42 matches found
EUVD-2022-5374
Malicious code in bioql PyPI...
EUVD-2022-1624
Malicious code in bioql PyPI...
EUVD-2022-3343
Malicious code in bioql PyPI...
Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Express.
Summary There are multiple vulnerabilities in Open Source Apache Tomcat that is used by IBM Cognos Express. Additionally, there are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Cognos Express. This bulletin also addresses LOGJAM: The...
Security Bulletin: A vulnerability in Apache WSS4J affects IBM Tivoli Business Service Manager (CVE-2014-3623)
Summary Apache WSS4J is shipped with IBM Tivoli Business Manager 6.2.0 as part of its web services infrastructure. Information about security vulnerabilities affecting Apache WSS4J has been published in a security bulletin. Vulnerability Details CVEID:CVE-2014-3623 DESCRIPTION: Apache CXF could...
GHSA-6R5V-HP32-FJQW Improper Access Control in Apache WSS4J
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."...
Improper Access Control in Apache WSS4J
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."...
Improper Authentication in Apache WSS4J
The LDAPLoginModule implementation in the Java Authentication and Authorization Service JAAS in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier...
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J
Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this...
Security Bulletin: Apache WSS4J Vulnerabilities Affect IBM Sterling B2B Integrator
Summary IBM Sterling B2B Integrator has addressed the security vulnerablities from WSS4J. Vulnerability Details CVEID: CVE-2015-0227 DESCRIPTION: Apache WSS4J could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce the...
Improper Authentication in Apache WSS4J
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecifi...
GHSA-99V3-9X35-C5VF Improper Authentication in Apache WSS4J
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecifi...
GHSA-4QQF-HMV6-R6WH Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J
The implementations of PKCS1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack...
CVE-2011-2487
The implementations of PKCS1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack...
Design/Logic Flaw
The implementations of PKCS1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack...
CVE-2011-2487
CVE-2011-2487 is referenced by GitHub advisory GHSA-vjwc-5HFH-2VV5, which notes that Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 leak information about decryption failures when decrypting an encrypted key or message data, making it easier to recover plaintext keys via crafted messages. The ...
Security Bulletin: IBM Tivoli Netcool Impact is affected by open source vulnerabilities
Summary IBM Tivoli Netcool Impact has addressed the following open source vulnerabilities. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could allow a remote attacker to...
Security Bulletin: Multiple vulnerabilities in Open Source Apache WSS4J affect IBM InfoSphere DataStage Web services pack (CVE-2015-0226 CVE-2015-0227)
Summary There are multiple vulnerabilities in Open Source Apache WSS4J that is used by IBM InfoSphere DataStage Web services pack. Vulnerability Details CVE-ID: CVE-2015-0226 DESCRIPTION : Apache WSS4J could allow a remote attacker to obtain sensitive information, caused by Bleichenbacher's attac...
Security Bulletin: Multiple Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.6
Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 8.5.5.6, IBM WebSphere Application Server Hypervisor 8.5.5.6 and IBM WebSphere Application Server Liberty Profile 8.5.5.6. Vulnerability Details CVEID: CVE-2015-0226 DESCRIPTION: Apache WSS4J could...
CVE-2015-0226
Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this...