3 matches found
Security Bulletin: Enterprise Content Manager System Monitor For March 2024 - Multiple CVE adressed
Summary Enterprise Content Manager System Monitor is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details...
Security Bulletin: Improper Restriction of XML External Entity Reference in liquibase prior to 4.8.0 Affects IBM Partner Engagement Manager (CVE-2022-0839)
Summary IBM Sterling Partner Engagement Manager uses Liquibase that is vulnerable to XML external entity processing, caused by improper validation of user-supplied input by the XMLChangeLogSAXParser function. A remote attacker could exploit this vulnerability to input a malicious XML reference to...
CVE-2022-0839
CVE-2022-0839 affects Liquibase in liquibase/liquibase prior to 4.8.0, due to improper validation in XMLChangeLogSAXParser() that enables XML External Entity processing. This could allow a remote attacker to disclose sensitive information or perform SSRF. The documented remediation is to upgrade ...