64 matches found
Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in xercesImpl
Summary IBM SPSS Modeler is affected by multiple vulnerabilities in xercesImpl CVE-2009-2625, CVE-2012-0881, CVE-2013-4002, CVE-2020-14338, CVE-2022-23437. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2009-2625 DESCRIPTION: XMLScanner.java in Apache Xerces2...
Security Bulletin: Multiple vulnerabilities in DITA, Apache Batik, Apache FOP may affect IBM Business Automation Workflow and IBM Case Manager
Summary IBM Business Automation Workflow and IBM Case Manager packages DITA for documentation generation in Case Management. Multiple CVEs have been reported for open source libraries repackaged in DITA. A few of the same open source libraries, such as Apache Batik and Apache FOP, are also used f...
Linux Distros Unpatched Vulnerability : CVE-2013-4002
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14,...
Security Bulletin: IBM Call Center is subject to vulnerability regarding an XML service, a remote attacker could exploit this vulnerability to consume available CPU resources.
Summary IBM Call Center removed parts of a legacy code that carried vulnerabilites. The code did contain CVE-2009-2625, CVE-2013-4002, CVE-2020-14338, CVE-2022-23437, CVE-2012-0881, however the specific code related to the vulnerability is not in use, therefore the risk is lower. This bulletin...
Security Bulletin: Order Management is subject to vulnerabilities regarding XML service where a remote attacker could exploit this vulnerability.
Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2009-2625, CVE-2013-4002, CVE-2012-0881, however the specific code related to the vulnerability is not in use, therefore the risk is lower. This bulletin identifies the steps to take to...
Security Bulletin: Multiple vulnerabilities in Apache Xerces2 Java XML Parser affect IBM Jazz Reporting Service
Summary There are multiple vulnerabilities in Apache Xerces2 Java XML Parser is used by IBM Jazz Reporting Service. IBM has addressed the relevant CVEs CVE-2012-0881, CVE-2013-4002, CVE-2022-23437 Vulnerability Details CVEID:CVE-2012-0881 DESCRIPTION: Apache Xerces2 Java is vulnerable to a denial...
Security Bulletin: Vulnerabilities in Xerces2 affect IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2013-4002, CVE-2012-1724, CVE-2012-0881, CVE-2022-23437, CVE-2009-2625)
Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments Data Protection for Hyper-V and Data Protection for VMware, and IBM Storage Protect for Space Management can be affected by vulnerabilities in the Apache Xerces2 Java parser library. The vulnerabilitie...
Security Bulletin: IBM Systems Director Storage Control is affected by vulnerabilities in IBM Java SDK (CVE-2014-0453, CVE-2013-5772, CVE-2013-5803, CVE-2013-5372, CVE-2013-5780, CVE-2013-0169, CVE-2013-4002)
Summary IBM Systems Director Storage Control contains a version of IBM Java SDK that contained the vulnerabilities listed above. Vulnerability Details Abstract IBM Systems Director Storage Control contains a version of IBM Java SDK that contained the vulnerabilities listed above. Content...
SUSE CVE-2013-4002
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...
Security Bulletin: Vulnerability IBM Java XML Parser used in IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2013-4002)
Abstract IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed ships with IBM Java JRE. This JRE contains a variant of Apache-J XML parser XM4J that is vulnerable to a denial of service attack triggered by malformed XML data. Content CVE ID: CVE-2013-4002 IBM CVSS SCORE: 7.1CVSS...
Security Bulletin: Multiple IBM Java SDK security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4002 and CVE-2013-2407)
Abstract Security Bulletin: Multiple IBM Java SDK security vulnerabilities exist in IBM InfoSphere Information Server CVE-2013-4002 and CVE-2013-2407 Content SUMMARY: IBM Information Server is impacted by security vulnerabilities in the IBM Java Runtime Environment JRE that affect availability an...
Security Bulletin: TADDM 7.2.2.0: Apache Xerces-J XML parser Denial of Service attack.
Abstract The Apache Xerces-J XML parser is vulnerable to a denial of service attack, triggered by malformed XML data, that can affect the security of IBM Tivoli Application Dependency Discovery Manager. Content VULNERABILITY DETAILS: CVEID: CVE-2013-4002 CVSS 7.1 Description: The Apache Xerces-J...
Security Bulletin: IBM FileNet Content Manager and IBM Content Foundation – XML 4J denial of service attack (CVE-2013-4002)
Abstract The XML4J parser that is shipped with the IBM FileNet Content Manager and IBM Content Foundation is vulnerable to a denial of service attack, triggered by malformed XML data. Content The products listed below might be affected by security vulnerabilities reported to the Apache Xerces-J...
Security Bulletin: IBM FileNet Business Process Manager – XML 4J denial of service attack (CVE-2013-4002)
Abstract The XML4J parser that is shipped with the IBM FileNet Business Process Manager is vulnerable to a denial of service attack, which is triggered by malformed XML data. Content The products that are listed below can be affected by security vulnerabilities reported to the Apache Xerces-J...
Security Bulletin: IBM InfoSphere Optim Performance Manager affected by vulnerability in IBM Java Runtime Environment (CVE-2013-4002)
Abstract Unspecified vulnerability in the IBM Java Runtime Environment JRE in IBM Java allows remote attackers to affect availability via unknown vectors. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-4002 CVSS: CVSS Base Score: 7.1 CVSS Temporal Score: See...
Security Bulletin: Atlas Suite and potential Apache Xerces-J XML parser Denial of Service attack (CVE-2013-4002)
Abstract Potential denial of service attack against Atlas Suite due to usage of the XML parser Apache Xerces-J. Content VULNERABILITY DETAILS: DESCRIPTION: The Apache Xerces-J XML parser is vulnerable to a denial of service attack, triggered by malformed XML data. The malformed data causes the XM...
Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by vulnerabilities in IBM JRE (Multiple CVEs)
Abstract IBM Tivoli Composite Application Manager for Transactions is shipped with two IBM JREs that are based on Oracle Java. It is also dependent on ITM 6.2.1 Framework, which also has it own JRE. Oracle has released a June 2013 Critical Patch Update CPU that contains security vulnerability fix...
Mageia: Security Advisory (MGASA-2014-0398)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Apache Xerces2 Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2012-0881, CVE-2013-4002)
Summary IBM Sterling B2B Integrator has addressed the vulnerabilities. Vulnerability Details CVEID: CVE-2012-0881 DESCRIPTION: Apache Xerces2 Java is vulnerable to a denial of service, caused by a flaw in the XML service. By sending a specially crafted message to an XML service, a remote attacker...
SUSE: Security Advisory (SUSE-SU-2013:1255-3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...