EUVD-2020-0452

Malware in sbrugna...

EUVD-2022-3018

Malicious code in bioql PyPI...

Security Bulletin: Multiple vulnerabilities in DITA, Apache Batik, Apache FOP may affect IBM Business Automation Workflow and IBM Case Manager

Summary IBM Business Automation Workflow and IBM Case Manager packages DITA for documentation generation in Case Management. Multiple CVEs have been reported for open source libraries repackaged in DITA. A few of the same open source libraries, such as Apache Batik and Apache FOP, are also used f...

Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities fixed in 9.7.2.7

Summary cURL libcurl, Apache Xerces2 Java, Apache Jena, Spring Framework, json-smart-v1 and json-smart-v2 , libxml2, Apache Standard Taglibs , Apache ActiveMQ, Apache Commons Codec are identified as vulnerable components with multiple reported vulnerabilities, CVE-2022-35260, CVE-2022-42915,...

Amazon Linux 2 : xerces-j2 (ALAS-2024-2649)

The version of xerces-j2 installed on the remote host is prior to 2.11.0-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2649 advisory. Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service CPU consumption via a crafted...

Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager software component and IBM Security Verify Governance - Identity Manager virtual appliance component. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu...

Security Bulletin: IBM Sterling B2B Integrator vulnerable to denial of service due to Apache Xerces2 Java (CVE-2012-0881, CVE-2022-23437 )

Summary IBM Sterling B2B Integrator uses Apache Xerces2 Java libraries. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2012-0881 DESCRIPTION: Apache Xerces2 Java is vulnerable to a denial of service, caused by a flaw in the XML service. ...

Security Bulletin: Vulnerability in Apache Xerces2 Java XML Parser affect IBM Engineering Lifecycle Optimization - Publishing

Summary Vulnerability in Apache Xerces2 Java XML Parser affect IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuadi...

Security Bulletin: Multiple vulnerabilities in Apache Xerces2 Java XML Parser affect IBM Application Performance Management products

Summary Apache Xerces2 Java XML Parser is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to open a...

Oracle Business Process Management Suite (Jul 2023 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by multiple vulnerabilities, as referenced in the July 2023 CPU advisory, including: - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component:...

Security Bulletin: TADDM is vulnerable to a denial of service due to vulnerability in Apache Xerces2 J Library

Summary Apache Xerces2 J used by IBM Tivoli Application Dependency Discovery Manager and is vulnerable to CVE-2012-0881 Vulnerability Details CVEID:CVE-2012-0881 DESCRIPTION: Apache Xerces2 Java is vulnerable to a denial of service, caused by a flaw in the XML service. By sending a specially...

Security Bulletin: IBM Cloud Pak for Network Automation 2.5.0 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.5.0 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-31047 DESCRIPTION: Django could allow a remote attacker to bypass security restrictions. By sending a specially-crafted request, an attacker...

Security Bulletin: IBM Operational Decision Manager May 2023 - Multiple CVEs

Summary This Security Bulletin addresses the security vulnerabilities that have been fixed within the IBM Operational Decision Manager. This product now includes fixes for the following security vulnerabilities. Vulnerability Details CVEID:CVE-2023-20862 DESCRIPTION: VMware Tanzu Spring Security...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to denial of service due to [CVE-2012-0881], [CVE-2013-4002] and [CVE-2022-23437]

Summary Apache Xerces is not used by IBM App Connect Enterprise Certified Container but was present in an image. IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to...

Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces_2.9.0.v201101211617-4.8.0.jar

Summary Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces2.9.0.v201101211617-4.8.0.jar. Hence org.apache.xerces2.9.0.v201101211617-4.8.0.jar upgraded to org.apache.xerces2.12.2.v201101211617-4.8.0.jar to fix vulnerabilities. Vulnerability Details CVEID:CVE-2012-088...

Oracle Application Testing Suite (Apr 2023 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apac...

Security Bulletin: IBM Sterling Secure Proxy vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy 6.0.3.0 and are addressed in the latest iFix. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading ...

Code injection

Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service CPU consumption via a crafted message to an XML service, which triggers hash table collisions...

CVE-2013-4002

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...

CVE-2013-4002

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...