Lucene search
K

32 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/04/10 8:56 p.m.42 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Apache Santuario XML Security for Java (CVE-2021-40690)

Summary IBM Sterling B2B Integrator uses Apache Santuario XML Security for Java. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-40690 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass securi...

7.5CVSS7.3AI score0.10448EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.39 views

Oracle Application Testing Suite (Apr 2023 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apac...

7.5CVSS6.8AI score0.10448EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/13 4:26 p.m.36 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Apache Santuario XML Security for Java (CVE-2021-40690, CVE-2014-8152)

Summary BM Sterling B2B Integrator has addressed the secuirty vulnerabilities in Apache Santurio XML Security. Vulnerability Details CVEID:CVE-2021-40690 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passi...

7.5CVSS7.5AI score0.10448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/03 4:44 p.m.41 views

Security Bulletin: IBM Security Verify Governance is vulnerable to bypassing of security restrictions due to use of Apache Santuario XML Security (CVE-2019-12400, CVE-2021-40690)

Summary IBM Security Verify Governance uses Apache Santuario XML Security for Java which could allow a remote attacker to bypass security restrictions caused by a couple of vulnerabilities. This could allow the attacker to launch further attacks on the system CVE-2019-12400, CVE-2021-40690. The f...

7.5CVSS6.7AI score0.10448EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2022/10/19 10:2 a.m.152 views

Vulnerable version of xmlsec used - CVE-2021-40690 in atlassian-authentication-plugin

Recently we have identified that on top of the libraries mentioned in JRASERVER-73580, there was another libraryatlassian-authentication-plugin that has a transitive dependency of xmlsec that could be related to the vulnerability described in...

7.5CVSS2.5AI score0.10448EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:39 a.m.43 views

Security Bulletin: A vulnerability in Apache XML Security for Java affects IBM Tivoli Business Service Manager (CVE-2013-4517, CVE-2013-2172, CVE-2009-0217, CVE-2021-40690)

Summary Apache XML Security for Java is shipped with IBM Tivoli Business Manager 6.2.0 as part of its XML security infrastructure. Information about security vulnerabilities affecting Apache XML Security for Javahas been published in a security bulletin. Vulnerability Details CVEID:CVE-2013-4517...

7.5CVSS7.3AI score0.10448EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/07/20 12:0 a.m.37 views

Ubuntu 18.04 LTS / 20.04 LTS : Apache XML Security for Java vulnerability (USN-5525-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5525-1 advisory. It was discovered that Apache XML Security for Java incorrectly passed a configuration property when creating specific key elements. This allows an...

7.5CVSS6.7AI score0.10448EPSS
Exploits0References2
Circl
Circl
added 2022/05/26 4:25 a.m.2 views

CVE-2021-40690

creationtimestamp| type| source ---|---|--- 2022-05-26 04:25:28+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/4474...

7.5CVSS6.5AI score0.10448EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/31 5:53 a.m.35 views

Security Bulletin: IBM Tivoli Netcool Impact vulnerable to security bypass due to Apache Santuario XML Security (CVE-2021-40690)

Summary Apache Santuario XML Security is shipoped as a component of IBM Tivoli Netcool Impact. Information about security vulnerabilitiy affecting Apache Santuario XML Security has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-40690 DESCRIPTION: Apache Santuario XML...

7.5CVSS0.2AI score0.10448EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2022/03/15 7:56 p.m.198 views

Vulnerable version of xmlsec used - CVE-2021-40690

Affected versions of Atlassian Jira Server and Data Center used versions of xmlsec that were vulnerable to CVE-2021-40690. Affected versions: version 8.22.2 Workaround: version 8.22.2 LTS versions 8.13 and versions up to 8.20.14 should also apply this workaround. This is permanently fixed in...

7.5CVSS1.7AI score0.10448EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2022/02/09 4:18 p.m.48 views

Moderate: Red Hat Security Advisory: Red Hat Integration - Service Registry release and security update [2.0.3.GA]

An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact o...

7.5CVSS6.7AI score0.10448EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/01/18 12:0 a.m.60 views

RHEL 8 : Red Hat Single Sign-On 7.5.1 security update on RHEL 8 (Important) (RHSA-2022:0152)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0152 advisory. Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

8.8CVSS6.9AI score0.10448EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2022/01/18 12:0 a.m.51 views

RHEL 7 : Red Hat Single Sign-On 7.5.1 security update on RHEL 7 (Important) (RHSA-2022:0151)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0151 advisory. Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

8.8CVSS6.9AI score0.10448EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2022/01/17 9:45 p.m.127 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.1 security update

A security update is now available for Red Hat Single Sign-On 7.5 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS6.7AI score0.10448EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2022/01/17 9:33 p.m.49 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.1 security update on RHEL 8

New Red Hat Single Sign-On 7.5.1 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS6.7AI score0.10448EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2022/01/17 9:33 p.m.57 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.1 security update on RHEL 7

New Red Hat Single Sign-On 7.5.1 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS6.7AI score0.10448EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2021/12/16 12:0 a.m.255 views

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.10 security update on RHEL 8 (Moderate) (RHSA-2021:5151)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5151 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.3.10 serves as a replacement for Red Hat JBoss Enterprise Application Platfo...

7.8CVSS6.9AI score0.10448EPSS
Exploits0References26
RedHat Linux
RedHat Linux
added 2021/12/15 2:52 p.m.39 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.10 security update on RHEL 6

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

7.8CVSS6.7AI score0.10448EPSS
Exploits0References18
RedHat Linux
RedHat Linux
added 2021/12/15 2:42 p.m.34 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.10 security update on RHEL 8

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

7.8CVSS6.7AI score0.10448EPSS
Exploits0References18
RedHat Linux
RedHat Linux
added 2021/12/15 2:38 p.m.50 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.10 security update on RHEL 7

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

7.8CVSS6.7AI score0.10448EPSS
Exploits0References18
Rows per page
Query Builder