Security Bulletin: Multiple vulnerabilities in commons-codec-1.10.jar affect IBM Application Performance Management products

Summary There are multiple vulnerabilities in commons-codec-1.10.jar used by IBM Application Performance Management. IBM Applicatoon Performance Management has addressed the applicable CVEs. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attack...

Security Bulletin: Vulnerability found in commons-codec-1.5.jar which is shipped with IBM® Intelligent Operations Center(177835)

Summary Vulnerability have been identified in commons-codec-1.5.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details IBM X-Force...

Security Bulletin: Apache Commons Codec is vulnerable to PRISMA-2021-0055 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Apache Commons Codec which is vulnerable to PRISMA-2021-0055. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validati...

Security Bulletin: Vulnerabilities in Commons Codec library affects IBM Engineering Test Management (ETM) (IBM X-Force ID:177835)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the...

Security Bulletin: A vulnerability in Apache Commons Code affects IBM Robotic Process Automation and may result in a disclosure of sensitive information. (IBM X-Force ID: 177834)

Summary Apache Commons Codec is used by IBM Robotic Process Automation as part of the IBM Licence and Metrics Tool. IBM X-Force ID: 177834 Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the...

maven bug fix and enhancement update

An update is available for plexus-interpolation, httpcomponents-core, maven-wagon, maven, google-guice, jsoup, jansi, apache-commons-io, apache-commons-lang3, maven-shared-utils, plexus-utils, plexus-classworlds, jakarta-annotations, httpcomponents-client, apache-commons-codec, plexus-cipher,...

Security Bulletin: IBM Integration Bus is vulnerable to a remote attack & denial of service due to Apache Thrift & Apache Commons Codec (CVE-2018-1320, CVE-2019-0205, IBM X-Force ID: 177835)

Summary IBM Integration Bus is vulnerable to a remote attack & denial of service due to Apache Thrift & Apache Commons Codec CVE-2018-1320, CVE-2019-0205, IBM X-Force ID: 177835. The fixes include libthrift 0.17.0 & commons-codec version 1.15 Vulnerability Details CVEID:CVE-2018-1320 DESCRIPTION:...

Security Bulletin: Vulnerability in Apache Commons Codec 1.7 shipped with IBM Operations Analytics - Log Analysis

Summary Vulnerability in Apache Commons Codec 1.7 could allow a remote attacker to obtain sensitive information. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of input...

Security Bulletin: IBM InfoSphere Identity Insight vulnerabilities in third party libraries (CVE-2021-39239, CVE-2022-23308, CVE-2021-29424, CVE-2020-15250, 177835)

Summary A vulnerability in the libxml2 library can cause a denial of service in IBM InfoSphere Identity Insight. Other vulnerabilities that do not impact Identity Insight are present in four libraries that are currently included with the product but not used. Vulnerability Details...

Security Bulletin: IBM Security Identity Manager virtual appliance is vulnerable to arbitrary code execution due to Apache Log4j and issues in other open source components (CVE-2021-4104)

Summary IBM Security Identity Manager virtual appliance is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-4104. Apache Log4j is used by IBM Security Identity Manager virtual appliance as part of its logging infrastructure. This fix upgrades to Apache Log4j v2.17.1, as well as...

new packages: apache-commons-codec

An update is available for apache-commons-codec. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Roc...

maven:3.6 security and enhancement update

An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...

Vulnerability in LESS Transformer Plugin used by Bitbucket

h3. Issue Summary As of Bitbucket 7.21 the LESS Transformer Plugin shipped is version 4.0.0. Unfortunately it has a dependency on commons-codec version 1.4 which has a number of security vulnerabilities. eg.commons-codec:commons-codec / 1.4 Apache Commons Codec...

Security Bulletin: Vulnerability in Apache Commons Codec affects IBM Spectrum Control (177835)

Summary Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of input. This vulnerability affects IBM Spectrum Control. Vulnerability Details Third Party Entry: 177835 DESCRIPTION: Apache Commons Codec information disclosure CVSS Ba...

Security Bulletin: Input Validation Vulnerability in Apache Commons Codec Affects IBM Sterling Connect:Direct for UNIX

Summary An Apache Commons Codec vulnerability for validating input was addressed by IBM Sterling Connect:Direct for UNIX. Vulnerability Details Third Party Entry: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper...

Security Bulletin: Apache Commons Codec Vulnerability affects IBM Rational ClearQuest (177835)

Summary IBM Rational ClearQuest is vulnerable to an Apache Commons Codec vulnerability. IBM Rational ClearQuest has addressed the vulnerability. Vulnerability Details Third Party Entry: 177835 DESCRIPTION: Apache Commons Codec information disclosure CVSS Base score: 7.5 CVSS Temporal Score: See:...

3.6 bug fix and enhancement update

An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons Codec

Summary A vulnerability in Apache Commons Codec that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details Third Party Entry: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of...

Security Bulletin: IBM Content Manager is affected by a potential information disclosure vulnerability

Summary IBM Content Navigator has addressed the following vulnerability. A potential vulnerability in the Apache Commons Codec module could allow information disclosure. Vulnerability Details Third Party Entry: 177835 DESCRIPTION: Apache Commons Codec information disclosure CVSS Base score: 7.5...

Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by an Apache Commons Codec vulnerability

Summary Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in Apache Commons Codec Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially...