13 matches found
Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable poi-ooxml-3.9.jar
Summary Atlas eDiscovery Process Management is affected by a vulnerable poi-ooxml-3.9.jar. Hence poi-ooxml-3.9.jar upgraded to poi-ooxml-4.0.jar to fix vulnerabilities. Vulnerability Details CVEID:CVE-2017-5644 DESCRIPTION: Apache POI is vulnerable to a denial of service, cause by an XML External...
Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces_2.9.0.v201101211617-4.8.0.jar
Summary Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces2.9.0.v201101211617-4.8.0.jar. Hence org.apache.xerces2.9.0.v201101211617-4.8.0.jar upgraded to org.apache.xerces2.12.2.v201101211617-4.8.0.jar to fix vulnerabilities. Vulnerability Details CVEID:CVE-2012-088...
Security Bulletin: Atlas eDiscovery Process Management(6.0.1.x and 6.0.2.x versions) is affected by a vulnerable Apache Commons Beanutils in WebSphere Application Server
Abstract This Fix Readme includes instructions to upgrading the Apache Commons Beanutils jar to v1.9.4 for Atlas eDiscovery Process Management6.0.1.x and 6.0.2.x versions Content PSIRT details: PRID: PVR0203016, Advisory ADV0020809 - Apache Commons Beanutils Vulnerability CVEID: CVE-2019-10086 CV...
Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable to Apache Commons Beanutils in WebSphere Application Server
Summary In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the...
Security Bulletin: IBM Atlas eDiscovery Process Management vulnerable to SQL injection.
Summary Atlas eDiscovery Process Management has addressed vulnerablility due to SQL injection, where a remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. Vulnerability Details CVEID:...
Security Bulletin: IBM Atlas eDiscovery Process Management vulnerable to cross-site scripting.
Summary Atlas eDiscovery Process Management has addressed cross-site scripting vulnerability, which allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Due to this...
Security Bulletin: IBM Atlas eDiscovery Process Management vulnerable to unsafe third-party links.
Summary Atlas eDiscovery Process Management has addressed the following vulnerability: An authenticated attacker could obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. The third-party links with target="blank" attribute and no rel="noopener noreferrer"...
Security Bulletin: OpenSource Apache Taglibs Vulnerability affects Atlas Policy Suite (CVE-2015-0254)
Summary Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection XXE error when processing XML data. Vulnerability Details CVEID: CVE-2015-0254 DESCRIPTION: Apache Standard Taglibs could allow a remote attacker to...
IBM Atlas eDiscovery Process Management Cross-Site Scripting Vulnerability
IBM Atlas eDiscovery Process Management helps attorneys, paralegals, and evidence supervisors rigorously and logically manage legal evidence retention workflows. A cross-site scripting vulnerability exists in IBM Atlas eDiscovery Process Management 6.0.3. The vulnerability can be exploited to emb...
CVE-2017-1356
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683...
IBM Atlas eDiscovery Process Management SQL Injection Vulnerability
IBM Atlas eDiscovery Process Management is a product within the Information Lifecycle Governance solution from IBM USA that is used to help attorneys, paralegals, and evidence supervisors rigorously and logically manage legal evidence retention workflows. A SQL injection vulnerability exists in I...
CVE-2013-6334
IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite aka Atlas Policy Suite do not properly validate...
CVE-2013-6321
SQL injection vulnerability in IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite aka Atlas Policy Suit...