Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Application Developer for WebSphere Software (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. A...

Security Bulletin: Multiple vulnerabilities in the IBM Java SDK affects IBM Rational Application Developer for WebSphere Software (CVE-2015-4872)

Summary There are multiple vulnerabilities in IBM® SDKs Java™ Technology Edition, Versions 6 and 7 that is used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in October 2015. Vulnerability Details CVEID: CVE-2015-4872...

Security Bulletin: Multiple vulnerabilities in the IBM Java SDK affects IBM Rational Application Developer for WebSphere Software (CVE-2015-0488, CVE-2015-0478, CVE-2015-2808, CVE-2015-1916, CVE-2015-0204)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 6 and 7 that is used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also addresses FREAK: Factoring...

Security Bulletin: Vulnerability in Rational Application Developer for WebSphere Software due to issues in IBM Java SDK (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)

Summary The version of IBM WebSphere Application Server that is shipped with Rational Application Developer for WebSphere Software is shipped with an IBM Java SDK that is based on the Oracle SDK. Oracle has released February 2013 critical patch updates CPU which contain security vulnerability fix...

Security Bulletin: ClassLoader manipulation with Apache Struts affecting Rational Application Developer (CVE-2014-0114)

Summary There is a ClassLoader manipulation vulnerability in Apache Struts that is bundled by IBM Rational Application Developer for WebSphere Software. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more...

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Rational Application Developer for WebSphere Software (CVE-2015-1791, CVE-2015-1792, CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by IBM SDK for Node.js for the Cordova tools in Rational Application Developer fo...

Security Bulletin: Vulnerabilities in OpenSSL affect Rational Application Developer for WebSphere Software (CVE-2016-0701, CVE-2015-3197)

Summary OpenSSL vulnerabilities were disclosed on January 28, 2016 by the OpenSSL Project. OpenSSL is used by IBM Rational Application Developer for WebSphere Software. IBM Rational Application Developer for WebSphere Software has addressed the applicable CVEs. Vulnerability Details CVEID:...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794)

Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM Rational Application Developer for WebSphere Software. IBM Rational Application Developer for WebSphere Software has addressed the applicable CVEs. Vulnerability Details CVEID:...

Security Bulletin: Vulnerabilities in OpenSSL affects Rational Application Developer for WebSphere Software (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. OpenSSL is used by the Cordova platform packaged with Rational Application Developer for WebSphere Software and has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2014-3570 Description: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software (CVE-2015-7575, CVE-2016-0466, CVE-2016-0475, CVE-2016-0448)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly...

JVN#52486659: Ghostscript access restriction bypass vulnerability

Ghostscript provided by Artifex Software Inc. contains an access restriction bypass vulnerability CWE-284. Impact By Ghostscript processing a specially crafted file, arbitrary command may be executed with the privilege of Ghostscript. Solution Update the Software Update the software according to...

DVNA - Damn Vulnerable NodeJS Application

Damn Vulnerable NodeJS Application DVNA is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. The fixes branch will contain fixes for the vulnerabilities. Fixes for vunerabilities OWASP Top 10 2017 vulnerabilities at...

Security Bulletin: IBM API Connect's Developer Portal is impacted by critical vulnerabilities in Drupal (SA-CORE-2019-009, SA-CORE-2019-011, SA-CORE-2019-012, SA-CORE-2019-010)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details Third Party Entry: 173284 DESCRIPTION: Drupal security bypass CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173284 for the current score. CVSS Vector:...

CVE-2020-7910

JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role...

CVE-2020-7910

JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role...

X (Formerly Twitter): Twitter Source Label allow 'mongolian vowel separator' U+180E (app name)

Summary: Twitter app-names which are shown in the Tweet source label are supposed to be unique and because of that they must not include invisible unicode characters. However, you can use the mongolian vowel separator in these app-name, which allows to fake a app-name. Description: Every tweet ha...

CVE-2020-7998

An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service...

CVE-2020-7998

An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service...

CVE-2020-7998

An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service...

CVE-2020-3131

A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service DoS condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to...