19 matches found
Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnerable to information disclosure due to Springfox Swagger (CVE-2019-17495)
Summary IBM Sterling B2B Integrator uses Springfox Swagger. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. ...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to CSS injection due to Swagger UI (CVE-2019-17495)
Summary IBM Sterling Partner Engagement Manager has addressed a vulnerability of CSS injection flaw bundled with Swagger UI. Vulnerability Details CVEID:CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By using t...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to CSS injection due to Swagger CVE-2019-17495
Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to CSS injection due to Swagger CVE-2019-17495 with details below Vulnerability Details CVEID:CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM StoredIQ (CVE-2019-17495)
Summary There is a Swagger vulnerability that affects WebSphere Application Server Liberty shipped with IBM StoredIQ. Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By using the...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM StoredIQ InstaScan (CVE-2019-17495)
Summary There is a Swagger vulnerability that affects WebSphere Application Server Liberty shipped with IBM StoredIQ InstaScan. Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By usi...
Security Bulletin: Swagger Vulnerability in WebSphere Application Server Liberty shipped with Cloud Pak System (CVE-2019-17495)
Summary WebSphere Application Server Liberty is shipped as component with Cloud Pak System Information about security vulnerability affecting WebSphere Application Server liberty using Swagger UI have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation
Summary The vulnerabilities are related to Java, WebSphere Liberty and docker images used by IBM Cloud Pak for Automation ICP4A. More precisely these are in IBM® SDK Java™ Technology Edition, Version 8 disclosed as part of the IBM Java SDK updates in October 2019 and January 2020, and in WebSpher...
Security Bulletin: Vulnerabilities in Swagger affects WebSphere Application Server Liberty
Summary There are vulnerabilities in Swagger that affects WebSphere Application Server Liberty used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information,...
Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-17495)
Summary IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By using the relative path...
Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-17495)
Summary IBM Cloud Transformation Advisor has addressed the following vulnerability. CVE-2019-17495 Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By using the relative path overwrit...
Security Bulletin: Vulnerabilities in WebSphere Application Server Liberty affect IBM Jazz technology
Summary There are vulnerabilities in IBM WebSphere Application Server that affect Rational Team Concert RTC. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- RTC| 6.0.2 RTC| 6.0.6.1 RT...
Security Bulletin: Swagger vulnerability affects WebSphere Application Server Liberty bundled with IBM WebSphere Application Server Patterns (CVE-2019-17495)
Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletinss listed ...
(RHSA-2020:0192) Moderate: Open Liberty 20.0.0.1 Runtime security update
Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 20.0.0.1 serves as a replacement for Open Liberty 19.0.0.12 and includes bug fixes, enhancements, and security fixes. For specific information about this...
Security Bulletin: Swagger vulnerability affects WebSphere Application Server Liberty (CVE-2019-17495)
Summary There is a Swagger vulnerability that affects WebSphere Application Server Liberty. This affects the mpOpen-1.x and openAPI-3.x features. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain...
Security Bulletin: A Security Vulnerability affects IBM Cloud Private - Swagger UI (CVE-2019-17495)
Summary A Security Vulnerability affects IBM Cloud Private - Swagger UI Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based...
cc.akkaha:asura-play_2.12 (>=0.5.0 <=0.6.0), cc.akkaha:pea_2.12 (>=0.1.0 <=0.5.0) +222 more potentially affected by CVE-2019-17495 via org.webjars:swagger-ui (>=2.0.17 <=3.23.0)
org.webjars:swagger-ui MAVEN version =2.0.17, =0.5.0, =0.1.0, =3.2.3, =0.0.1, =0.5.0, =0.19.0, =0.20.0, =0.19.0, =0.19.0, =0.19.0, =1.0.0-beta-21, =1.0.0-beta-21, =0.1.1, =0.229, =0.229, =0.269 and more Source cves: CVE-2019-17495 Source advisory: OSV:GHSA-C427-HJC3-WRFW...
org.zalando.stups:spring-boot-stups-swagger-codegen-ui (>=0.4.4 <=0.5.0-beta-1) potentially affected by CVE-2019-17495 via io.springfox:springfox-swagger-ui (=2.0.1)
io.springfox:springfox-swagger-ui MAVEN version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on io.springfox:springfox-swagger-ui and may be impacted: - org.zalando.stups:spring-boot-stups-swagger-codegen-ui =0.4.4, =0.5.0-beta-1 Source cves:...
@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +196 more potentially affected by CVE-2019-17495 via swagger-ui (>=2.0.17 <=3.20.7)
swagger-ui NPM version =2.0.17, =2.0.0-rc5, =1.4.0, =0.0.4, =1.0.2, =7.0.0, =1.3.0, =3.0.0-alpha.0, =0.7.2, =3.0.1, =2.0.0, =0.0.1, =0.2.1 and more Source cves: CVE-2019-17495 Source advisory: OSV:GHSA-C427-HJC3-WRFW...
CVE-2019-17495
CVE-2019-17495 is a CSS injection flaw in Swagger UI prior to 3.23.11 using the Relative Path Overwrite (RPO) technique that can lead to exfiltration of sensitive data (e.g., CSRF tokens) via CSS-based input field values. Concrete details across connected docs show multiple IBM advisories referen...