7 matches found
Security Bulletin: IBM MaaS360 Cloud Extender Agent, Configuration Utility and Mobile Enterprise Gateway (MEG) affected by multiple vulnerabilities (CVE-2024-21907, CVE-2023-39017, CVE-2024-40642, CVE-2015-2325)
Summary Vulnerabilities contained within newtonsoft.json 3rd party components were addressed in the IBM MaaS360 Cloud Extender Agent, Configuration Utility. Vulnerabilities contained within Netty 3rd party components were addressed in the IBM MaaS360 Mobile Enterprise Gateway MEG Module...
Security Bulletin: IBM Storage Fusion HCI could be vulnerable to code injection via use of quartz/quartz-jobs [CVE-2023-39017]
Summary The Java library quartz/quartz-jobs is used by IBM Storage Fusion HCI for backup scheduling. A vulnerability in this library includes code injection that could lead to execution of arbitrary code as described in the CVE listed in the 'Vulnerabilities Details' section. This bulletin...
Security Bulletin: IBM Maximo Application Suite - IoT Component uses quartz-jobs-2.3.2.jar which is vulnerable. [CVE-2023-39017]
Summary IBM Maximo Application Suite - IoT Component uses quartz-jobs-2.3.2.jar which is vulnerable. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-39017 DESCRIPTION: Quartz Job Scheduler could allow a remote attacker to execut...
Security Bulletin: IBM Maximo Application Suite - IoT Component uses quartz-jobs-2.3.2.jar which is vulnerable. [CVE-2023-39017]
Summary IBM Maximo Application Suite - IoT Component uses quartz-jobs-2.3.2.jar which is vulnerable. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-39017 DESCRIPTION: Quartz Job Scheduler could allow a remote attacker to execut...
CVE-2023-39017
A code injection vulnerability was found in quartz-jobs. The issue resides in the org.quartz.jobs.ee.jms.SendQueueMessageJob.execute component, where an unchecked argument can trigger the vulnerability. Mitigation Mitigation for this issue is either not available or the currently available option...
CVE-2023-39017
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that...
CVE-2023-39017
CVE-2023-39017 is a code-injection vulnerability in quartz-jobs (SendQueueMessageJob.execute) with a base CVSS v3.1 score of 9.8. IBM and IBM-related advisories confirm affected products and fixes. Root cause: improper neutralization of user-supplied input in the SendQueueMessageJob, which could ...