Security Bulletin: Security vulnerability in IBM Financial Transaction Manager for SWIFT Service

Summary Cross-site scripting vulnerability in IBM Financial Transaction Manager for SWIFT Services Vulnerability Details CVEID:CVE-2022-43871 DESCRIPTION: IBM Financial Transaction Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in...

Security Bulletin: Apache PDFBox as used by IBM QRadar SIEM is vulnerable to denial of service (DOS) (CVE-2021-31811, CVE-2021-31812)

Summary Apache PDFBox as used by IBM QRadar SIEM is vulnerable to denial of service Vulnerability Details CVEID: CVE-2021-31811 DESCRIPTION: Apache PDFBox is vulnerable to a denial of service, caused by an out-of-memory exception while loading a file. By persuading a victim to open a...

Security Bulletin: PostgreSQL as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-32028, CVE-2021-32027)

Summary PostgreSQL as used by IBM QRadar SIEM is vulnerable to information disclosure Vulnerability Details CVEID: CVE-2021-32028 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a memory disclosure vulnerability when using an INSERT …...

CVE-2021-33328

Cross-site scripting XSS vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the 1...

PT-2021-20111 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.3.2 Liferay DXP versions 7.2 before fix pack 9 Description: The issue allows access to Cross-origin resource sharing CORS protected resources if the user is only authenticated using the portal session...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 and 8 used by IBM Rational ClearCase on the AIX platform. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with...

Security Bulletin: A security vulnerability has been disclosed in Expat, which is installed as part of IBM Tivoli Network Manager (CVE-2019-15903).

Summary A security vulnerability has been disclosed in the Expat library libexpat, which is installed as part of IBM Tivoli Network Manager version 4.2. Information about this vulnerability has been published in a security bulletin. Vulnerability Details CVEID: CVE-2019-15903 DESCRIPTION: libexpa...

Security Bulletin: Vulnerability in nginx affects IBM StoredIQ (CVE-2016-4450)

Summary A denial of service vulnerability was disclosed on May 31, 2016 by nginx. Nginx is used by StoredIQ. StoredIQ has addressed the applicable CVE Vulnerability Details CVE-ID: CVE-2016-4450 Description: nginx is vulnerable to a denial of service, caused by a NULL pointer dereference error in...

Security Bulletin: Multiple Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.9

Summary Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server, IBM WebSphere Application Server Hypervisor, WebSphere Application Server Liberty Profile and IBM HTTP Server. Affected Products and Versions The following IBM WebSphere Application Server Version...

IBM DB2 'REPEAT()' Heap Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37976/info IBM DB2 is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code...

IBM DB2 9.7 < Fix Pack 9 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 9.7 running on the remote host is prior to Fix Pack 9. It is, therefore, affected by one or more of the following vulnerabilities : - The included software, GSKit, contains several errors related to SSL and TLS that can result in denial of...

IBM DB2 9.5 < 9.5 Fix Pack 9 Multiple Vulnerabilities

Binary data 6347.prm...

DB2 9.5 < Fix Pack 9 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 9.5 running on the remote host is prior to Fix Pack 9. It is, therefore, affected by the following vulnerabilities : - Incorrect, world-writable file permissions are in place for the file 'NODES.REG'. IC79518 - An unspecified error can allow...

IBM DB2 9.1 < Fix Pack 9 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 9.1 running on the remote host is affected by one or more of the following issues : - The 'MODIFIED SQL DATA' table function is not dropped when a definer loses required privileges to maintain the objects. IZ46773 - A privilege escalation...

IBM WebSphere Application Server 7.0 < Fix Pack 9

IBM WebSphere Application Server 7.0 before Fix Pack 9 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - An unspecified cross-site scripting vulnerability in the Administration Console. PK97376 - An error when defining a wsadmin scripting...

IBM DB2 - &#039;REPEAT()&#039; Local Heap Buffer Overflow

source: https://www.securityfocus.com/bid/37976/info IBM DB2 is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code with elevated privileges or crash...