Security Bulletin: IBM MQ is affected by a denial of service vulnerability in IBM WebSphere Application Server Liberty (CVE-2024-29371)

Summary IBM WebSphere Application Server Liberty is used by IBM MQ as part of the IBM MQ Console and IBM MQ REST API functionality CVE-2024-29371 Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a...

CVE-2021-2142

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console. The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful...

PT-2023-9557 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.2.1.4.0 through 14.1.1.0.0 Description: The issue is related to the Console component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via HTTP to compromise the server...

CVE-2022-30572

The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains an easily exploitable Directory Traversal vulnerability that allows a low privileged attacker with network access to read arbitrary resources on the affected system. Affected releases are TIBCO...

Oracle WebLogic Server Unspecified Vulnerability

Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability...

Oracle WebLogic Server 输入验证错误漏洞

Oracle WebLogic Server is a cloud-native, enterprise-grade Java platform application server for multi-tier distributed enterprise application development and deployment. A security vulnerability exists in the Console component of Oracle WebLogic Server version 10.3.6.0.0. An attacker could exploi...

CVE-2020-14882 — Unauthenticated RCE in Console component of Oracle WebLogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP...

CVE-2020-14883 — Authenticated RCE in Console component of Oracle WebLogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP...

PT-2020-4570

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 10.3.6.0.0 through 14.1.1.0.0 Description The issue is related to insufficient input validation in the Console component of Oracle WebLogic Server, allowing a remote attacker to gain full control over the...

Oracle Weblogic Server Remote Code Execution Vulnerability (CNVD-2020-29745)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle. The platform provides middleware, software collection, etc. WebLogic Server is one of the application server components for cloud and traditional...

Unspecified Vulnerability in Oracle WebLogic Server (CNVD-2020-08164)

Oracle Fusion Middleware, the digital business platform for enterprise and cloud computing, is a comprehensive family of middleware products that enable organizations to create and run agile, intelligent business applications and maximize IT efficiencies by leveraging modern hardware and software...

Serviio Media Server - checkStreamUrl Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule /Restlet-Framework/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager def initializeinfo = superupdateinfoinfo, 'Name' =...

Serviio Media Server checkStreamUrl Command Execution

This module exploits an unauthenticated remote command execution vulnerability in the console component of Serviio Media Server versions 1.4 to 1.8 on Windows operating systems. The console service on port 23423 by default exposes a REST API which which does not require authentication. The 'actio...

PT-2017-1213

Name of the Vulnerable Software and Affected Versions Puppet Enterprise versions 2015.x through 2016.x before 2016.4.0 Description The issue is related to an open redirect vulnerability in the Console component. This vulnerability allows remote attackers to redirect users to arbitrary web sites b...

Unspecified Vulnerability in Oracle Fusion Middleware WebLogic Server Component (CNVD-2016-02576)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments, of which Oracle WebLogic Server is an application server component for both cloud and traditional environments. An unspecified vulnerability in the Console...

Fedora Update for php-symfony2-Console FEDORA-2013-22422

Check for the Version of php-symfony2-Console OpenVAS Vulnerability Test Fedora Update for php-symfony2-Console FEDORA-2013-22422 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

CVE-2010-2373

Unspecified vulnerability in the Console component in Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5 allows remote attackers to affect integrity via unknown vectors...

CVE-2010-2373

CVE-2010-2373 affects Oracle Enterprise Manager Grid Control (Console component). The vulnerability is remote-exploitable over HTTP and allows integrity impact with no authentication, as per the Oracle July 2010 CPU entry. Affected product versions are Grid Control 10.1.0.6 and 10.2.0.5. The CPU ...

CVE-2009-1900

The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the wsadmin scripting...

Sun Java System Portal Server远程文件泄露漏洞

Sun Java System Portal Server是一种Web信息中心系统，用于工作协作和提供信息服务。 Sun Java System Portal Server的Web Console组件在处理用户请求时存在漏洞，远程攻击者可能利用此漏洞非授权访问到系统文件。 Sun Java System Portal Server 7.2 Sun Java System Portal Server 7.1 Sun --- Sun已经为此发布了一个安全公告（243886）以及相应补丁: 243886：Security Vulnerability Related to Sun Java...