24 matches found
Security Bulletin: Due to the use of Swagger UI, IBM Security SOAR is vulnerable to spoofing attacks..
Summary IBM Security SOAR uses Swagger-UI internally. CVE-2025-25031 Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this...
Exploit for Improper Input Validation in Smartbear Swagger_Ui
swagger-ui POC for Testing HTML Injection in Swagger UI CVE-...
Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data Version is affected by multiple vulnerabilties
Summary Mutiple open source vulnerabilties affects Watson Machine Learning Accelerator on Cloud Pak for Data Version 2.3.3 and have been addressed in version 2.3.4. Vulnerability Details CVEID:CVE-2021-23566 DESCRIPTION: Nanoid could allow a local attacker to obtain sensitive information, caused ...
Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may vulnerable to denial of service, spoofing attacks via dependent JavaScript libraries (CVE-2021-23440, CVE-2018-25031, CVE-2022-46175, CVE-2022-37599, CVE-2022-37603)
Summary IBM Storage Fusion and IBM Storage Fusion HCI, previously known as Spectrum Fusion and Spectrum Fusion HCI, may be affected by vulnerabilities in set-value Node.js, swagger-ui, JSON5, webpack/loader-utils. Vulnerabilities include access of resources using improper type leading to denial o...
Security Bulletin: Open Source Dependency Vulnerability
Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially-crafted URL, an attacker could exploit this vulnerabili...
Swagger UI 4.1.3 Critical Information Misrepresentation
Exploit Title: Swagger UI 4.1.3 - User Interface UI Misrepresentation of Critical Information Date: 14 April, 2023 Exploit Author: Rafael Cintra Lopes Vendor Homepage: https://swagger.io/ Version: 4.1.3 CVE: CVE-2018-25031 Site: https://rafaelcintralopes.com.br/ Usage: python swagger-exploit.py...
Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information
Exploit Title: Swagger UI 4.1.3 - User Interface UI Misrepresentation of Critical Information Date: 14 April, 2023 Exploit Author: Rafael Cintra Lopes Vendor Homepage: https://swagger.io/ Version: 4.1.3 CVE: CVE-2018-25031 Site: https://rafaelcintralopes.com.br/ Usage: python swagger-exploit.py...
Security Bulletin: Swagger-ui as used by IBM QRadar Advisor With Watson App is vulnerable to spoofing attacks (CVE-2018-25031)
Summary Swagger-ui as used by IBM QRadar Advisor With Watson App is vulnerable to spoofing attacks. IBM has addressed the relevant vulnerability. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to...
Security Bulletin: Vulnerabilites CVE-2018-25031 and CVE-2021-46708 in WebSphere Application Server Liberty affect IBM CICS TX Standard
Summary WebSphere Application Server Liberty is used by IBM CICS TX Standard to provide a web based administration console and to provide web services support. The fix removes vulnerabilities CVE-2018-25031 that allows a remote attacker to conduct spoofing attacks and CVE-2021-46708 that allows a...
Security Bulletin: Vulnerabilites CVE-2018-25031 and CVE-2021-46708 in WebSphere Application Server Liberty affect IBM CICS TX Advanced
Summary WebSphere Application Server Liberty is used by IBM CICS TX Advanced to provide a web based administration console and to provide web services support. The fix removes vulnerabilities CVE-2018-25031 that allows a remote attacker to conduct spoofing attacks and CVE-2021-46708 that allows a...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to spoofing attacks due to WAS Liberty (CVE-2018-25031, CVE-2021-46708)
Summary IBM Sterling Partner Engagement Manager has addressed all vulnerabilities published by WAS liberty below. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially-crafted URL, a...
Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
Summary There are multiple vulnerabilities in the swagger-ui library used by Liberty for Java for IBM Cloud with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0, openapi-3.0 or the openapi-3.1 feature enabled. These vulnerabilities could allow spoofing attacks or clickjacking...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Process Manager and IBM Business Automation Workflow
Summary WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow and IBM Business Process Manager. Information about security vulnerabilities affecting I...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2018-25031, CVE-2021-46708)
Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...
Security Bulletin: A security vulnerability has been identified in SwaggerUI shipped with IBM Tivoli Netcool Impact (CVE-2018-25031, 221508)
Summary SwaggerUI is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting SwaggerUI has been published in a security bulletin. Vulnerability Details CVEID: CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled as part of IBM WebSphere Hybrid Edition, is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
Summary IBM WebSphere Application Server Liberty, which is bundled as part of IBM WebSphere Hybrid Edition, is vulnerable to spoofing attacks and clickjacking due to swagger-ui CVE-2018-25031, CVE-2021-46708 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled in IBM Cloud Pak for Applications, is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
Summary IBM WebSphere Application Server Liberty, which is bundled in IBM Cloud Pak for Applications, is vulnerable to spoofing attacks and clickjacking due to swagger-ui CVE-2018-25031, CVE-2021-46708 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM WebSphere Application Server Patterns is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
Summary IBM WebSphere Application Server Liberty is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the swagger-ui library used by IBM WebSphere Application Server Liberty with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0,...
Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to spoofing and clickjacking attacks due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
Summary IBM WebSphere Application Server Liberty for IBM i contains swagger-ui which is vulnerable to spoofing and clickjacking attacks as described in the vulnerability details section. IBM WebSphere Application Server Liberty for IBM i has addressed the vulnerabilities with a fix that upgrades...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
Summary There are multiple vulnerabilities in the swagger-ui library used by IBM WebSphere Application Server Liberty with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0, openapi-3.0 or the openapi-3.1 feature enabled. These vulnerabilities could allow spoofing attacks or clickjacking...