12 matches found
Security Bulletin: Potential Denial of Service (DoS) security vulnerability in IBM Sterling Connect:Enterprise for UNIX
Abstract Potential Denial of Service DoS security vulnerability in IBM Sterling Connect:Enterprise for UNIX due to a Java HashTable security vulnerability in Jetty CVE-2011-4461. Content SUMMARY: Potential Denial of Service DoS security vulnerability in IBM Sterling Connect:Enterprise for UNIX du...
Security Bulletin: IBM Sterling Connect:Enterprise for UNIX is affected by multiple vulnerabilities in OpenSSL
Abstract A number of security vulnerabilities have been discovered in the OpenSSL libraries included in IBM Sterling Connect:Enterprise for UNIX. Content VULNERABILITY DETAILS: CVE IDs : CVE-2012-2131 CVE-2012-2110 CVE-2012-0884 CVE-2012-0050 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-461...
Security Bulletin: Cross frame scripting vulnerability in Connect:Enterprise HTTP (CVE-2013-6327)
Summary IBM Sterling Connect:Enterprise HTTP Option is vulnerable to cross frame scripting attacks. Vulnerability Details CVE ID: CVE-2013-6327 DESCRIPTION: IBM Sterling Connect:Enterprise HTTP Option could allow a cross-frame scripting attack, caused by improper validation of input within a fram...
Security Bulletin: Vulnerability in OpenSSL affects Sterling Connect:Enterprise for UNIX (CVE-2016-0800).
Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by Sterling Connect:Enterprise for UNIX. Sterling Connect:Enterprise for UNIX has addressed the applicable CVE, the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability...
Security Bulletin: Sterling Connect:Enterprise For UNIX and Sterling Connect:Enterprise clients are affected by the POODLE and OpenSSL vulnerabilities (CVE-2014-3566, CVE-2014-3567)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in Sterling Connect:Enterprise For UNIX, Sterling Connect:Enterprise Command Line Client, Sterling Connect:Enterprise HTTP Option, and Sterling...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Sterling Connect:Enterprise for UNIX (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Sterling Connect:Enterprise for UNIX when using the AS2 or WebDAV protocols. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain...
Security Bulletin: IBM Sterling Connect:Enterprise for UNIX affected by the following OpenSSL vulnerability (CVE-2014-0224).
Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...
CVE-2013-6327
Cross-site scripting XSS vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross-frame scripting" issue...
Cross site scripting
Cross-site scripting XSS vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross-frame scripting" issue...
CVE-2013-6327
Cross-site scripting XSS vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross-frame scripting" issue...
CVE-2013-6327
IBM Sterling Connect:Enterprise HTTP Option is affected by CVE-2013-6327, a cross-frame scripting vulnerability in which input within a frame is improperly validated, allowing a remote attacker to inject arbitrary script or HTML. Affected versions are 1.3.0.2 and 1.4.0.0; remediation is to apply ...
IBM Sterling Connect:Enterprise跨站脚本漏洞
CVE ID:CVE-2013-6327 IBM Sterling Connect是一款点到点文件传输软件,可实现企业内和企业间的大容量、安全可靠的文件交付。 IBM Sterling Connect:Enterprise存在一个未明跨站脚本漏洞,允许远程攻击者利用漏洞注入恶意脚本或HTML代码,当恶意数据被查看时可获取敏感信息或者劫持用户会话。 0 IBM Sterling Connect:Enterprise 1.3.0.2 IBM Sterling Connect:Enterprise 1.4.0.0. 厂商补丁: IBM ----- IBM Sterling Connect...