Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : ESAPI vulnerabilities (USN-8181-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8181-1 advisory. Jaroslav Lobaevski discovered that ESAPI incorrectly validated directory paths during path verification. ...

Exploit for Path Traversal in Owasp Enterprise_Security_Api

Enterprise Security API for Java Legacy ================= !...

Improper Neutralization Of Special Elements

ESAPI esapi-java-legacy is vulnerable to an Improper Neutralization of Special Elements. The vulnerability is due to insufficient sanitization in the Encoder.encodeForSQL interface, where the SQL encoding logic fails to properly neutralize special characters, resulting in incomplete protection an...

Security Bulletin: Vulnerability in Enterprise Security API for Java affects IBM Process Mining WS-2023-0429

Summary There is a vulnerability in Enterprise Security API for Java that could allow an remote attacker to steal cookie-based authentication credentials on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability...

Security Bulletin: Denial of Service vulnerability affects IBM Business Automation Workflow (IBM X-Force ID 270419)

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details IBM X-Force ID: 270419 DESCRIPTION: Enterprise Security API for Java is vulnerable to a denial of service, caused by a flaw in the HTTPUtilities.getFileUploads methods. By sending a special...

Security Bulletin: Vulnerability in Enterprise Security API for Java affects IBM Process Mining - X-Force ID 270419

Summary There is a vulnerability in Enterprise Security API for Java that could allow a remote attacker to exploit this vulnerability and cause a denial of service condition.. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability...

Oracle Primavera Unifier (Oct 2022 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Document Management Apache Solr. Supported...

Missing Cryptographic Step in OWASP Enterprise Security API for Java

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protectio...

GHSA-2G56-7JV7-WXXQ Missing Cryptographic Step in OWASP Enterprise Security API for Java

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic...

Missing Cryptographic Step in OWASP Enterprise Security API for Java

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic...

DEBIAN-CVE-2022-24891

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...

UBUNTU-CVE-2022-23457

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...

CVE-2022-23457

CVE-2022-23457 affects ESAPI (OWASP Enterprise Security API) Java legacy. The default implementation of Validator.getValidDirectoryPath(String, String, File, boolean) before version 2.3.0.0 may treat the input string as a child of the specified parent directory, potentially bypassing control-flow...

CVE-2022-23457 Path Traversal in ESAPI

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...

CVE-2013-5960

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic...

CVE-2013-5679

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protectio...