Lucene search
K

20 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-6155

Malware in sbrugna...

7.8CVSS8.9AI score0.03159EPSS
Exploits1References9
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/04 11:29 p.m.38 views

Security Bulletin: IBM Content Navigator is affected by Apache Commons Text due to IBM Content Manager onDemand connector [CVE-2022-42889]

Summary Apache Commons Text is used by IBM Content Navigator on container as part of the IBM Content Manager onDemand connector. CVE-2022-42889 The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execut...

9.8CVSS9.8AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/10 6:20 a.m.54 views

Security Bulletin: There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE [CVE-2021-44228]

Summary There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE. CVE-2021-44228 Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...

10CVSS9.6AI score0.99999EPSS
Exploits354Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/30 7:19 a.m.37 views

Security Bulletin: IBM Content Manager OnDemand for IBM i is affected by a vulnerability CVE-2018-25032

Summary There is vulnerability in Zlib used by IBM Content Manager OnDemand for IBM i. IBM Content Manager OnDemand for IBM i has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory corruption in the...

7.5CVSS7.7AI score0.52063EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.18 views

Security Bulletin: Content Manager OnDemand Java API documentation frame injection Vulnerability (CVE-2013-1571)

Abstract The Java API Documentation contains a frame Injection vulnerability. Content VULNERABILITY DETAILS: CVEID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...

4.3CVSS7.5AI score0.66817EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/13 12:39 p.m.114 views

Security Bulletin: Content Manager OnDemand for Multiplatforms is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

Summary Apache Log4j is used by Content Manager OnDemand for Multiplatforms as part of its logging infrastructure. CVE-2021-44228 This fix includes Apache Log4j V2.17.1. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code o...

10CVSS0.9AI score0.99999EPSS
Exploits354Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:19 p.m.37 views

Security Bulletin: A vulnerability in GSKit and GSKit-Crypto Security affect Content Manager OnDemand for Multi platforms ( CVE-2018-1447 )

Summary There is a vulnerability in GSKit and GSKit-Crypto Security that is used by Content Manager OnDemand for Multi platforms. Vulnerability Details CVEID: CVE-2018-1447 DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of...

8.1CVSS0.2AI score0.00931EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:16 p.m.37 views

Security Bulletin: Content Manager OnDemand for Multiplatforms is affected by Open Source Apache Xerces-C XML parser Vulnerabilities (CVE-2016-0729)

Summary Content Manager OnDemand for Multiplatforms is affected by Open Source Apache Xerces-C XML parser Vulnerabilities. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during...

9.8CVSS0.9AI score0.09115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:14 p.m.23 views

Security Bulletin: Vulnerability in InstallShield affects Content Manager OnDemand for Multiplatforms V9.5 - Windows Client (CVE-2016-2542)

Summary The Windows Client for IBM Content Manager OnDemand for Multiplatform V9.5 has a vulnerability caused by InstallShield. Vulnerability Details CVEID: CVE-2016-2542 DESCRIPTION: Flexera InstallShield could allow a local attacker to gain elevated privileges on the system, caused by an...

7.8CVSS1.2AI score0.00503EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:14 p.m.29 views

Security Bulletin: A vulnerability in the GSKit component of Content Manager OnDemand for Multiplatforms (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component of Content Manager OnDemand for Multiplatforms. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit...

5.9CVSS0.5AI score0.02032EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:10 p.m.26 views

Security Bulletin: IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2015-1888)

Summary IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Vulnerability Details CVEID: CVE-2015-1888 IBM Content Navigator is vulnerable to cross-site scripting. The vulnerability is caused by improper validation of user...

3.5CVSS2AI score0.00783EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:9 p.m.19 views

Security Bulletin: IBM Content Navigator affected by reflected cross-site scripting issue <CVE-2014-8911>

Summary Reflected cross-site scripting issue using the "Accept-Language" header parameter affects IBM Content Navigator. Vulnerability Details CVEID: CVE-2014-8911 DESCRIPTION: IBM Content Navigator is vulnerable to reflected cross-site scripting, caused by improper validation of user supplied...

4.3CVSS0.9AI score0.00931EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:9 p.m.60 views

Security Bulletin: Vulnerability in SSLv3 affects IBM Content Navigator (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in the Knowledge Center for IBM Content Navigator V2.0.3. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote...

4.3CVSS0.8AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:8 p.m.13 views

Security Bulletin: Open Source Apache Xalan-Java reported in April X-Force Report in IBM Content Navigator

Summary Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes. Vulnerability Details Apache...

1.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:7 p.m.51 views

Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114) in IBM Content Navigator

Summary Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability CVE-2014-0114 in IBM Content Navigator Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Open Source Apache Struts V1 ClassLoader manipulation vulnerability CVSS Base Score: 7.5 CVSS Temporal Scor...

7.5CVSS1.1AI score0.96121EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 11:50 a.m.20 views

Security Bulletin: Improper authorization by non-admin user in IBM Content Navigator (CVE-2014-0858)

Summary Using 3rd party tools, a non-admin user can modify the URL action so that instead of a getAction, the user can perform a deleteAction against the configuration database. Vulnerability Details CVEID: CVE-2014-0858 DESCRIPTION: Improper authorization by non-admin user CVSS Base Score: 3.5...

3.5CVSS1.1AI score0.00904EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 11:49 a.m.31 views

Security Bulletin: CM OnDemand GSKit Vulnerability (CVE-2013-6329)

Summary A vulnerability exists in IBM Global Security Kit GSKit that is shipped with Content Manager OnDemand. Vulnerability Details CVEID: CVE-2013-6329 DESCRIPTION: A vulnerability in relation to SSL/TLS Handshake Processing has been discovered related to the SSLV3 Session Resumption when using...

7.8CVSS0.4AI score0.03159EPSS
Exploits1Affected Software1
CVE
CVE
added 2015/10/03 10:0 p.m.44 views

CVE-2015-1888

CVE-2015-1888 describes an XSS vulnerability in IBM Content Navigator (affected version(s) 2.0.3 and 2.0.2 prior to FPs) used with IBM Content Manager, FileNet Content Manager, Content Foundation, and Content Manager OnDemand. The root cause is improper validation of user-supplied input, which al...

3.5CVSS5.2AI score0.00783EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/12/17 11:0 a.m.66 views

CVE-2013-6329

CVE-2013-6329 involves IBM GSKit and causes remote denial of service via a crafted SSLv2 session resumption handshake. Public details in connected IBM bulletins indicate GSKit issues affect multiple IBM products (Content Manager OnDemand 8.5/9.0; Tivoli Directory Server; IBM HTTP Server; WebSpher...

7.8CVSS8.6AI score0.03159EPSS
Exploits1References8Affected Software3
seebug.org
seebug.org
added 2013/12/17 12:0 a.m.32 views

IBM Content Manager OnDemand for Multiplatform SSLv2会话恢复处理远程拒绝服务漏

CVE ID:CVE-2013-6329 IBM Content Manager OnDemand是一款内容管理解决方案。 IBM Content Manager OnDemand for Multiplatform处理SSL/TLS握手过程中处理SSlv2会话恢复存在安全漏洞,允许远程攻击者利用漏洞提交特殊的请求使应用程序崩溃,造成拒绝服务攻击。 0 IBM Content Manager OnDemand for Multiplatform 8.5 IBM Content Manager OnDemand for Multiplatform 9.0 厂商补丁: IBM -----...

7.8CVSS9.3AI score0.03159EPSS
Exploits1
Rows per page
Query Builder