6 matches found
Security Bulletin: Multiple vulnerabilities in Apache Commons IO affect IBM Application Performance Management products
Summary Apache Commons IO is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An...
Security Bulletin: Multiple vulnerabilities in hadoop-hdfs-2.7.3.jar affect IBM Application Performance Management products
Summary There are multiple vulnerabilities in hadoop-hdfs-2.7.3.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2018-11768 DESCRIPTION: Apache Hadoop is vulnerable to a denial of service,...
CVE-2020-4725
CVE-2020-4725 affects IBM Cloud APM (IBM Monitoring) 8.1.4. An authenticated user can modify HTML content via a specially crafted HTTP request to the APM UI, potentially misleading another user. Root cause: UI content modification without proper access segregation. Impact is limited to HTML conte...
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.11.0 ESR) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 - 2020.2.0
Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2020-15649, CVE-2020-15650 Vulnerability Details CVEID: CVE-2020-15649 DESCRIPTION: Mozilla Firefox could allow a remote attacker to bypass security restrictions. By persuading a victim to install a specially crafte...
Security Bulletin: A vulnerability in Netty affects the IBM Performance Management product (CVE-2019-16869)
Summary Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual whitespaces before the colon in HTTP headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and...
Design/Logic Flaw
IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...