101 matches found
Security Bulletin: A vulnerability in OpenLDAP affects IBM Tivoli Composite Application Manager for Transactions (CVE-2015-6908)
Summary A vulnerability in OpenLDAP 2.4.42 was disclosed on September 10, 2015 by openldap.org as a fix in OpenLDAP 2.4.43 ITS8240. OpenLDAP 2.4.44, used by IBM Tivoli Composite Application Manager for Transactions, has addressed the vulnerability. Vulnerability Details CVE-ID: CVE-2015-6908...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions (CVE-2015-7575)
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition,Version 6.0, 7.0 that is used by IBM Tivoli Composite Application Manager for Transactions. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions(Several CVEs)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6.0, 7.0 that is used by IBM Tivoli Composite Application Manager for Transactions. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerabili...
Security Bulletin: Vulnerability in Apache Commons affects IBM Tivoli Composite Application Manager for Application Diagnostics (CVE-2015-7450)
Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Tivoli Composite Application Manager Agent for Application Diagnostics Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker...
Security Bulletin: Vulnerability in Apache Commons affects IBM Tivoli Composite Application Manager Agent for J2EE (CVE-2015-7450)
Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Tivoli Composite Application Manager Agent for J2EE. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Tivoli Composite Application Manager for Transactions (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Tivoli Composite Application Manager for Transactions. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information,...
Security Bulletin: Multiple vulnerabilities in cURL libcURL affect IBM Tivoli Composite Application Manager for Transactions (CVE-2015-3143, CVE-2015-3144 and CVE-2015-3145)
Summary cURL libcURL vulnerabilities were disclosed on April 22, 2015 by the cURL Project. cURL is used by IBM Tivoli Composite Application Manager for Transactions has addressed the applicable CVEs. Vulnerability Details CVE-ID: CVE-2015-3143 DESCRIPTION: libcurl could allow a remote attacker fr...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Tivoli Composite Application Manager for Transactions (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Tivoli Composite Application Manager for Transactions. Vulnerability Details CVE-ID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive...
Security Bulletin: A vulnerability in cURL libcURL affects IBM Tivoli Composite Application Manager for Transactions (CVE-2014-8150)
Summary There is a vulnerability in cURL libcURL that is used by IBM Tivoli Composite Application Manager for Transactions. This was disclosed on January 8, 2015 by the cURL libcURL Project. Vulnerability Details CVE-ID: CVE-2014-8150 DESCRIPTION: libcURL is vulnerable to CRLF injection, caused b...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Composite Application Manager for Transactions (CVE-2014-3513, CVE-2014-3567)
Summary There are multiple vulnerabilities in OpenSSL that is used by IBM Tivoli Composite Application Manager for Transactions. These issues were disclosed on October 15, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-3513 DESCRIPTION: OpenSSL is vulnerable to a denial of...
Security Bulletin: Vulnerability in SSLv3 affects IBM Tivoli Composite Application Manager for Transactions (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Tivoli Composite Application Manager for Transactions. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remot...
Security Bulletin: No validation on SSL certificates in IBM Tivoli Composite Application Manager for Transactions (CVE-2014-3051)
Summary IBM Tivoli Composite Application Manager for Transactions does not validate SSL certificates during normal operation. An attacker could perform man in middle attack techniques and obtain authentication credentials. Vulnerability Details CVE-ID: CVE-2014-3051 DESCRIPTION: IBM Tivoli...
Security Bulletin: IBM Tivoli Composite Application Manager for Transactions is affected by a Local escalation of privilege vulnerability (CVE-2014-0907)
Summary A vulnerability in IBM Tivoli Composite Application Manager for Transactions on Linux, Solaris and AIX could allow a local user to gain elevated privilege. Vulnerability Details CVE-ID: CVE-2014-0907 DESCRIPTION: The IBM Tivoli Composite Application Manager for Transactions products liste...
Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by multiple vulnerabilities in IBM JRE (Multiple CVEs)
Summary IBM Tivoli Composite Application Manager for Transactions is shipped with two IBM JREs that are based on Oracle Java. It is also dependent on ITM 6.2.1 Framework, which also has it own JRE. Oracle has released a January 2014 Critical Patch Update CPU that contains security vulnerability...
Security Bulletin: IBM Tivoli Composite Application Manager for Transactions is affected by vulnerabilities in OpenSSL (CVE-2013-4353, CVE-2013-6450 and CVE-2013-6449)
Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2013-4353 DESCRIPTION: A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A malicious server could use this flaw to crash a connecting client. This issue...
Security Bulletin: IBM Tivoli Composite Application Manager for Transactions is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)
Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerabilit...
SAP Composite Application Framework Authorization Tool XML External Entity Injection Vulnerability
SAP Composite Application Framework is the German SAP SAP company integrated SAP NetWeaver to create composite applications for the software. An XML external entity injection vulnerability exists in the SAP Composite Application Framework Authorization Tool. An attacker could exploit this...
CVE-2014-3051
The Internet Service Monitor ISM agent in IBM Tivoli Composite Application Manager ITCAM for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof...
CVE-2014-3051
IBM ITCAM for Transactions Internet Service Monitor (ISM) agent fails to validate SSL/X.509 certificates, enabling potential MITM attacks to capture credentials. Affected versions: ITCAM for Transactions 7.1/7.2 (up to 7.2.0.3 IF28), 7.3 (up to 7.3.0.1 IF30), and 7.4 (up to 7.4.0.0 IF18). Remedia...
CVE-2009-3521
Multiple cross-site scripting XSS vulnerabilities in the Visualization Engine VE in IBM Tivoli Composite Application Manager for WebSphere ITCAM 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...