30 matches found
CVE-2026-8180 Multiple vulnerabilities in Aspera applications.
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An unauthenticated user can cause...
Security Bulletin: Denial of Service in Logback used by Apache Zookeeper affect IBM Operations Analytics - Log Analysis (CVE-2023-6481)
Summary There is a potential denial of service in Logback that is used by Apache Zookeeper. This is caused by serialization vulnerability in Logback. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused by a serialization flaw in...
Security Bulletin: IBM InfoSphere Information Server containers are vulnerable to privilege escalation
Summary A privilege escalation vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2019-4185 DESCRIPTION: IBM InfoSphere Information Server containers are vulnerable to privilege escalation due to an insecurely configured component. CVSS Base Score:...
Security Bulletin: A Bouncy Castle vulnerability has been identified in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2023-33201)
Summary There is a potential injection vulnerability in Bouncy Castle that is used by Apache Solr and Logstash. This has been addressed Vulnerability Details CVEID:CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Package For Java bc-java could allow a remote attacker to obtain sensitive...
Security Bulletin: Multiple vulnerabilities affect Apache Solr, Apache Zookeeper and Logstash shipped with IBM Operations Analytics - Log Analysis
Summary The following security issues have been identified in Netty component included as part of Apache Solr, Apache Zookeeper and Logstash product Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of...
Security Bulletin: Potential Vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis
Summary There is a potential XXE vulnerability in Apache Solr. This has been addressed. Vulnerability Details IBM X-Force ID: 261776 DESCRIPTION: Eclipse Jetty is vulnerable to server-side request forgery, caused by improper handling of XML external entity XXE declarations by the XmlParser. By...
Security Bulletin: Missing cookie secure attribute in IBM Security Guardium Key Lifecycle Manager (CVE-2021-38977)
Summary Missing cookie secure attribute in IBM Security Guardium Key Lifecycle Manager CVE-2021-38977. Vulnerability Details CVEID: CVE-2021-38977 DESCRIPTION: IBM Tivoli Key Lifecycle Manager does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to g...
Security Bulletin: Cross-Site scripting in IBM Security Guardium Key Lifecycle Manager (CVE-2021-38982)
Summary Cross-Site scripting in IBM Security Guardium Key Lifecycle Manager CVE-2021-38982. Vulnerability Details CVEID: CVE-2021-38982 DESCRIPTION: IBM Tivoli Key Lifecycle Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony
Summary This interim fix provides instructions on upgrading Apache Tomcat from v5.5.36 to v7.0.90 in IBM Platform Symphony 6.1.1 and from v6.0.43 to v8.5.32 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerability CVE-2018-8014 in Tomcat. Vulnerability Details CVE-ID:...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by...
Cross site scripting
Cross-site scripting XSS vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter...
Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony
Summary This interim fix provides instructions on upgrading Apache Tomcat to v8.5.57 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerabilities CVE-2020-9484, CVE-2020-11996, CVE-2020-13934, and CVE-2020-13935 in Apache Tomcat. Vulnerability Details CVEID: CVE-2020-13934...
Security Bulletin: Content Spoofing vulnerability in IBM Operations Analytics - Log Analysis
Summary Content spoofing is an attack where an attacker place his/her text content in a legitimate page and misguide the legitimate application users. Vulnerability Details Third Party Entry: PSIRT-ADV0022524 DESCRIPTION: Created from Advisory: ADV0022524 CVSS Base score: 4.3 CVSS Vector:...
Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private (CVE-2018-0739,CVE-2017-17512, CVE-2018-1000122)
Summary IBM Cloud Private is vulnerable to multiple security vulnerabilities Vulnerability Details CVEID: CVE-2018-1000122 DESCRIPTION: curl could allow a remote attacker to obtain sensitive information, caused by a buffer over-read in the RTSP+RTP handling code. An attacker could exploit this...
Security Bulletin: A vulnerability in Apache Struts 2 affects IBM Platform Symphony and IBM Spectrum Symphony (CVE-2017-5638)
Summary A Security vulnerability relating to remote code execution CVE-2017-5638 S2-045 has been reported against Apache Struts 2, which IBM Platform Symphony uses as a framework for its WEBGUI service. The Struts 2 package version that is vulnerable to these issues is included in several past...
Security Bulletin: File path traversal vulnerabilities affect IBM Workload Deployer shipped with IBM SmartCloud Orchestrator (CVE-2014-6158)
Summary File path traversal vulnerabilities affect IBM Workload Deployer, which is shipped with IBM SmartCloud Orchestrator CVE-2014-6158. Vulnerability Details Consult the Security Bulletin: File path traversal vulnerabilities affect IBM Workload Deployer CVE-2014-6158 document for vulnerability...
Security Bulletin: SmartCloud Orchestrator - Multiple security vulnerabilities exist in the IBM SDK, Java™ Technology Edition (CVE-2013-5802, CVE-2013-5772, CVE-2014-0411)
Summary IBM SmartCloud Orchestrator is shipped with an IBM SDK that is based on Oracle JDK. Oracle released October 2013 and January 2014 critical patch updates CPU, which contain security vulnerability fixes. IBM SDK, Java™ Technology Edition, has been updated to include those fixes. The IBM SDK...
Security Bulletin: IBM SmartCloud Orchestrator - OpenStack Compute SSL information disclosure (CVE-2013-6491)
Summary An attacker might exploit this vulnerability using man-in-the-middle techniques to obtain sensitive information. The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl. It allows remote attackers to...
Security Bulletin: Potential Nova denial of service through compressed disk images (CVE-2013-4463, CVE-2013-4469)
Summary By using malicious compressed qcow2 disk images, an authenticated user might consume large amounts of disk space for each image. This scenario can potentially result in a Denial of Service attack on Nova compute nodes CVE-2013-4463. In the non-default case where usecowimages=False and...
Security Bulletin: SmartCloud Provisioning - Django vulnerabilities reported in May 2014 X-Force Report
Summary SmartCloud Provisioning - Django vulnerabilities reported in May 2014 X-Force Report CVE-2014-1418, CVE-2014-3730. Vulnerability Details SmartCloud Provisioning 2.3 is shipped with Open Source Django. Securities vulnerabilities have been discovered in Django, which affect SmartCloud...