Lucene search
K

24 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 9:58 a.m.16 views

Security Bulletin: Due to the use of Swagger UI, IBM Security SOAR is vulnerable to spoofing attacks..

Summary IBM Security SOAR uses Swagger-UI internally. CVE-2025-25031 Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this...

4.3CVSS6.2AI score0.42326EPSS
Exploits4Affected Software1
GithubExploit
GithubExploit
added 2025/09/20 8:17 p.m.201 views

Exploit for Improper Input Validation in Smartbear Swagger_Ui

swagger-ui POC for Testing HTML Injection in Swagger UI CVE-...

4.3CVSS7.2AI score0.42326EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/12 5:31 p.m.35 views

Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data Version is affected by multiple vulnerabilties

Summary Mutiple open source vulnerabilties affects Watson Machine Learning Accelerator on Cloud Pak for Data Version 2.3.3 and have been addressed in version 2.3.4. Vulnerability Details CVEID:CVE-2021-23566 DESCRIPTION: Nanoid could allow a local attacker to obtain sensitive information, caused ...

9.1CVSS9.6AI score0.42326EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/29 9:45 p.m.41 views

Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may vulnerable to denial of service, spoofing attacks via dependent JavaScript libraries (CVE-2021-23440, CVE-2018-25031, CVE-2022-46175, CVE-2022-37599, CVE-2022-37603)

Summary IBM Storage Fusion and IBM Storage Fusion HCI, previously known as Spectrum Fusion and Spectrum Fusion HCI, may be affected by vulnerabilities in set-value Node.js, swagger-ui, JSON5, webpack/loader-utils. Vulnerabilities include access of resources using improper type leading to denial o...

9.8CVSS8.3AI score0.42326EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 5:52 p.m.35 views

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially-crafted URL, an attacker could exploit this vulnerabili...

4.3CVSS5.2AI score0.42326EPSS
Exploits4Affected Software1
Packet Storm
Packet Storm
added 2023/04/20 12:0 a.m.407 views

Swagger UI 4.1.3 Critical Information Misrepresentation

Exploit Title: Swagger UI 4.1.3 - User Interface UI Misrepresentation of Critical Information Date: 14 April, 2023 Exploit Author: Rafael Cintra Lopes Vendor Homepage: https://swagger.io/ Version: 4.1.3 CVE: CVE-2018-25031 Site: https://rafaelcintralopes.com.br/ Usage: python swagger-exploit.py...

4.3CVSS5.9AI score0.42326EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/20 12:0 a.m.456 views

Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information

Exploit Title: Swagger UI 4.1.3 - User Interface UI Misrepresentation of Critical Information Date: 14 April, 2023 Exploit Author: Rafael Cintra Lopes Vendor Homepage: https://swagger.io/ Version: 4.1.3 CVE: CVE-2018-25031 Site: https://rafaelcintralopes.com.br/ Usage: python swagger-exploit.py...

4.3CVSS5.6AI score0.42326EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/15 1:45 p.m.54 views

Security Bulletin: Swagger-ui as used by IBM QRadar Advisor With Watson App is vulnerable to spoofing attacks (CVE-2018-25031)

Summary Swagger-ui as used by IBM QRadar Advisor With Watson App is vulnerable to spoofing attacks. IBM has addressed the relevant vulnerability. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to...

4.3CVSS5.1AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:14 p.m.63 views

Security Bulletin: Vulnerabilites CVE-2018-25031 and CVE-2021-46708 in WebSphere Application Server Liberty affect IBM CICS TX Standard

Summary WebSphere Application Server Liberty is used by IBM CICS TX Standard to provide a web based administration console and to provide web services support. The fix removes vulnerabilities CVE-2018-25031 that allows a remote attacker to conduct spoofing attacks and CVE-2021-46708 that allows a...

6.1CVSS5.4AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:4 p.m.33 views

Security Bulletin: Vulnerabilites CVE-2018-25031 and CVE-2021-46708 in WebSphere Application Server Liberty affect IBM CICS TX Advanced

Summary WebSphere Application Server Liberty is used by IBM CICS TX Advanced to provide a web based administration console and to provide web services support. The fix removes vulnerabilities CVE-2018-25031 that allows a remote attacker to conduct spoofing attacks and CVE-2021-46708 that allows a...

6.1CVSS5.5AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/16 2:19 p.m.50 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to spoofing attacks due to WAS Liberty (CVE-2018-25031, CVE-2021-46708)

Summary IBM Sterling Partner Engagement Manager has addressed all vulnerabilities published by WAS liberty below. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially-crafted URL, a...

6.1CVSS5.5AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.31 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Summary There are multiple vulnerabilities in the swagger-ui library used by Liberty for Java for IBM Cloud with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0, openapi-3.0 or the openapi-3.1 feature enabled. These vulnerabilities could allow spoofing attacks or clickjacking...

6.1CVSS5.5AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 3:28 p.m.37 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Process Manager and IBM Business Automation Workflow

Summary WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow and IBM Business Process Manager. Information about security vulnerabilities affecting I...

5.8AI score0.42326EPSS
Exploits4Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/28 6:16 a.m.51 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2018-25031, CVE-2021-46708)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...

6.1CVSS5.1AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/06 5:21 a.m.51 views

Security Bulletin: A security vulnerability has been identified in SwaggerUI shipped with IBM Tivoli Netcool Impact (CVE-2018-25031, 221508)

Summary SwaggerUI is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting SwaggerUI has been published in a security bulletin. Vulnerability Details CVEID: CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By...

4.3CVSS1.4AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/19 8:39 p.m.25 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled as part of IBM WebSphere Hybrid Edition, is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Summary IBM WebSphere Application Server Liberty, which is bundled as part of IBM WebSphere Hybrid Edition, is vulnerable to spoofing attacks and clickjacking due to swagger-ui CVE-2018-25031, CVE-2021-46708 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

6.1CVSS2.4AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/19 8:38 p.m.33 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled in IBM Cloud Pak for Applications, is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Summary IBM WebSphere Application Server Liberty, which is bundled in IBM Cloud Pak for Applications, is vulnerable to spoofing attacks and clickjacking due to swagger-ui CVE-2018-25031, CVE-2021-46708 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

6.1CVSS3.4AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/18 4:56 p.m.33 views

Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM WebSphere Application Server Patterns is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Summary IBM WebSphere Application Server Liberty is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the swagger-ui library used by IBM WebSphere Application Server Liberty with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0,...

6.1CVSS0.4AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/08 3:41 p.m.36 views

Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to spoofing and clickjacking attacks due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Summary IBM WebSphere Application Server Liberty for IBM i contains swagger-ui which is vulnerable to spoofing and clickjacking attacks as described in the vulnerability details section. IBM WebSphere Application Server Liberty for IBM i has addressed the vulnerabilities with a fix that upgrades...

6.1CVSS6.7AI score0.42326EPSS
Exploits4Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/05 5:33 p.m.51 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Summary There are multiple vulnerabilities in the swagger-ui library used by IBM WebSphere Application Server Liberty with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0, openapi-3.0 or the openapi-3.1 feature enabled. These vulnerabilities could allow spoofing attacks or clickjacking...

6.1CVSS1AI score0.42326EPSS
Exploits4Affected Software1
Rows per page
Query Builder