CVE-2018-6590

CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability...

CVE-2018-6590

CA API Developer Portal 4.x (before 4.2.5.3 and before 4.2.7.1) has a reflected cross-site scripting vulnerability. Root cause described as failure to filter HTML in user input; could allow remote attacker to execute arbitrary script in the user’s browser. Remediation: upgrade to 4.2.5.3+ or 4.2....

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software (CVE-2014-4263, CVE-2014-3566, CVE-2014-3065, CVE-2014-6457)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 6, and 7 that are used by Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software. This also includes a fix for the Padding Oracle On Downgraded Legacy...

Security Bulletin: Vulnerability in Apache Commons affects Rational Developer for i, Rational Developer for AIX and Linux and Rational Developer for Power Systems Software (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by Rational Developer for i, Rational Developer for AIX and Linux and Rational Developer for Power Systems Software. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons...

Security Bulletin: Multiple vulnerabilities in modules from the IBM SDK for Node.js affect the Cordova tools packaged in Rational Developer for i Modernization Tools Java Edition and Rational Developer for AIX and Linux (CVE-2014-7191 and CVE-2014-7192)

Summary Security vulnerabilities have been discovered in the syntax-error and qs modules packaged in the IBM SDK for Node.js and Cordova platform packaged in Rational Developer for i Modernization Tools Java Edition and Rational Developer for AIX and Linux. The fix upgrades IBM SDK for Node.js to...

Security Bulletin: Man In The Middle Attack Vulnerability Affecting Rational Developer for AIX and Linux, Rational Developer for i, and Rational Developer for Power Systems Software (CVE-2014-0411)

Summary The version of the Java Runtime Environment shipped with certain versions of Rational Developer for AIX and Linux, Rational Developer for i, and Rational Developer for Power Systems Software has security vulnerabilities which affect these products. Vulnerability Details | Subscribe to My...

Security Bulletin: Buffer overflow in V8 in Node.js affects IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Under certain conditions, V8 may improperly expand memory...

Security Bulletin: IBM Developer for z Systems - Add support for TLS v1.2 with MS-CAPI in HCE

Summary IBM Developer for z Systems has added support for TLS v1.2 with MS-CAPI in the Host Connection Emulator Vulnerability Details CVEID: CVE-2017-1796 DESCRIPTION: IBM Developer for z Systems uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly...

Security Bulletin: Node.js Package Manager (npm) Bearer Token Vulnerability affects IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux (CVE-2016-3956)

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. A vulnerability in the Node Package Manager's use of HTTP bear...

Security Bulletin: Vulnerabilities in OpenSSL affect the Cordova tools in Rational Application Developer affecting Rational Developer for i and Rational Developer for AIX and Linux (CVE-2016-0701, CVE-2015-3197)

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. OpenSSL vulnerabilities were disclosed on January 28, 2016 by...

Security Bulletin: Vulnerability in Apache Commons affects Rational Business Developer (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by Rational Business Developer. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caus...

Security Bulletin: Two ReDoS vulnerabilities in modules included in the Node.js npm tool affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Two ReDoS vulnerabilities in modules included in the Node.js n...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, and 8 that are used by Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software CVE-2016-0363, CVE-2016-0376. These issues were disclosed as part of th...

Security Bulletin: Security Vulnerability in Apache Batik (CVE-2015-0250)

Summary Apache Batik could allow a remote attacker to obtain sensitive information. By persuading a victim to open a specially-crafted SVG file, an attacker could exploit this vulnerability to reveal files and obtain sensitive information. Vulnerability Details CVEID: CVE-2015-0250 DESCRIPTION:...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software. These issues were disclosed as part of the IBM Java SDK updates in...

Security Bulletin: Multiple OpenSSL and Non-OpenSSL vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. OpenSSL vulnerabilities were disclosed on September 22 and 26,...

Security Bulletin: Multiple vulnerabilities in the IBM SDK for Node.js affect the Cordova tools in Rational Application Developer affecting Rational Developer for i and Rational Developer for AIX and Linux (CVE-2016-2086, CVE-2016-2216, CVE-2015-3197)

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Security vulnerabilities have been discovered in the IBM SDK f...

Security Bulletin: Multiple OpenSSL vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Multiple OpenSSL vulnerabilities in Node.js were found on May ...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 that is used by Rational Business Developer. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017. Vulnerability Details CVEID: CVE-2016-5597 DESCRIPTION: A...

Security Bulletin: Vulnerabilities in OpenSSL affect the Cordova platform packaged with Rational Application Developer affecting Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. OpenSSL vulnerabilities were disclosed on March 19, 2015 by th...