CVE-2024-25146

Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the...

Security Bulletin: [All] Spring Framework (Publicly disclosed vulnerability)

Summary In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. This effects ITN...

Security Bulletin: [All] Spring Framework - CVE-2021-22096 (Publicly disclosed vulnerability)

Summary In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This effects ITNCM version 6.4.2. Vulnerability Details CVEID:CVE-2021-22096 DESCRIPTION:...

CVE-2021-33327

The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibilit...

CVE-2021-33322

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, password reset tokens are not invalidated after a user changes their password, which allows remote attackers to change the user’s password via the old password reset tok...

Security Bulletin: Libxml2 vulnerabilities affect IBM SmartCloud Entry (CVE-2015-1819)

Summary IBM SmartCloud Entry is vulnerable to several libxml2 vulnerabilities. Remote attackers can exploit them to consume all available memory resources. Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injecti...

Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS Liberty vulnerability

Summary Rational Asset Analyzer RAA has addressed the following vulnerability: IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. Vulnerability Details CVEID: CVE-2018-1553...

IBM DB2 8.1 < Fix Pack 18 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 8.1 running on the remote host is affected by one or more of the following issues : - A local attacker may be able to gain write access to an arbitrary file using DAS, which could lead to gaining root privileges. IZ34149 - It may be possible t...