SmartClient Absolute Path Information Disclosure Vulnerability

smartclient is an enterprise ajax framework , including very good UI library , tool library and client-server data binding and other features . An absolute path information disclosure vulnerability exists in SmartClient 12.0. An unauthenticated attacker can exploit this vulnerability by sending a...

SmartClient XML External Entity Injection Vulnerability

smartclient is an enterprise-class ajax framework , including a very good UI library , tool library and client-server data binding and other features . An XML External Entity Injection XXE vulnerability exists in the downloadWSDL feature of SmartClient 12.0. An attacker can exploit this...

CVE-2020-9353

An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML...

CVE-2020-9352

An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the transaction parameter. NOTE: the documentation states "These tools are, by...

CVE-2020-9353

An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML...

CVE-2020-9351

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the transaction parameter, the server replies with a verbose error showing where the application resides the...

PT-2020-20607 · Isomorphic · Smartclient

Name of the Vulnerable Software and Affected Versions: SmartClient version 12.0 Description: An issue was discovered in the Remote Procedure Call RPC loadFile provided by the console functionality. The issue affects the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL, where...

PT-2020-20605 · Isomorphic · Smartclient

Name of the Vulnerable Software and Affected Versions: SmartClient version 12.0 Description: An issue was discovered in SmartClient where an unauthenticated attacker can make a POST request to "/tools/developerConsoleOperations.jsp" or "/isomorphic/IDACall" with malformed XML data in the...

PT-2020-20606 · Isomorphic · Smartclient

Name of the Vulnerable Software and Affected Versions: SmartClient version 12.0 Description: An issue was discovered in the downloadWSDL feature, allowing unauthenticated exploitation of blind XXE. This can occur by sending a POST request to the "/tools/developerConsoleOperations.jsp" endpoint wi...

CVE-2020-9352

SmartClient 12.0 is affected by an unauthenticated blind XML External Entity (XXE) in the downloadWSDL feature. An attacker can trigger the vulnerability by sending a POST to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter. The issue is documented across m...

Unspecified Vulnerability in Oracle Fusion Middleware Reports Developer (CNVD-2020-17119)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collection and other functions. An unspecified vulnerability exists in Oracle Fusion Middleware Reports...

Unspecified Vulnerability in Oracle Fusion Middleware Reports Developer

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collection and other functions. An unspecified vulnerability exists in Oracle Fusion Middleware Reports...

Intel® SGX SDK Advisory

Summary: A potential security vulnerability in Intel® Software Guard Extensions SGX SDK may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2020-0561 Description: Improper initialization in the IntelR S...

Security Bulletin: Security Vulnerability in Apache Batik (CVE-2015-0250)

Summary Apache Batik could allow a remote attacker to obtain sensitive information. By persuading a victim to open a specially-crafted SVG file, an attacker could exploit this vulnerability to reveal files and obtain sensitive information. Vulnerability Details CVEID: CVE-2015-0250 DESCRIPTION:...

Security Bulletin: A Security Vulnerability, exists in the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software (CVE-2015-5256)

Summary A security vulnerability, CVE-2015-5256, has been discovered that affects the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software. Vulnerability Details CVE-ID: CVE-2015-5256 DESCRIPTION: Apache Cordova Android could allow a remote attacker ...

Security Bulletin: A Security Vulnerability, exists in the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software (CVE-2015-1835)

Summary A security vulnerability, CVE-2015-1835, has been discovered that affects the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2015-1835 DESCRIPTION: The Apache Cordova could allow a remote attacker to...

Security Bulletin: A Security Vulnerability exists in the Dojo runtime that affects Rational Application Developer

Summary The dojox/form/resources/fileuploader.swf, dojox/form/resources/uploader.swf, dojox/av/resources/audio.swf, and dojox/av/resources/video.swf files exhibit an cross-site scripting XSS vulnerability. Any web application using the IBM Dojo Toolkit and providing those files might be subject t...

Security Bulletin: Cross-Site Scripting Vulnerability with the UML Vizualization tools

Summary A cross-site scripting vulnerability with the UML Vizualization tools was addressed by IBM Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2015-7439 DESCRIPTION: IBM InfoSphere Data Architect is vulnerable to cross-site scripting, caused by improper...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Application Developer for WebSphere (CVE-2015-0138, CVE-2014-6593, CVE-2015-0410, CVE-2015-0400)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by Rational Application Developer. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPO...

Security Bulletin: IBM Java Quarterly CPU - Jan 2014 affecting Rational Application Developer (CVE-2014-0411)

Summary Timing differences based on validity of TLS messages can be exploited to decrypt the entire session. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID...