7 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-22899
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. CVE-2023-22899 Note that Nessus relies...
Moderate: Red Hat Security Advisory: Migration Toolkit for Runtimes security update
An update is now available for Migration Toolkit for Runtimes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Oracle Access Manager Multiple Vulnerabilities (Apr 2023 CPU)
The version of Oracle Access Manager installed on the remote host is missing a security patch from the April 2023 CPU Advisory. It is, therefore, affected by multiple vulnerabilities: - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Third Party Jython. T...
Security Bulletin: IBM App Connect Enterprise is affected by a remote attacker due to the zip4j library [CVE-2023-22899]
Summary IBM App Connect Enterprise Transformation Advisor tool is affected by a remote attacker due to the zip4j library CVE-2023-22899. The resolving ifix includes zip4j v2.11.3. Vulnerability Details CVEID:CVE-2023-22899 DESCRIPTION: Zip4j could provide weaker than expected security, caused by...
CVE-2023-22899
Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive...
CVE-2023-22899
CVE-2023-22899 affects Zip4j (v2.11.2 and earlier) as used in products like IBM/App Connect Enterprise and Threema. The issue is that MAC verification is not consistently applied when decrypting ZIP archives, constituting a cryptographic integrity risk. Several connected sources confirm the impac...
CVE-2023-22899
Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive...