Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 1:43 a.m.47 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Collections

Summary Multiple vulnerabilities have been identified in Apache Commons Collections, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2017-15708 DESCRIPTION: Apac...

10CVSS10AI score0.96032EPSS
Exploits27Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/21 12:22 p.m.95 views

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary code execution due to Apache Commons Collections [CVE-2015-6420, CVE-2017-15708]

Summary Vulnerability in Apache Commons Collections library shipped with IBM Sterling Global Mailbox has been addressed. CVE-2015-6420, CVE-2017-15708 Vulnerability Details CVEID:CVE-2015-6420 DESCRIPTION: Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint...

9.8CVSS8.3AI score0.18763EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/17 6:26 a.m.59 views

Security Bulletin: Multiple vulnerabilities of Apache common collections (commons-collections-3.2.jar) have affected APM WebSphere Application Server Agent

Summary APM WebSphere Application Server Agent is vulnerable to Apache common collections commons-collections-3.2.jar. The fix includes commons-collections-3.2.jar upgraded to commons-collections-3.2.2.jar. CVE-2015-4852, CVE-2017-15708 and CVE-2019-13116 Vulnerability Details CVEID:CVE-2015-4852...

9.8CVSS9.9AI score0.96032EPSS
Exploits19Affected Software1
Openbugbounty
Openbugbounty
added 2020/03/22 1:56 p.m.9 views

toyotaoforlando.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1122066 Security Researcher 1Lov3Bugs Helped patch 329 vulnerabilities Received 2 Coordinated Disclosure badges Received 1 recommendations , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting toyotaoforlando.com websit...

0.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/01/26 12:24 p.m.8 views

openlink.ca.skku.edu Cross Site Scripting vulnerability OBB-1075098

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.8AI score
Exploits0
seebug.org
seebug.org
added 2017/12/12 12:0 a.m.199 views

Apache Synapse远程命令执行漏洞(CVE-2017-15708)

0X00 介绍 Apache Synapse是一种轻量级的高性能企业服务总线(ESB)。Apache Synapse由快速和异步的中介引擎提供支持,为XML、Web服务和REST提供了卓越的支持。 0X01 分析 我们知道,完成反序列化漏洞需要存在两个条件: 存在反序列化对象数据传输 有缺陷的第三方lib库,例如Apache Commons Collections 在FoxGlove Security安全团队的@breenmachine的博文中,总结了非常全面可能使用反序列化的地方: 在HTTP请求中 RMI,RMI在传输过程中一定会使用序列化和反序列化...

0.8AI score0.17741EPSS
Exploits1
CVE
CVE
added 2017/12/11 3:0 p.m.224 views

CVE-2017-15708

CVE-2017-15708 affects Apache Synapse: by default no authentication for Java RMI, enabling remote code execution through specially crafted serialized objects when Commons Collections 3.2.1 or earlier are present. IBM and related bulletins reiterate the issue and note that upgrading to Synapse 3.0...

9.8CVSS9.7AI score0.17741EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder