EUVD-2009-2734

Malware in sbrugna...

Security Bulletin: VMware Tanzu Spring Framework is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMWare Tanzu Spring Framework which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framewo...

Security Bulletin: Vulnerabilities in Java and WLP affects IBM Cloud Application Business Insights

Summary Vulnerabilities in Java and WLP affects IBM Cloud Application Business Insights Vulnerability Details CVEID:CVE-2021-20492 DESCRIPTION: IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection XXE attack when processing XML...

Security Bulletin: Vulnerability with RSA Export Keys may affect IBM HTTP Server and WebSphere EDGE Caching Proxy (CVE-2015-0138)

Summary The "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability CVE-2015-0138 may affect some configurations of IBM HTTP Server for WebSphere Application Server and IBM WebSphere EDGE caching proxy. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A...

Security Bulletin: Vulnerability in SSLv3 affects IBM Security Network Intrusion Prevention System (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Security Network Intrusion Prevention System. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacke...

Security Bulletin: NTP vulnerability in Network Intrusion Prevention System (CVE-2013-5211)

Summary Security vulnerabilities have been discovered in the NTP component of IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2013-5211 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an error in the monlist feature in ntprequest.c. By sending a...

Security Bulletin: IBM MQ Appliance is affected by an OpenSSL vulnerability (CVE-2021-3712)

Summary IBM MQ Appliance has resolved an OpenSSL vulnerability Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attack...

Security Bulletin: Apache CXF vulnerability identified in IBM Tivoli Application Dependency Discovery Manager (CVE-2020-13954)

Summary This security bulletin addresses the vulnerability in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager. Vulnerability Details CVEID: CVE-2020-13954 DESCRIPTION: Apache CXF is vulnerable to cross-site scripting, caused by improper validation of...

Security Bulletin: Multiple Oracle Database Server Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform

Summary Multiple Oracle Database server security vulnerabilities affect IBM Emptoris Strategic Supply Management Platform. Vulnerability Details CVEID: CVE-2021-2245 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Unified Audit...

Security Bulletin: Vulnerabilities in Websphere Liberty server (WLP) affects IBM Cloud Application Business Insights

Summary Vulnerabilities in Websphere Liberty server WLP affects IBM Cloud Application Business Insights Vulnerability Details CVEID: CVE-2020-4590 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is...

Security Bulletin: IBM MQ Appliance is affected by libxml2 vulnerabilities (CVE-2019-19956, CVE-2019-20388, CVE-2020-7595)

Summary IBM MQ Appliance has resolved libxml2 vulnerabilities. Vulnerability Details CVEID: CVE-2019-19956 DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c. By persuading a victim to open a specially crafted file,...

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in Pacemaker

Summary Multiple vulnerabilities were identified in the Pacemaker component that is bundled with IBM MQ Advanced for use by replicated data queue managers RDQM. Vulnerability Details CVEID: CVE-2018-16878 DESCRIPTION: Pacemaker is vulnerable to a denial of service, caused by an insufficient...

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service vulnerability (CVE-2020-4376)

Summary IBM MQ Appliance has resolved a denial of service vulnerability. Vulnerability Details CVEID: CVE-2020-4376 DESCRIPTION: IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM...

Security Bulletin: Multiple vulnerabilities in IBM MQ Appliance (CVE-2020-4025 and CVE-2020-4203)

Summary IBM MQ Appliance has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-4205 DESCRIPTION: IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Business Service Manager (CVE-2020-4362)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Business Service Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing

Summary Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing Vulnerability Details CVEID: CVE-2020-4230 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 11.1 and 11.5 is vulnerable to an escalation of privilege when an...

Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-15756)

Summary Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager. Vulnerability Details CVE-ID: CVE-2018-15756 Description: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the...

Security Bulletin: IBM DataPower Gateway is affected by a vulnerability in Kerberos (CVE-2017-11462)

Summary IBM DataPower Gateway has addressed the following vulnerability: CVE-2017-11462 Vulnerability Details CVEID: CVE-2017-11462 DESCRIPTION: A double free vulnerability in MIT Kerberos 5 aka krb5 has an unknown impact and attack vector involving automatic deletion of security contexts on erro...

Security Bulletin: Secure values are recoverable via REST API (CVE-2019-4232)

Summary IBM UrbanCode Deploy could allow an authenticated user to obtain sensitive values from the REST API that could be used in further attacks against the system. Vulnerability Details CVEID: CVE-2019-4232 DESCRIPTION: IBM UrbanCode Deploy could allow an authenticated user to obtain sensitive...

Security Bulletin: Plugins can be uploaded to IBM UrbanCode Deploy without Authentication (CVE-2017-1749)

Summary A directory traversal attack can be used to upload new versions of a plugin, altering UCD deployments. Vulnerability Details CVEID: CVE-2017-1749 DESCRIPTION: IBM UrbanCode Deploy could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter...