45 matches found
Security Bulletin: Due to use of Apache Jena SDB, IBM Jazz Reporting Service is affected by a JDBC Deserialisation attack.
Summary Apache Jena SDB is used internally by IBM Jazz Reporting Service CVE-2022-45136. Vulnerability Details CVEID:CVE-2022-45136 DESCRIPTION: Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the...
Security Bulletin: Vulnerabilities in GStreamer affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerabilities in GStreamer has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47538 DESCRIPTION: GStreamer is a library fo...
CVE-2022-39428
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite component: Upload. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...
Security Bulletin: IBM Datapower Operations Dashboard could allow remote attacker to execute arbitrary commands on the system CVE-2017-16100
Summary dns-sync is used by the IBM Datapower Operations Dashboard implementation of networking operations Vulnerability Details CVEID:CVE-2017-16100 DESCRIPTION: Node.js dns-sync module could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation o...
Security Bulletin: IBM Storage Ceph is vulnerable to Prototype Pollution in Grafana (CVE-2023-36665)
Summary Protobuf is used by IBM Storage Ceph in Grafana as part of metrics. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-36665. Vulnerability Details CVEID:CVE-2023-36665 DESCRIPTION: protobuf.js could allow a remote attacker to execute arbitrary co...
CVE-2024-21014
CVE-2024-21014 concerns Oracle Hospitality Simphony, specifically the Simphony Enterprise Server. Technical details in connected docs show: affected versions are 19.1.0 through 19.5.4; root cause is insufficient input validation; attacker needs network access via HTTP and no authentication. Impac...
Security Bulletin: IBM Storage Fusion HCI could be vulnerable to code injection via use of quartz/quartz-jobs [CVE-2023-39017]
Summary The Java library quartz/quartz-jobs is used by IBM Storage Fusion HCI for backup scheduling. A vulnerability in this library includes code injection that could lead to execution of arbitrary code as described in the CVE listed in the 'Vulnerabilities Details' section. This bulletin...
Design/Logic Flaw
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful...
Security Bulletin: Vulnerability in Golang Go could affect IBM CICS TX Advanced [CVE-2023-24538]
Summary CVE-2023-24538 may affect IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-24538 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by not properly consider backticks as...
Security Bulletin: IBM Spectrum Conductor is vulnerable to arbitrary code execution [CVE-2022-42889]
Summary Apache Commons Text is used by IBM Spectrum Conductor in Spark 3.0.1. This bulletin provides interim fixes which include Apache Commons Text 1.10.0 to fix arbitrary code execution in IBM Spectrum Conductor. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache...
Security Bulletin: Code injection vulnerability affect IBM Business Automation Workflow (CVE-2022-42920)
Summary IBM Business Automation Workflow packages Apache Commons BCEL. A code injection vulnerability affecting BCEL was reported. CVE-2022-42920 Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL could allow a remote attacker to bypass security restrictions, caused by an...
Security Bulletin: IBM Content Navigator is affected by Apache Commons Text due to IBM Content Manager onDemand connector [CVE-2022-42889]
Summary Apache Commons Text is used by IBM Content Navigator on container as part of the IBM Content Manager onDemand connector. CVE-2022-42889 The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execut...
Security Bulletin: Remote code execution vulnerability within Jackson JSON library affects IBM Business Process Manager (CVE-2017-7525)
Summary Due to a deserialization flaw withinin Jackson JSON library IBM Business Process Manager is vulnerable to a remote code execution vulnerability. Vulnerability Details CVEID: CVE-2017-7525 DESCRIPTION: A deserialization flaw within the Jackson JSON library in the readValue method of the...
CVE-2022-21445
Vulnerability in the Oracle Application Development Framework ADF product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...
TIBCO Security Advisory: February 15, 2022 - TIBCO AuditSafe -2022-22770
TIBCO AuditSafe API Authentication vulnerability Original release date: February 15, 2022 Lastrevised: --- CVE-2022-22770 Source: TIBCOSoftware Inc. Products Affected TIBCO AuditSafe versions 1.1.0 and below The following component is affected: Web Server Description The component listed above...
Security Bulletin: IBM App Connect Enterprise Certified Container Designers may be vulnerable to arbitrary code execution via CVE-2021-3757
Summary IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution via CVE-2021-3757. This only affects App Connect Designers Vulnerability Details CVEID: CVE-2021-3757 DESCRIPTION: Node.js immer module could allow a remote attacker to execute arbitrary code on t...
Schneider Electric Modicon Controllers and Software (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect x70, SCADAPack x70 RTUs, and Modicon M580 and M340 control products Vulnerabilities :...
Oracle Access Manager Webgate Information Disclosure (Oct 2020 CPU)
Binary data oracleaccessmanagerwebgatecve201811058.nbin...
Security Bulletin: jackson-databind vulnerability CVE-2021-20190 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0
Summary Jackson-databind vulnerability CVE-2021-20190 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0.0. The fix for this vulnerability was delivered in IBM Aspera High-Speed Transfer Server V4.0.0 and IBM Aspera High-Speed Transfer...
Security Bulletin: IBM App Connect Enterprise & IBM Integration Bus are affected by vulnerabilities in Apache Xerces-C 3.0.0 to 3.2.2 XML parser (CVE-2018-1311)
Summary Vulnerabilities in Apache Xerces-C 3.0.0 to 3.2.2 XML parser affect IBM Integration Bus and IBM App Connect Enterprise . IBM App Connect Enterprise and IBM Integration Bus have addressed the applicable CVEs Vulnerability Details CVEID: CVE-2018-1311 DESCRIPTION: Apache Xerces-C could allo...