27 matches found
EUVD-2019-12375
Malware in sbrugna...
CVE-2025-21489
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Region Mapping. Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advance...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...
CVE-2025-21489
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Region Mapping. Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advance...
CVE-2024-21039
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
CVE-2024-21017
CVE-2024-21017 affects Oracle E-Business Suite, specifically the LOV component within Oracle Complex Maintenance, Repair, and Overhaul. Publicly confirmed versions affected are 12.2.3–12.2.13. The vulnerability allows an unauthenticated attacker with network access over HTTP to compromise the pro...
Security Bulletin: IBM Cinder plug-in is affected by a vulnerability in the Python requests-2.28.2-py3-none-any.whl [CVE-2023-32681]
Summary The Python requests package, which allows user to send HTTP requests using Python, is used by IBM Cinder plug-in. requests package is impacted by vulnerability CVE-2023-32681. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain...
Security Bulletin: Vulnerability in python-requests affects IBM Process Mining . CVE-2023-32681
Summary There is a vulnerability in python-requests that could allow a remote attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION...
Security Bulletin: Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to HTTP request splitting attacks (CVE-2023-25690)
Summary Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to HTTP request splitting attacks. IBM has addressed the relevant vulnerability Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203
Summary There are vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remot...
Security Bulletin: IBM Security Guardium is affected by a mongodb-driver-legacy-4.1.1.jar vulnerability (CVE-2021-20328)
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2021-20328 DESCRIPTION: MongoDB Java driver is vulnerable to a man-in-the-middle attack, caused by improper host name verification on the KMS server's certificate. An attacker could exploit this...
CVE-2022-21470
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Process Scheduler. Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterpri...
CVE-2021-2307
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to...
Security Bulletin: Multiple Vulnerabilities in jQuery affect IBM WIoTP MessageGateway
Summary There are multiple vulnerabilities in jQuery that affect IBM WIoTP MessageGateway. Vulnerability Details Third Party Entry: 180875 DESCRIPTION: jQuery cross-site scripting CVSS Base score: 6.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180875 for the...
CVE-2020-14601
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network...
Design/Logic Flaw
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Security. Supported versions that are affected are 9.3.3, 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attac...
CVE-2020-2603
Vulnerability in the Oracle Field Service product of Oracle E-Business Suite component: Wireless. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Field...
CVE-2020-2530
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener. Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
Security Bulletin: IBM Tivoli Netcool Impact is affected by a jQuery vulnerability (CVE-2019-11358)
Summary IBM Tivoli Netcool Impact has addressed the following jQuery vulnerability. Vulnerability Details CVEID: CVE-2019-11358 DESCRIPTION: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an...
Intel® Accelerated Storage Manager in Intel® Rapid Storage Technology Enterprise Advisory
Summary: Potential security vulnerabilities in Intel® Accelerated Storage Manager in Intel® Rapid Storage Technology Enterprise RSTe may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEI...