13 matches found
SUSE CVE-2026-41526
In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...
Security Bulletin: IBM Sterling B2B Integrator is affected by multiple vulnerabilities in Eclipse Jetty
Summary IBM Sterling B2B Integrator is affected by multiple vulnerabilities in Eclipse Jetty Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using t...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker ...
Security Bulletin: Multiple vulnerabilities in eclipse jetty affect IBM Business Automation Workflow
Summary IBM Business Automation Workflow packages a vulnerable version of the eclipse jetty library. Vulnerability Details CVEID:CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creati...
Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty
Summary Due to the use of Eclipse Jetty, Rational Service Tester contains a vulnerability around authentication validation that could allow bypassing access restrictions CVE-2023-41900 and a vulnerability around command quoting that could allow further attacks on the system CVE-2023-36479...
Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect Eclipse Jetty.
Summary Due to the use of Eclipse Jetty, Rational Performance Tester contains a vulnerability around authentication validation that could allow bypassing access restrictions, and a vulnerability around command quoting that could allow further attacks on the system. Vulnerability Details...
Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester
Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Eclipse Jetty
Summary Multiple vulnerabilities in Eclipse Jetty used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-36479 DESCRIPTION: Eclipse Jetty could provide weaker than expected security, caused by an errant command quoting flaw in the...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to Eclipse Jetty
Summary IBM Sterling Connect:Direct Web Services uses Eclipse Jetty. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using the optional nested...
CVE-2023-36479 Jetty vulnerable to errant command quoting in CGI Servlet
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...
CVE-2023-36479 Jetty vulnerable to errant command quoting in CGI Servlet
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...
GHSA-3GH6-V5V9-6V9J Jetty vulnerable to errant command quoting in CGI Servlet
If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the...
Jetty vulnerable to errant command quoting in CGI Servlet
If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the...