21 matches found
Security Bulletin: Vulnerability found in Eclipse Jetty may affect IBM Enterprise Records
Summary IBM Enterprise Records may be affected by vulnerability found in Eclipse Jetty that could allow a remote authenticated attacker to obtain sensitive information. Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to obtain...
Security Bulletin: IBM Content Navigator eFormPlugin is vulnerable to a denial of service attack (CVE-2022-40159, CVE-2022-40160)
Summary IBM Content Navigator eFormPlugin is vulnerable to a DoS attack. IBM Content Navigator has addressed the vulnerability as described below. CVE-2022-40159, CVE-2022-40160. Vulnerability Details CVEID: CVE-2022-40159 DESCRIPTION: JXPath is vulnerable to a denial of service, caused by a...
Security Bulletin: Vulnerability found in Apache Xalan Java XSLT library may affect IBM Enterprise Records
Summary IBM Enterprise Records may be affected by vulnerability found in Apache Xalan Java XSLT library. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrary code on the system, caused by an integer truncatio...
Security Bulletin: Vulnerability found in Eclipse Jetty may affect IBM Enterprise Records
Summary IBM Enterprise Records may be affected by vulnerability found in Eclipse Jetty. Vulnerability Details CVEID:CVE-2021-28165 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could...
Security Bulletin: Vulnerability found in Eclipse Jetty may affect IBM Enterprise Records
Summary IBM Enterprise Records may be affected by vulnerability found in Eclipse Jetty. Vulnerability Details CVEID:CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted reques...
Security Bulletin: IBM FileNet Records Manager/IBM InfoSphere Enterprise Records/IBM Enterprise Records Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)
Abstract Java API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS: CVEID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...
Security Bulletin: Vulnerability found in Apache Log4j V1.x may affect IBM Enterprise Records
Summary IBM Enterprise Records may be affected by vulnerability found in Apache Log4j V1.x Vulnerability Details CVEID: CVE-2019-17571 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in...
Security Bulletin: Insecure Use of InnerHTML or OuterHTML in IBM Enterprise Records
Summary It also is the case that we internally create the text to go into the HTML, not an external entity. Vulnerability Details Third Party Entry: PSIRT-ADV0025107 DESCRIPTION: Created from Advisory: ADV0025107 CVSS Base score: 5.4 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N...
Security Bulletin: Dynamically constructed href attribute in IBM Enterprise Records
Summary The place where this happens is believed to be dead code, but we do not want to just start deleting things in the code without sufficient time to test. Vulnerability Details Third Party Entry: PSIRT-ADV0025106 DESCRIPTION: Created from Advisory: ADV0025106 CVSS Base score: 5.4 CVSS Vector...
Security Bulletin: Open Source Apache Struts Vulnerabilities affect IBM Enterprise Records
Summary An Apache Struts vulnerability affect IBM Enterprise Records. IBM has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-0899 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator...
Security Bulletin: Vulnerabilities in Struts v2 affect IBM Enterprise Records
Summary Struts v2 vulnerabilities affect IBM Enterprise Records has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-1181 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remot...
Security Bulletin: Flexera InstallAnywhere DLL-planting vulnerability affects IBM Enterprise Records Installers (CVE-2016-4560)
Summary InstallAnywhere generates installation executables which are vulnerable to an DLL-planting vulnerability. Vulnerability Details CVEID: CVE-2016-4560 DESCRIPTION: Flexera InstallAnywhere could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search...
Security Bulletin: IBM Enterprise Records (CVE-2014-0050)
Summary Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause the application to enter into an...
CVE-2013-6315
IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 do not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
CVE-2013-6314
Cross-site scripting XSS vulnerability in IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
Code injection
IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 do not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
CVE-2013-6315
IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 do not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
CVE-2013-6314
IBM InfoSphere Enterprise Records is affected by CVE-2013-6314: an XSS vulnerability in IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 allows remote authenticated users to inject arbitrary web script or HTML via unspecified v...
CVE-2013-6315
CVE-2013-6315 affects IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and 5.1.1 before 5.1.1.1-IER-IF003. The vulnerability stems from improper restriction of FRAME elements, enabling remote attackers to perform clickjacking via a crafted website. Impact is described as partial i...