43 matches found
ROOT-APP-MAVEN-CVE-2020-10683 CVE-2020-10683 in io.root.dom4j:dom4j - Patched by Root
Root has patched CVE-2020-10683 in the io.root.dom4j:dom4j package for Root:Maven. Multiple fixed versions available...
Security Bulletin: Multiple vulnerabilities affect embedded rules in IBM Business Automation Workflow
Summary Embedded rules in IBM Business Automation Workflow are affected by multiple vulnerabilities. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code o...
Security Bulletin: Vulnerability found in dom4j-1.6.1.jar which is shipped with IBM® Intelligent Operations Center(CVE-2020-10683)
Summary Vulnerability have been identified in dom4j-1.6.1.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2020-106...
Security Bulletin: ITCAM for Transactions affect by the Security vulnerability CVE-2020-10683 found in dom4j-1.6.1.jar
Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following dom4j-1.6.1.jar vulnerability and updated dom4j-1.6.1.jar to version 2.1.4 Vulnerability Details CVEID:CVE-2020-10683 DESCRIPTION: dom4j could allow a remote authenticated...
Security Bulletin: Multiple vulnerabilities affect the IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit
Summary The IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit are vulnerable, as per the CVEs listed in the Vulnerability Details section. These vulnerabilities affect some development tasks in the product toolkit. CVE-2022-29599 and CVE-2020-10683 only affect Test and Java...
Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable dom4j-1.6.1.jar
Summary Atlas eDiscovery Process Management is affected by a vulnerable dom4j-1.6.1.jar. Hence dom4j-1.6.1.jar upgraded to dom4j-2.0.3.jar to fix vulnerabilities. Vulnerability Details CVEID:CVE-2020-10683 DESCRIPTION: dom4j could allow a remote authenticated attacker to obtain sensitive...
K02349370: dom4j library vulnerability CVE-2020-10683
Security Advisory Description dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. CVE-2020-106...
Security Bulletin: IBM Security Verify Information Queue uses a dom4j version with improper XXE restrictions (CVE-2020-10683)
Summary The products image in IBM Security Verify Information Queue ISIQ v10.0.2 uses an older version of the dom4j library that does not properly safeguard against XML External Entity XXE attacks. ISIQ v10.0.3 has upgraded its products image to include a newer dom4j level that remediates the...
Security Bulletin: Vulnerabilities in Dojo and dom4j libraries affect Tivoli Netcool/OMNIbus WebGUI (CVE-2020-10683, CVE-2021-23450)
Summary Fix is available for vulnerabilities in Dojo and dom4j libraries affecting Tivoli Netcool/OMNIbus WebGUI CVE-2020-10683, CVE-2021-23450. Dojo is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. dom4j was required by Tivoli Netcool/OMNIbus WebGUI as part of Apache...
Mageia: Security Advisory (MGASA-2021-0034)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle WebCenter Portal Multiple Vulnerabilities (Jan 2021 CPU)
The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the January 2021 Critical Patch Update CPU. It is, therefore, affected by the following vulnerabilities : - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed multiple vulnerabilities in Oracle Enterprise Manager. The vulnerabilities allow an unauthenticated remote malicious party potentially able to launch attacks leading to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Access to...
Oracle Application Testing Suite (Jan 2021 CPU)
The 13.3.0.1 versions of Application Testing Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2021 CPU advisory. - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web App...
Updated dom4j packages fix a security vulnerability
A flaw was found in the dom4j library. By using the default SaxReader provided by Dom4J, external DTDs and External Entities are allowed, resulting in a possible XXE CVE-2020-10683...
Important: Red Hat Security Advisory: Red Hat Fuse 7.8.0 release and security update
A minor version update from 7.7 to 7.8 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
Ubuntu: Security Advisory (USN-4575-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 LTS : dom4j vulnerability (USN-4575-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4575-1 advisory. It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possib...
USN-4575-1 dom4j vulnerability
It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code. CVE-2020-10683...
USN-4575-1: dom4j vulnerability
It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code. CVE-2020-10683...
Huawei EulerOS: Security Advisory for dom4j (EulerOS-SA-2020-2102)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...