Security Bulletin: IBM Security Verify Information Queue uses Apache LDAP API with a known vulnerability (CVE-2018-1337)

Summary IBM Security Verify Information Queue ISIQ v10.0.2 uses an older version of the Apache Directory LDAP API that is vulnerable to leaking sensitive information. ISIQ v10.0.3 upgraded to a newer Apache LDAP API that does not have the vulnerability. Vulnerability Details CVEID: CVE-2018-1337...

GHSA-CFW5-V7CW-69CW Credential leak in org.apache.directory.api:apache-ldap-api

In Apache LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contain...

Credential leak in org.apache.directory.api:apache-ldap-api

In Apache LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contain...

Apache LDAP API Information Disclosure Vulnerability

Apache LDAP API is a U.S. Apache Apache Software Foundation API for accessing LDAP servers. A security vulnerability exists in Apache LDAP API versions prior to 1.0.2. An attacker can exploit the vulnerability to disclose information including: credentials contained in a request...

Information Disclosure Through Race Condition

apache-ldap-api is vulnerable to information disclosure through a race condition. The vulnerability exists as it is possible for another thread to use the connection before it is secured by TLS, caused by the weak setup of SSL Filter. This could potentially expose sensitive information such as...