19 matches found
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in Eclipse IDE versions
Summary Vulnerabilities have been identified in Eclipse IDE versions before 2023-09 4.29, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: In Eclipse IDE versions 2023-09 4.29 some files with xml content are...
CVE-2023-4218
In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses org.eclipse.core.runtime 3.10.0.v20140318-2214 which is vulnerable to CVE-2023-4218
Summary IBM Maximo Application Suite - Manage Component uses org.eclipse.core.runtime 3.10.0.v20140318-2214 which is vulnerable to CVE-2023-4218.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: In Eclipse IDE...
Security Bulletin: XML External Entity (XXE) injection vulnerability affects IBM Business Automation Workflow - CVE-2023-4218
Summary IBM Business Automation Workflow containers package a vulnerable copy of eclipse jars. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...
Security Bulletin: Vulnerability in eclipse affects IBM Business Automation Workflow - CVE-2023-4218
Summary IBM Business Automation Workflow packages a vulnerable version of eclipe jar files. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...
Security Bulletin: TPF Toolkit is affected by vulnerabilities in the Eclipse IDE and Apache Commons Compress
Summary The org.eclipse.core.runtime component is used by TPF Toolkit as part of the basic platform infrastructure CVE-2023-4218. Additionally, the Apache commons-compress package is used by TPF Toolkit web applications services as part of the code coverage feature CVE-2024-26308, CVE-2024-25710...
SUSE: Security Advisory (SUSE-SU-2024:1304-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:1304-1 Security update for eclipse, maven-surefire, tycho
This update for eclipse, maven-surefire, tycho fixes the following issues: eclipse received the following security fix: - CVE-2023-4218: Fixed a bug where parsing files with xml content laeds to XXE attacks. bsc1216992 maven-sunfire was updated from version 2.22.0 to 2.22.2: - Changes in version...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM MQ which is shipped with IBM Intelligent Operations Center(CVE-2023-4218, CVE-2023-44487, CVE-2023-39976, CVE-2024-25016)
Summary Multiple security vulnerabilities have been identified in IBM MQ which shipped with IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM MQ has been published in a security bulletinCVE-2023-4218, CVE-2023-44487, CVE-2023-39976, CVE-2024-25016...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server
Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about addressing security vulnerabilities affecting IBM MQ have been published in a security bulletins for CVE-2023-47745, CVE-2023-4218, CVE-2023-44487, CVE-2023-39976, CVE-2024-25016, linked herein. Vulnerability Details...
de.cau.cs.kieler.klighd:de.cau.cs.kieler.klighd (=2.3.0.v20230606), de.cau.cs.kieler.klighd:de.cau.cs.kieler.klighd.ide (=2.3.0.v20230606) +136 more potentially affected by CVE-2023-4218 via org.eclipse.platform:org.eclipse.ui.workbench (>=3.108.3 <=3.129.0)
org.eclipse.platform:org.eclipse.ui.workbench MAVEN version =3.108.3, =0.50.0.v20230607, =1.4.0, =1.4.0, =1.6.0, =1.4.0, =1.4.2, =1.4.0, =1.4.0, =1.6.0, =1.5.3, =1.7.4 and more Source cves: CVE-2023-4218 Source advisory: OSV:GHSA-J24H-X...
com.diffplug.durian:durian-swt (>=3.0.0 <=5.2.0), com.diffplug.durian:durian-swt.cocoa.macosx.aarch64 (>=3.6.1 <=5.2.0) +179 more potentially affected by CVE-2023-4218 via org.eclipse.platform:org.eclipse.jface (>=3.12.2 <=3.30.0)
org.eclipse.platform:org.eclipse.jface MAVEN version =3.12.2, =3.0.0, =3.6.1, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =1.0.31, =1.0.0, =1.0.0, =0.1.0, =1.0.1 and more Source cves: CVE-2023-4218 Source advisory: OSV:GHSA-J24H-XCPC-9JW8...
ch.epfl.scala:bsp4j (=2.2.0-M4.TEST), com.github.davidmoten.xuml-compiler.examples:simple (>=0.5.1 <=0.5.3) +671 more potentially affected by CVE-2023-4218 via org.eclipse.platform:org.eclipse.core.runtime (>=3.12.0 <=3.27.0)
org.eclipse.platform:org.eclipse.core.runtime MAVEN version =3.12.0, =0.5.1, =0.5.1, =0.5.1, =4.0.0-beta1, =0.0.1, =1.2.1, =1.0.33, =2.0.1, =2023.1, =1.2.3, =2.0.0, =3.0.0 - com.github.tsantalis:refactoring-miner =2.4.0 and more Source cves: CVE-2023-4218 Source advisory: OSV:GHSA-J24H-XCPC-9JW8...
net.enilink.komma:net.enilink.commons.ui (>=1.5.2 <=1.7.4), net.enilink.komma:net.enilink.komma.common.ui (>=1.5.2 <=1.7.4) +109 more potentially affected by CVE-2023-4218 via org.eclipse.platform:org.eclipse.urischeme (>=1.1.0 <=1.3.0)
org.eclipse.platform:org.eclipse.urischeme MAVEN version =1.1.0, =1.5.2, =1.5.2, =1.5.2, =1.5.2, =1.5.2, =1.5.2, =1.5.2, =1.5.2, =1.5.2, =1.5.2, =1.5.2, =1.5.2, =1.7.4 - org.eclipse.emfatic:org.eclipse.gymnast.runtime.core =1.0.0 - org.eclipse.jdt:org.eclipse.jdt =3.19.100 -...
CVE-2023-4218
In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...
UBUNTU-CVE-2023-4218
In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...
CVE-2023-4218 XXE in eclipse.platform / Eclipse IDE
In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...
CVE-2023-4218
CVE-2023-4218 is an XXE vulnerability in Eclipse IDE
CVE-2023-4218 XXE in eclipse.platform / Eclipse IDE
In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...