SmartClient Local File Inclusion Vulnerability

smartclient is an enterprise ajax framework , including very good UI library , tool library and client-server data binding and other features . A local file inclusion vulnerability exists in the remote procedure call RPC loadFile provided by the console functionality of SmartClient 12.0 at the...

SmartClient XML External Entity Injection Vulnerability

smartclient is an enterprise-class ajax framework , including a very good UI library , tool library and client-server data binding and other features . An XML External Entity Injection XXE vulnerability exists in the downloadWSDL feature of SmartClient 12.0. An attacker can exploit this...

CVE-2020-9353

An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML...

CVE-2020-9351

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the transaction parameter, the server replies with a verbose error showing where the application resides the...

CVE-2020-9353

An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML...

CVE-2020-9352

An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the transaction parameter. NOTE: the documentation states "These tools are, by...

PT-2020-20605 · Isomorphic · Smartclient

Name of the Vulnerable Software and Affected Versions: SmartClient version 12.0 Description: An issue was discovered in SmartClient where an unauthenticated attacker can make a POST request to "/tools/developerConsoleOperations.jsp" or "/isomorphic/IDACall" with malformed XML data in the...

PT-2020-20607 · Isomorphic · Smartclient

Name of the Vulnerable Software and Affected Versions: SmartClient version 12.0 Description: An issue was discovered in the Remote Procedure Call RPC loadFile provided by the console functionality. The issue affects the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL, where...

CVE-2020-9352

SmartClient 12.0 is affected by an unauthenticated blind XML External Entity (XXE) in the downloadWSDL feature. An attacker can trigger the vulnerability by sending a POST to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter. The issue is documented across m...

PT-2020-20606 · Isomorphic · Smartclient

Name of the Vulnerable Software and Affected Versions: SmartClient version 12.0 Description: An issue was discovered in the downloadWSDL feature, allowing unauthenticated exploitation of blind XXE. This can occur by sending a POST request to the "/tools/developerConsoleOperations.jsp" endpoint wi...

Unspecified Vulnerability in Oracle Fusion Middleware Reports Developer

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collection and other functions. An unspecified vulnerability exists in Oracle Fusion Middleware Reports...

Unspecified Vulnerability in Oracle Fusion Middleware Reports Developer (CNVD-2020-17119)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collection and other functions. An unspecified vulnerability exists in Oracle Fusion Middleware Reports...

Intel® SGX SDK Advisory

Summary: A potential security vulnerability in Intel® Software Guard Extensions SGX SDK may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2020-0561 Description: Improper initialization in the IntelR S...

Security Bulletin: Multiple vulnerabilities in the IBM SDK for Node.js affect the Cordova tools in IBM Rational Application Developer (CVE-2016-2086, CVE-2016-2216, CVE-2015-3197)

Summary Security vulnerabilities have been discovered in the IBM SDK for Node.js used by the Cordova platform packaged in IBM Rational Application Developer. Vulnerability Details CVEID: CVE-2016-2086 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the improper handling of...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in October 2017 and January 2018. Vulnerability Details...

Security Bulletin: A Security Vulnerability, exists in the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software (CVE-2015-1835)

Summary A security vulnerability, CVE-2015-1835, has been discovered that affects the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2015-1835 DESCRIPTION: The Apache Cordova could allow a remote attacker to...

Security Bulletin: Security vulnerability with Eclipse Git Team Provider affects Rational Application Developer (CVE-2014-9390)

Summary This vulnerability affects users on Windows and Mac OS X but not typical UNIX users. Even though the issue may not affect Linux users, if you are a hosting service whose users may fetch from your service to Windows or Mac OS X machines, you are strongly encouraged to update to protect suc...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Rational Application Developer for WebSphere (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Rational Application Developer for WebSphere Software Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caus...

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Application Developer for WebSphere Software (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. A...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in January 2017 and October 2016. Vulnerability Details...