Lucene search
K

19 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/05/30 3:24 p.m.18 views

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnerable to information disclosure due to Springfox Swagger (CVE-2019-17495)

Summary IBM Sterling B2B Integrator uses Springfox Swagger. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. ...

9.8CVSS9.2AI score0.0558EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/15 5:43 a.m.47 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to CSS injection due to Swagger UI (CVE-2019-17495)

Summary IBM Sterling Partner Engagement Manager has addressed a vulnerability of CSS injection flaw bundled with Swagger UI. Vulnerability Details CVEID:CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By using t...

9.8CVSS9.3AI score0.0558EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 10:31 a.m.34 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to CSS injection due to Swagger CVE-2019-17495

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to CSS injection due to Swagger CVE-2019-17495 with details below Vulnerability Details CVEID:CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection...

9.8CVSS9.2AI score0.0558EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/11 1:19 p.m.27 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM StoredIQ (CVE-2019-17495)

Summary There is a Swagger vulnerability that affects WebSphere Application Server Liberty shipped with IBM StoredIQ. Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By using the...

9.8CVSS0.9AI score0.0558EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/10 2:19 p.m.28 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM StoredIQ InstaScan (CVE-2019-17495)

Summary There is a Swagger vulnerability that affects WebSphere Application Server Liberty shipped with IBM StoredIQ InstaScan. Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By usi...

9.8CVSS0.9AI score0.0558EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/07 1:14 p.m.35 views

Security Bulletin: Swagger Vulnerability in WebSphere Application Server Liberty shipped with Cloud Pak System (CVE-2019-17495)

Summary WebSphere Application Server Liberty is shipped as component with Cloud Pak System Information about security vulnerability affecting WebSphere Application Server liberty using Swagger UI have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

9.8CVSS1.4AI score0.0558EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/27 9:38 a.m.45 views

Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation

Summary The vulnerabilities are related to Java, WebSphere Liberty and docker images used by IBM Cloud Pak for Automation ICP4A. More precisely these are in IBM® SDK Java™ Technology Edition, Version 8 disclosed as part of the IBM Java SDK updates in October 2019 and January 2020, and in WebSpher...

9.8CVSS1.4AI score0.14961EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/21 3:16 p.m.30 views

Security Bulletin: Vulnerabilities in Swagger affects WebSphere Application Server Liberty

Summary There are vulnerabilities in Swagger that affects WebSphere Application Server Liberty used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information,...

9.8CVSS1AI score0.0558EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/10 5:38 p.m.27 views

Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-17495)

Summary IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By using the relative path...

9.8CVSS0.7AI score0.0558EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/19 7:26 p.m.26 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-17495)

Summary IBM Cloud Transformation Advisor has addressed the following vulnerability. CVE-2019-17495 Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By using the relative path overwrit...

9.8CVSS1.2AI score0.0558EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/13 2:46 p.m.38 views

Security Bulletin: Vulnerabilities in WebSphere Application Server Liberty affect IBM Jazz technology

Summary There are vulnerabilities in IBM WebSphere Application Server that affect Rational Team Concert RTC. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- RTC| 6.0.2 RTC| 6.0.6.1 RT...

9.8CVSS2.2AI score0.28839EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/22 4:27 p.m.30 views

Security Bulletin: Swagger vulnerability affects WebSphere Application Server Liberty bundled with IBM WebSphere Application Server Patterns (CVE-2019-17495)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletinss listed ...

9.8CVSS2.7AI score0.0558EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2020/01/21 5:25 p.m.61 views

(RHSA-2020:0192) Moderate: Open Liberty 20.0.0.1 Runtime security update

Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 20.0.0.1 serves as a replacement for Open Liberty 19.0.0.12 and includes bug fixes, enhancements, and security fixes. For specific information about this...

9.8CVSS1.1AI score0.0558EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/20 6:11 p.m.27 views

Security Bulletin: Swagger vulnerability affects WebSphere Application Server Liberty (CVE-2019-17495)

Summary There is a Swagger vulnerability that affects WebSphere Application Server Liberty. This affects the mpOpen-1.x and openAPI-3.x features. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain...

9.8CVSS0.7AI score0.0558EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/30 4:34 p.m.37 views

Security Bulletin: A Security Vulnerability affects IBM Cloud Private - Swagger UI (CVE-2019-17495)

Summary A Security Vulnerability affects IBM Cloud Private - Swagger UI Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based...

9.8CVSS0.7AI score0.0558EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2019/10/15 7:27 p.m.5 views

cc.akkaha:asura-play_2.12 (>=0.5.0 <=0.6.0), cc.akkaha:pea_2.12 (>=0.1.0 <=0.5.0) +222 more potentially affected by CVE-2019-17495 via org.webjars:swagger-ui (>=2.0.17 <=3.23.0)

org.webjars:swagger-ui MAVEN version =2.0.17, =0.5.0, =0.1.0, =3.2.3, =0.0.1, =0.5.0, =0.19.0, =0.20.0, =0.19.0, =0.19.0, =0.19.0, =1.0.0-beta-21, =1.0.0-beta-21, =0.1.1, =0.229, =0.229, =0.269 and more Source cves: CVE-2019-17495 Source advisory: OSV:GHSA-C427-HJC3-WRFW...

9.8CVSS6.7AI score0.0558EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2019/10/15 7:27 p.m.3 views

org.zalando.stups:spring-boot-stups-swagger-codegen-ui (>=0.4.4 <=0.5.0-beta-1) potentially affected by CVE-2019-17495 via io.springfox:springfox-swagger-ui (=2.0.1)

io.springfox:springfox-swagger-ui MAVEN version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on io.springfox:springfox-swagger-ui and may be impacted: - org.zalando.stups:spring-boot-stups-swagger-codegen-ui =0.4.4, =0.5.0-beta-1 Source cves:...

9.8CVSS6.7AI score0.0558EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2019/10/15 7:27 p.m.2 views

@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +196 more potentially affected by CVE-2019-17495 via swagger-ui (>=2.0.17 <=3.20.7)

swagger-ui NPM version =2.0.17, =2.0.0-rc5, =1.4.0, =0.0.4, =1.0.2, =7.0.0, =1.3.0, =3.0.0-alpha.0, =0.7.2, =3.0.1, =2.0.0, =0.0.1, =0.2.1 and more Source cves: CVE-2019-17495 Source advisory: OSV:GHSA-C427-HJC3-WRFW...

9.8CVSS6.7AI score0.0558EPSS
Exploits1
CVE
CVE
added 2019/10/10 9:4 p.m.336 views

CVE-2019-17495

CVE-2019-17495 is a CSS injection flaw in Swagger UI prior to 3.23.11 using the Relative Path Overwrite (RPO) technique that can lead to exfiltration of sensitive data (e.g., CSRF tokens) via CSS-based input field values. Concrete details across connected docs show multiple IBM advisories referen...

9.8CVSS9.3AI score0.0558EPSS
Exploits1References11Affected Software1
Rows per page
Query Builder