EUVD-2014-3041

Malware in sbrugna...

Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Tivoli Common Reporting (CVE-2016-3485, CVE-2016-3092, CVE-2016-0377, CVE-2016-0385, CVE-2016-5986)

Summary Embedded Websphere Application Server eWAS v7.0.x is shipped as a component of Tivoli Common Reporting TCR v2.1 and v2.1.1. The version of eWAS has been affected by multiple security vulnerabilities, as described below. Affected Products and Versions Tivoli Common Reporting 2.1 Tivoli...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Tivoli Monitoring (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Tivoli Monitoring. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: A security vulnerability has been identified in Websphere Application Server shipped with Tivoli Integrated Portal (CVE-2016-0306)

Summary Embedded Websphere Application Server eWAS is shipped as a component of Tivoli Integrated Portal. Information about a security vulnerability affecting Embedded Websphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the WAS security...

CVE-2014-3020

install.sh in the Embedded WebSphere Application Server eWAS 7.0 before FP33 in IBM Tivoli Integrated Portal TIP 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program...