation in xlink:href attributes, potentially allowing an attacker to trigger arbitrary GET requests from the vulnerable server. Connected advisories reference Batik-related SSRF issues across IBM JRS, SUSE...
Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to CVE-2019-17566
Summary There is a server-side request forgery vulnerability in the Apache Batik library which is used by WebSphere Application Server. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...
batik: SSRF via "xlink:href"
A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack SSRF via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system...
Security Bulletin: Open Source Apache Batik vulnerability affects Rational Developer for System z (CVE-2015-0250)
Summary Rational Developer for System z is affected by the Open Source Apache Batik vulnerability and has addressed the applicable CVEs Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information require...
Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-13934 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by not releasing the HTTP/1.1 processor after...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Tivoli Access Manager for e-business
Summary IBM WebSphere Application Server is shipped with Tivoli Access Manager for e-business. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Vulnerability in Apache Batik library affects IBM Cúram Social Program Management (CVE-2019-17566)
Summary IBM Cúram Social Program Management uses Apache Batik libraries, for which there is a publicly known vulnerability. Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. Vulnerability Details CVEID: CVE-2019-17566...
Security Bulletin: A Security Vulnerability Has Been Identified In Apache Batik used by IBM WebSphere Application Server which is shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2019-17566)
Summary A Security Vulnerability Has Been Identified In Apache Batik. IBM WebSphere Application Server which is shipped with IBM Security Access Manager for Enterprise Single Sign-On is affected by Apache Batik. Information about this security vulnerability affecting IBM WebSphere Application...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest
Summary IBM WebSphere Application Server WAS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting WAS have been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...