10 matches found
Security Bulletin: Information disclosure vulnerability in WebSphere Application Server Liberty affects multiple IBM Rational products based on IBM Jazz technology
Summary There is an information disclosure due to an XML external entity XXE vulnerability in WebSphere Application Server Liberty bundled with IBM Jazz Team Server based Applications affects multiple products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational...
Security Bulletin: Rational Performance Tester Open Source OpenSAML XML Information Disclosure (CVE-2013-6440)
Summary A potential security vulnerability exists in IBM Rational Performance Tester related to OpenSAML. OpenSAML could allow a remote authenticated attacker to obtain sensitive information, caused by an error when parsing XML entities. By persuading a victim to open a specially-crafted XML...
Security Bulletin: Information disclosure in Liberty for Java for IBM Cloud (CVE-2017-1681, CVE-2013-6440)
Summary There is a potential information disclosure vulnerability in WebSphere Application Server. There is an information disclosure due to an XML external entity XXE vulnerability when using the OpenSAML features in WebSphere Application Server Liberty. Vulnerability Details CVEID: CVE-2017-168...
Security Bulletin: Information disclosure in WebSphere Application Server Liberty (CVE-2013-6440)
Summary There is an information disclosure due to an XML external entity XXE vulnerability when using the OpenSAML features in WebSphere Application Server Liberty. Vulnerability Details CVEID: CVE-2013-6440 DESCRIPTION: OpenSAML could allow a remote authenticated attacker to obtain sensitive...
Important: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.0.3 update
Red Hat JBoss BPM Suite 6.0.3, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...
CVE-2013-6440
CVE-2013-6440 affects Shibboleth OpenSAML-Java before 2.6.1 where the expandEntityReferences setting was left true, enabling XML external entity (XXE) attacks via crafted DOCTYPEs. Affected library: OpenSAML-Java in Shibboleth deployments. Impact per sources is exposure of sensitive information t...
CVE-2013-6440
Removed by vendor...
RHEL 6 : JBoss EAP (RHSA-2014:0171)
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.1 and fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact...
RHEL 5 : JBoss EAP (RHSA-2014:0170)
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.1 and fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.1 update
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.1 and fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact...