Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in April 2017. Vulnerability Details CVEID: CVE-2017-3511...

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Rational Application Developer for WebSphere Software (CVE-2015-1791, CVE-2015-1792, CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by IBM SDK for Node.js for the Cordova tools in Rational Application Developer fo...

Security Bulletin: A vulnerability affects the Cordova platform packaged with Rational Application Developer (CVE-2015-8320)

Summary A vulnerability has been discovered that affects the Cordova platform packaged with Rational Application Developer. Vulnerability Details CVEID: CVE-2015-8320 DESCRIPTION: Apache Cordova Android could allow a remote attacker to bypass security restrictions, caused by weak randomization of...

Security Bulletin: Multiple vulnerabilities in the IBM Java SDK affects IBM Rational Application Developer for WebSphere Software (CVE-2015-4872)

Summary There are multiple vulnerabilities in IBM® SDKs Java™ Technology Edition, Versions 6 and 7 that is used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in October 2015. Vulnerability Details CVEID: CVE-2015-4872...

Security Bulletin: Cross-Site Scripting Vulnerability with the UML Vizualization tools

Summary A cross-site scripting vulnerability with the UML Vizualization tools was addressed by IBM Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2015-7439 DESCRIPTION: IBM InfoSphere Data Architect is vulnerable to cross-site scripting, caused by improper...

Security Bulletin: Weaker than expected security with Liberty Repository affecting Rational Application Developer for WebSphere Software (CVE-2014-4767)

Summary The WebSphere Application Server Liberty profile could provide weaker than expected security when installing features via the Liberty Repository. A remote attacker could exploit this vulnerability using a man-in-the-middle technique to cause the installation of malicious code. Vulnerabili...

Security Bulletin: Multiple vulnerabilities in the IBM Java SDK affects IBM Rational Application Developer for WebSphere Software (CVE-2015-0488, CVE-2015-0478, CVE-2015-2808, CVE-2015-1916, CVE-2015-0204)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 6 and 7 that is used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also addresses FREAK: Factoring...

Security Bulletin: Multiple OpenSSL and Non-OpenSSL vulnerabilities in Node.js included in Rational Application Developer for WebSphere Software

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js has addressed the applicable CVEs, plus three additional vulnerabilities unrelated to the OpenSSL release. Vulnerability Details CVEID:...

Security Bulletin: IBM Java Quarterly CPU - Jan 2014 affecting Rational Application Developer (CVE-2014-0411)

Summary Timing differences based on validity of TLS messages can be exploited to decrypt the entire session. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software (CVE-2015-7575, CVE-2016-0466, CVE-2016-0475, CVE-2016-0448)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly...

JVN#52486659: Ghostscript access restriction bypass vulnerability

Ghostscript provided by Artifex Software Inc. contains an access restriction bypass vulnerability CWE-284. Impact By Ghostscript processing a specially crafted file, arbitrary command may be executed with the privilege of Ghostscript. Solution Update the Software Update the software according to...

DVNA - Damn Vulnerable NodeJS Application

Damn Vulnerable NodeJS Application DVNA is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. The fixes branch will contain fixes for the vulnerabilities. Fixes for vunerabilities OWASP Top 10 2017 vulnerabilities at...

Security Bulletin: IBM API Connect's Developer Portal is impacted by critical vulnerabilities in Drupal (SA-CORE-2019-009, SA-CORE-2019-011, SA-CORE-2019-012, SA-CORE-2019-010)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details Third Party Entry: 173284 DESCRIPTION: Drupal security bypass CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173284 for the current score. CVSS Vector:...

CVE-2020-7910

JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role...

CVE-2020-7910

JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role...

X (Formerly Twitter): Twitter Source Label allow 'mongolian vowel separator' U+180E (app name)

Summary: Twitter app-names which are shown in the Tweet source label are supposed to be unique and because of that they must not include invisible unicode characters. However, you can use the mongolian vowel separator in these app-name, which allows to fake a app-name. Description: Every tweet ha...

CVE-2020-7998

An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service...

CVE-2020-7998

An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service...

CVE-2020-7998

An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service...

CVE-2020-3131

A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service DoS condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to...