Lucene search
K

64 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 7:16 a.m.11 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in xercesImpl

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in xercesImpl CVE-2009-2625, CVE-2012-0881, CVE-2013-4002, CVE-2020-14338, CVE-2022-23437. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2009-2625 DESCRIPTION: XMLScanner.java in Apache Xerces2...

7.8CVSS6.7AI score0.3038EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:39 a.m.45 views

Security Bulletin: Multiple vulnerabilities in DITA, Apache Batik, Apache FOP may affect IBM Business Automation Workflow and IBM Case Manager

Summary IBM Business Automation Workflow and IBM Case Manager packages DITA for documentation generation in Case Management. Multiple CVEs have been reported for open source libraries repackaged in DITA. A few of the same open source libraries, such as Apache Batik and Apache FOP, are also used f...

9.8CVSS8.4AI score0.24738EPSS
Exploits5Affected Software3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2013-4002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14,...

7.1CVSS6.9AI score0.24738EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/12 5:47 p.m.40 views

Security Bulletin: IBM Call Center is subject to vulnerability regarding an XML service, a remote attacker could exploit this vulnerability to consume available CPU resources.

Summary IBM Call Center removed parts of a legacy code that carried vulnerabilites. The code did contain CVE-2009-2625, CVE-2013-4002, CVE-2020-14338, CVE-2022-23437, CVE-2012-0881, however the specific code related to the vulnerability is not in use, therefore the risk is lower. This bulletin...

7.8CVSS7.2AI score0.3038EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/12 5:33 p.m.30 views

Security Bulletin: Order Management is subject to vulnerabilities regarding XML service where a remote attacker could exploit this vulnerability.

Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2009-2625, CVE-2013-4002, CVE-2012-0881, however the specific code related to the vulnerability is not in use, therefore the risk is lower. This bulletin identifies the steps to take to...

7.8CVSS6.8AI score0.3038EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 10:32 a.m.106 views

Security Bulletin: Multiple vulnerabilities in Apache Xerces2 Java XML Parser affect IBM Jazz Reporting Service

Summary There are multiple vulnerabilities in Apache Xerces2 Java XML Parser is used by IBM Jazz Reporting Service. IBM has addressed the relevant CVEs CVE-2012-0881, CVE-2013-4002, CVE-2022-23437 Vulnerability Details CVEID:CVE-2012-0881 DESCRIPTION: Apache Xerces2 Java is vulnerable to a denial...

7.8CVSS7.1AI score0.24738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/13 1:21 p.m.42 views

Security Bulletin: Vulnerabilities in Xerces2 affect IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2013-4002, CVE-2012-1724, CVE-2012-0881, CVE-2022-23437, CVE-2009-2625)

Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments Data Protection for Hyper-V and Data Protection for VMware, and IBM Storage Protect for Space Management can be affected by vulnerabilities in the Apache Xerces2 Java parser library. The vulnerabilitie...

7.8CVSS7.8AI score0.3038EPSS
Exploits2Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.31 views

Security Bulletin: IBM Systems Director Storage Control is affected by vulnerabilities in IBM Java SDK (CVE-2014-0453, CVE-2013-5772, CVE-2013-5803, CVE-2013-5372, CVE-2013-5780, CVE-2013-0169, CVE-2013-4002)

Summary IBM Systems Director Storage Control contains a version of IBM Java SDK that contained the vulnerabilities listed above. Vulnerability Details Abstract IBM Systems Director Storage Control contains a version of IBM Java SDK that contained the vulnerabilities listed above. Content...

7.1CVSS6.7AI score0.35584EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.4 views

SUSE CVE-2013-4002

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...

7.1CVSS8.2AI score0.24738EPSS
Exploits0References18
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 3:31 a.m.33 views

Security Bulletin: Vulnerability IBM Java XML Parser used in IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2013-4002)

Abstract IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed ships with IBM Java JRE. This JRE contains a variant of Apache-J XML parser XM4J that is vulnerable to a denial of service attack triggered by malformed XML data. Content CVE ID: CVE-2013-4002 IBM CVSS SCORE: 7.1CVSS...

7.1CVSS7.2AI score0.24738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:9 p.m.28 views

Security Bulletin: Multiple IBM Java SDK security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4002 and CVE-2013-2407)

Abstract Security Bulletin: Multiple IBM Java SDK security vulnerabilities exist in IBM InfoSphere Information Server CVE-2013-4002 and CVE-2013-2407 Content SUMMARY: IBM Information Server is impacted by security vulnerabilities in the IBM Java Runtime Environment JRE that affect availability an...

7.1CVSS7.6AI score0.24738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 10:39 p.m.25 views

Security Bulletin: TADDM 7.2.2.0: Apache Xerces-J XML parser Denial of Service attack.

Abstract The Apache Xerces-J XML parser is vulnerable to a denial of service attack, triggered by malformed XML data, that can affect the security of IBM Tivoli Application Dependency Discovery Manager. Content VULNERABILITY DETAILS: CVEID: CVE-2013-4002 CVSS 7.1 Description: The Apache Xerces-J...

7.1CVSS6.5AI score0.24738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.40 views

Security Bulletin: IBM FileNet Content Manager and IBM Content Foundation – XML 4J denial of service attack (CVE-2013-4002)

Abstract The XML4J parser that is shipped with the IBM FileNet Content Manager and IBM Content Foundation is vulnerable to a denial of service attack, triggered by malformed XML data. Content The products listed below might be affected by security vulnerabilities reported to the Apache Xerces-J...

7.1CVSS7.8AI score0.24738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.35 views

Security Bulletin: IBM FileNet Business Process Manager – XML 4J denial of service attack (CVE-2013-4002)

Abstract The XML4J parser that is shipped with the IBM FileNet Business Process Manager is vulnerable to a denial of service attack, which is triggered by malformed XML data. Content The products that are listed below can be affected by security vulnerabilities reported to the Apache Xerces-J...

7.1CVSS7.8AI score0.24738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.22 views

Security Bulletin: IBM InfoSphere Optim Performance Manager affected by vulnerability in IBM Java Runtime Environment (CVE-2013-4002)

Abstract Unspecified vulnerability in the IBM Java Runtime Environment JRE in IBM Java allows remote attackers to affect availability via unknown vectors. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-4002 CVSS: CVSS Base Score: 7.1 CVSS Temporal Score: See...

7.1CVSS7.3AI score0.24738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.33 views

Security Bulletin: Atlas Suite and potential Apache Xerces-J XML parser Denial of Service attack (CVE-2013-4002)

Abstract Potential denial of service attack against Atlas Suite due to usage of the XML parser Apache Xerces-J. Content VULNERABILITY DETAILS: DESCRIPTION: The Apache Xerces-J XML parser is vulnerable to a denial of service attack, triggered by malformed XML data. The malformed data causes the XM...

7.1CVSS7.2AI score0.24738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.47 views

Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by vulnerabilities in IBM JRE (Multiple CVEs)

Abstract IBM Tivoli Composite Application Manager for Transactions is shipped with two IBM JREs that are based on Oracle Java. It is also dependent on ITM 6.2.1 Framework, which also has it own JRE. Oracle has released a June 2013 Critical Patch Update CPU that contains security vulnerability fix...

10CVSS7.9AI score0.98704EPSS
Exploits32Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.14 views

Mageia: Security Advisory (MGASA-2014-0398)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS7.1AI score0.24738EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/05 8:51 p.m.78 views

Security Bulletin: Apache Xerces2 Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2012-0881, CVE-2013-4002)

Summary IBM Sterling B2B Integrator has addressed the vulnerabilities. Vulnerability Details CVEID: CVE-2012-0881 DESCRIPTION: Apache Xerces2 Java is vulnerable to a denial of service, caused by a flaw in the XML service. By sending a specially crafted message to an XML service, a remote attacker...

7.8CVSS1.7AI score0.24738EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.31 views

SUSE: Security Advisory (SUSE-SU-2013:1255-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.4AI score0.98704EPSS
Exploits23References5
Rows per page
Query Builder