Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Google Guava and Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information. Pivota Spring...

Oracle Primavera Unifier (Jul 2024 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Integration Apache James MIME4J. Supported versio...

Security Bulletin: IBM Operational Decision Manager for May 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-22201...

Apache James MIME4J Input Validation Error Vulnerability

Apache James MIME4J is a library of the American Apache Apache Foundation. It can be used to parse e-mail message streams in pure rfc822 and MIME formats and construct tree representations of e-mail messages. An input validation error vulnerability exists in Apache James MIME4J 0.8.9 and earlier...

CVE-2024-21742 Apache James Mime4J: Mime4J DOM header injection

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages...

CVE-2024-21742 Apache James Mime4J: Mime4J DOM header injection

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages...

Security Bulletin: IBM Operational Decision Manager for February 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-46158...

Apache James MIME4J 输入验证错误漏洞

Apache James MIME4J is a library of the American Apache Apache Foundation. It can be used to parse e-mail message streams in pure rfc822 and MIME formats and construct tree representations of e-mail messages. An input validation error vulnerability exists in Apache James MIME4J 0.8.9 and earlier...

Security Bulletin: IBM Sterling B2B Integrator is affected by sensitive information exposure due to Apache James MIME4J (CVE-2022-45787)

Summary IBM Sterling B2B Integrator uses Apache James MIME4J. Vulnerability Details CVEID: CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a...

Security Bulletin: Data Replication on Cloud Pak for Data vulnerabile to Apache James MIME4J vulnerability

Summary A vulnerability in Apache James MIME4J is addressed. Vulnerability Details CVEID:CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a...

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesse related to IBM WebSphere Application Server Liberty

Summary Vulnerability in IBM WebSphere Application Server Liberty such as denial of service, gaining elevated privileges may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer...

Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty

Summary IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty as the vulnerable features are not enabled see References below. IBM Cognos Analytics has upgraded to an non-affected version of IBM Websphere Application Serve...

Security Bulletin: IBM Match 360 is vulnerable to information disclosure due to Apache James MIME4J within IBM WebSphere Application Server Liberty (CVE-2022-45787)

Summary There is a vulnerability in the Apache James MIME4J library used by IBM WebSphere Application Server Liberty when the feature restfulWS-3.0 is enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated...

Security Bulletin: Multiple security vulnerabilities affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting Watson Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary code on the system, caused by a...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2022-45787)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...

Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 2.13.8 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

Important: Red Hat Security Advisory: Service Registry (container images) release and security update [2.4.3 GA]

An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact...

RHEL 8 : Red Hat Single Sign-On 7.6.3 security update on RHEL 8 (Moderate) (RHSA-2023:2706)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2706 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

RHEL 9 : Red Hat Single Sign-On 7.6.3 security update on RHEL 9 (Moderate) (RHSA-2023:2707)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2707 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

RHEL 7 : Red Hat Single Sign-On 7.6.3 security update on RHEL 7 (Moderate) (RHSA-2023:2705)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2705 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...