Lucene search
K

214 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 10:51 a.m.37 views

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-458...

9.8CVSS9.5AI score0.02918EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/03 1:22 p.m.37 views

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-471...

8.4CVSS9.3AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/02 12:46 p.m.61 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details CVEID:CVE-2020-13920 DESCRIPTION: Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper authentication validation when connecting to the JMX...

9.8CVSS9.8AI score0.98518EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/02 11:7 a.m.23 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management Core Framework.

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 Core Framework IF26 patch. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component coul...

9.1CVSS9.8AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/14 8:45 a.m.26 views

Security Bulletin: There are multiple vulnerabilities in IBM Db2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities Vulnerability Details CVEID:CVE-2015-8383...

9.8CVSS10AI score0.07059EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/14 8:43 a.m.55 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details CVEID:CVE-2022-44729 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open...

9.8CVSS10AI score0.09254EPSS
Exploits6Affected Software1
Elastic
Elastic
added 2024/02/06 10:35 p.m.9 views

APM Server 8.12.1 Security Update (ESA-2024-03)

APM Server Insertion of Sensitive Information into Log File ESA-2024-03 An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the...

7.5CVSS6.6AI score0.00577EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/01/04 12:0 a.m.7 views

PT-2024-7917

Name of the Vulnerable Software and Affected Versions micromatch versions prior to 4.0.8 Description The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the inp...

5.3CVSS6.4AI score0.01429EPSS
Exploits1References83
Positive Technologies
Positive Technologies
added 2023/10/26 12:0 a.m.9 views

PT-2023-23309 · Elastic · Apm Server +1

Name of the Vulnerable Software and Affected Versions: ECK versions prior to 2.8 APM Server versions 8.0 and later Description: The secret token configuration is not applied when using ECK with a version less than 2.8 alongside an APM Server version 8.0 or greater. This could lead to anonymous...

5.3CVSS7.2AI score0.00364EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.11 views

Elasticsearch Security Vulnerabilities

Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch that stems from a secret token configuration that is not applied when combining some versions of ECK with APM Server...

5.3CVSS6.8AI score0.00364EPSS
Exploits0References3
Elastic
Elastic
added 2023/09/26 9:48 a.m.6 views

Elastic Cloud on Kubernetes (ECK) 2.8 Security Update

Elastic Cloud on Kubernetes ECK secret token configuration issue ESA-2023-11 Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment. Affected Versions: Elastic Cloud on...

5.3CVSS6.8AI score0.00364EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/25 9:6 a.m.44 views

Security Bulletin: Multiple vulnerabilities in Apache Camel core affect IBM Application Performance Management products

Summary Apache Camel core is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2014-0002 DESCRIPTION: Apache Camel could allow a remote attacker to obtain sensitive information, caused by an error in t...

9.8CVSS10AI score0.32541EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/25 9:3 a.m.68 views

Security Bulletin: Multiple vulnerabilities in Apache Commons FileUpload affect IBM Application Performance Management products

Summary Apache Commons FileUpload is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not...

9.8CVSS9AI score0.83175EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/25 8:33 a.m.24 views

Security Bulletin: Multiple vulnerabilities in Akka affect IBM Application Performance Management products.

Summary Akka actor jar is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2017-1000034 DESCRIPTION: Akka could allow a remote attacker to execute arbitrary code on the system, caused by a Java...

9.3CVSS8.6AI score0.05666EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/15 5:44 a.m.68 views

Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Application Performance Management products

Summary Multiple vulnerabilities in jackson-databind-2 used by IBM Application Performance Management. The vulnerabilites below have been addressed. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based...

10CVSS10AI score0.49727EPSS
Exploits35Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/13 8:2 a.m.43 views

Security Bulletin: Multiple vulnerabilities in libthrift affect IBM Application Performance Management products

Summary libthrift jar is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2018-1320 DESCRIPTION: Apache Thrift could allow a remote attacker to bypass security restrictions, caused by the disablement of an assert used to determine if the SASL handshake had...

7.8CVSS7.5AI score0.09082EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/13 8:1 a.m.28 views

Security Bulletin: Multiple vulnerabilities in Lightbend Spray spray-json affect IBM Application Performance Management products.

Summary Lightbend Spray spray-json is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2018-18854 DESCRIPTION: Lightbend Spray spray-json is vulnerable to a denial of service, caused by an error during the parsing of many JSON object fields. By sending a...

7.5CVSS7.4AI score0.01897EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/13 7:59 a.m.37 views

Security Bulletin: Multiple vulnerabilities in Apache Batik affect IBM Application Performance Management products

Summary Apache Batik is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2022-40146 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker...

7.5CVSS6AI score0.06147EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/13 7:54 a.m.46 views

Security Bulletin: Multiple vulnerabilities in Apache Xerces2 Java XML Parser affect IBM Application Performance Management products

Summary Apache Xerces2 Java XML Parser is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to open a...

7.8CVSS7.1AI score0.24738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/13 7:50 a.m.24 views

Security Bulletin: Vulnerabilities in IBM DB2 affects IBM Application Performance Management products.

Summary IBM DB2 is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2023-29257 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may...

7.5CVSS8.1AI score0.2241EPSS
Exploits4Affected Software1
Rows per page
Query Builder