2994 matches found
RHCOS 4 : OpenShift Container Platform 4.9.59 (RHSA-2023:1524)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1524 advisory. - apache-commons-text: variable interpolation RCE CVE-2022-42889 Note that Nessus has not tested for this issue but has instead relied only o...
Apache Commons Text 1.9 Remote Code Execution Exploit
This Metasploit module exploit takes advantage of the StringSubstitutor interpolator class, which is included in the Commons Text library. A default interpolator allows for string lookups that can lead to remote code execution. This is due to a logic flaw that makes the script, dns and url lookup...
Apache Commons Text RCE
This exploit takes advantage of the StringSubstitutor interpolator class, which is included in the Commons Text library. A default interpolator allows for string lookups that can lead to Remote Code Execution. This is due to a logic flaw that makes the "script", "dns" and "url" lookup keys...
Apache Commons Text 1.9 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Commons Text RCE', 'Description' = %q This exploit takes advantage of the StringSubstitutor interpolator class, which is included in the...
Oracle JDeveloper Multiple Vulnerabilities (January 2024 CPU)
The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory. - Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware component: Oracle JDevelop...
Oracle Primavera Unifier (January 2024 CPU)
The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Platform Google Guava. Supported versions that...
Oracle Primavera P6 Enterprise Project Portfolio Management (January 2024 CPU)
The version of Primavera P6 Enterprise Project Portfolio Management installed on the remote host are affected by vulnerabilities as referenced in the January 2024 CPU advisory. - Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineeri...
Oracle WebCenter Portal Multiple Vulnerabilities (January 2024 CPU)
The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the January 2024 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities: - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component:...
Oracle Essbase Multiple Vulnerabilities (January 2024 CPU)
The version of Oracle Essbase installed on the remote host is missing a security patch from the January 2024 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Essbase Web Platform OpenSSL. Easily exploitable vulnerability allows unauthenticated...
Security Bulletin: IBM Automation Decision Services December 2023 - Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could...
Security Bulletin: Security vulnerability in apache commons-codec may affect IBM Business Automation Workflow Case and Case History event emitters
Summary IBM Business Automation Workflow is vulnerable to an information leagage vulnerability. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of input. An attacker cou...
Security Bulletin: Multiple Security Vulnerabilities were identified in IBM WebSphere Application Server Liberty shipped with IBM Security Verify Access (CVE-2023-24988, CVE-2023-44487, CVE-2023-46158)
Summary Security Vulnerability fixes in IBM WebSphere Application Server Liberty have been shipped with IBM Security Verify Access 10.0.7.0 Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the...
Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance - Identity Manager software component
Summary Multiple security vulnerabilities have been addressed in IBM Security Verify Governance - Identity Manager software component. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw...
Security Bulletin: Apache commons fileupload vulnerability affect embedded Content Platform Engine in IBM Business Automation Workflow - CVE-2023-24998
Summary The embedded Content Platform Engine in IBM Business Automation Workflow is affected by Apache commons fileupload vulnerability. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the numb...
Apache Commons IO Vulnerability (CVE-2021-29425)
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path...
Security Bulletin: Apache Commons Compress component is vulnerable to CVE-2023-42503 is used by IBM Maximo Application Suite
Summary IBM Maximo Application Suite uses Apache Commons Compress package which is vulnerable to CVE-2023-42503. Vulnerability Details CVEID:CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to ope...
Security Bulletin: IBM Storage Insights is vulnerable to weaknesses related to Apache Commons Compress
Summary Vulnerability in Apache Commons Compress may affect IBM Storage Insights. Vulnerability Details CVEID:CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted TAR file,...
Security Bulletin: IBM Jazz Reporting Service is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)
Summary There is a vulnerability in the Apache Commons FileUpload library used by BM Jazz Reporting Service. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caus...
Security Bulletin: IBM Jazz Reporting Service is vulnerable to a remote attacker to traverse directories due to Apache Commons IO (CVE-2021-29425)
Summary A vulnerability has been identified in the Apache Commons IO library, which is included in IBM® Jazz Reporting Service. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Compress
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Compress. Vulnerability Details CVEID: CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by improper input validation. By persuading a...