32 matches found
ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=0.8.38 <=0.8.41), ai.timefold.solver:timefold-solver-quarkus-devui-integration-test (>=0.8.38 <=0.8.41) +1863 more potentially affected by CVE-2023-0482 via org.jboss.resteasy:resteasy-core (>=4.0.0.Beta6 <=4.7.7.Final)
org.jboss.resteasy:resteasy-core MAVEN version =4.0.0.Beta6, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =2.0.0, =0.1.5, =0.1.5, =1.0.0-alpha1, =0.0.1, =1.8.0, =0.5.8, =0.5.9 and more Source cves: CVE-2023-0482 Source advisory: OSV:GHSA-2C6G-PFX3-W7H8htt...
com.planonsoftware.app:com.planonsoftware.app.gradle.plugin (=0.0.1), com.planonsoftware:gradle.development.environment.plugin (=0.0.1) +28 more potentially affected by CVE-2023-0482 via org.jboss.resteasy:resteasy-multipart-provider (>=5.0.0.Alpha1 <=5.0.5.Final)
org.jboss.resteasy:resteasy-multipart-provider MAVEN version =5.0.0.Alpha1, =0.15.3, =0.15.3, =0.15.3, =0.15.3, =0.27.1, =0.27.1, =9.5.7, =3.5.0, =0.7.6, =0.7.6, =0.7.6, =0.7.2, =4.1.5, =4.7.2 and more Source cves: CVE-2023-0482 Source advisory: OSV:GHSA-2C6G-PFX3-W7H8...
Insecure Temporary File in RESTEasy
Impact In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. Patches Fixed in the following pull requests:...
Security Bulletin: IBM SPSS Analytic Server is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482)
Summary IBM SPSS Analytic Server is vulnerable to a privilege escalation due to RESTEasy CVE-2023-0482 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM SPSS Analytic Server| 3.5...
Security Bulletin: Several Security Vulnerabilities were discovered in IBM Security Directory Suite. (CVE-2023-24998, CVE-2023-28867, CVE-2023-0482)
Summary Several vulnerabilities were addressed in WebSphere Application Server Liberty components shipped with the IBM Security Directory Suite Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit t...
Medium: resteasy-base
Issue Overview: A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's paramete...
Amazon Linux 2 : resteasy-base (ALAS-2024-2398)
The version of resteasy-base installed on the remote host is prior to 3.0.6-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2398 advisory. A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are...
Security Bulletin: Vulnerability in WebSphere Liberty affect Cloud Pak System [CVE-2023-0482]
Summary Vulnerability in WebSphere Liberty affect Cloud Pak System CVE-2023-0482. Vulnerability Details CVEID:CVE-2023-0482 DESCRIPTION: RESTEasy could allow a local authenticated attacker to gain elevated privileges on the system, caused by the creation of insecure temp files in the...
Security Bulletin: IBM Spectrum Control is vulnerable to weaknesse related to IBM WebSphere Application Server Liberty
Summary Vulnerability in IBM WebSphere Application Server Liberty such as denial of service, gaining elevated privileges may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer...
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to privilege escalation due to IBM WebSphere Application Server Liberty (CVE-2023-0482)
Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...
Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.5.0 release and security update
Red Hat AMQ Streams 2.5.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Security Bulletin: RESTEasy component is vulnerable to CVE-2023-0482 is used by IBM Maximo Application Suite
Summary IBM Maximo Application Suite uses RESTEasypackage which is vulnerable to CVE-2023-0482. Vulnerability Details CVEID:CVE-2023-0482 DESCRIPTION: RESTEasy could allow a local authenticated attacker to gain elevated privileges on the system, caused by the creation of insecure temp files in th...
Security Bulletin: IBM PowerVM Novalink is vulnerable because RESTEasy could allow a local authenticated attacker to gain elevated privileges on the system, caused by the creation of insecure temp files in the File. (CVE-2023-0482)
Summary IBM PowerVM Novalink is vulnerable because RESTEasy could allow a local authenticated attacker to gain elevated privileges on the system, caused by the creation of insecure temp files in the File.createTempFile used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes. By...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482)
Summary IBM Spectrum Protect for Workstations Central Administration Console requires the dependent product IBM WebSphere Application Server Liberty. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Refer to t...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to RESTEasy privileges elevation vulnerability( CVE-2023-0482)
Summary Potential RESTEasy privileges elevation vulnerability CVE-2023-0482 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-0482 DESCRIPTION: RESTEasy could allow a local...
Security Bulletin: IBM Match 360 is vulnerable to a privilege escalation due to RESTEasy within IBM WebSphere Application Server Liberty (CVE-2023-0482)
Summary There is a vulnerability in the RESTEasy library used by IBM WebSphere Application Server Liberty when the feature restfulWS-3.0 or restfulWS-3.1 is enabled. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-0482 DESCRIPTION: RESTEasy could allow a...
Security Bulletin: IBM Storage Protect Operations Center is vulnerable to a privilege escalation due to IBM WebSphere Application Server Liberty (CVE-2023-0482)
Summary IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy. IBM Storage Protect Operations Center uses IBM WebSphere Application Server Liberty and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2023-0482 DESCRIPTION: RESTEasy...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.3 security update on RHEL 9
New Red Hat Single Sign-On 7.6.3 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.3 security update on RHEL 7
New Red Hat Single Sign-On 7.6.3 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Security Bulletin: CVE-2023-0482 may affect IBM TXSeries for Multiplatforms
Summary CVE-2023-0482 may affect IBM WebSphere Application Server Liberty used by IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVEs. Updated Liberty is provided as a special fix and the fix is uploaded to Fix Central. Vulnerability Details...