Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM for JDK related to the JSSE component...

CVE-2022-42118

A Cross-site scripting XSS vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the tag parameter...

CVE-2022-28978

Stored cross-site scripting XSS vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject...

Security Bulletin: IBM Tivoli Network Manager is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2019-1757)

Summary Apache log4j V1 is used by IBM Tivoli Network Manager as part of its logging infrastructure. This fix removed Apache log4j V1CVE-2019-1757 Vulnerability Details CVEID:CVE-2019-17571 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by...

Security Bulletin: IBM Tivoli Network Manager is vulnerable to XML external entity (XEE) attacks due to FasterXML (CVE-2020-25649)

Summary FasterXML Jackson Databind, used by IBM Tioli Network Manager,contains a flaw where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity. The library has been...

Security Bulletin: IBM Tivoli Network Manager is vulnerable to information disclosure attacks due to vulnerabilities in Eclipse Jetty (CVE-2021-28169)

Summary Eclipse Jetty libraries jetty-io, jetty-client, jetty-http, jetty-util used by IBM Tivoli Network Manager, in versions = 9.4.40, = 10.0.2, = 11.0.2 , it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For...

Security Bulletin: Apache Commons as used by IBM Tivoli Network Manager is vulnerable to denial of service (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090)

Summary When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. Vulnerability Details CVEID: CVE-2021-355...

IBM WebSphere Application Server 7.0 < Fix Pack 15 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 before Fix Pack 15 appears to be running on the remote host. As such, it is reportedly affected by the following vulnerabilities : - A double free error in BBOOORBR control block could trigger a denial of service condition. PM17170 - A cross-site scripting...

IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 before Fix Pack 15 appears to be running on the remote host. As such, it is reportedly affected by the following vulnerabilities : - There is an as-yet unspecified security exposure in wsadmin PK45726. - Sensitive information might appear in plaintext in the...