Security Bulletin: IBM QRadar SIEM protocols are vulnerable to Security Restriction Bypass ( CVE-2020-13956)

Summary Apache HttpClient is vulnerable to Security Restriction Bypass. Attackers can potentially break security and potentially steal sensitive information. This has been addressed with an update. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote...

Apache OFBiz forgotPassword/ProgramExport RCE

Apache OFBiz versions prior to 18.12.13 are vulnerable to a path traversal vulnerability CVE-2024-32113. The vulnerable endpoint /webtools/control/forgotPassword allows an attacker to access the ProgramExport endpoint which in turn allows for remote code execution in the context of the user runni...

OPENSUSE-SU-2024:10621-1 apache-commons-httpclient-3.1-13.4 on GA media

These are all security issues fixed in the apache-commons-httpclient-3.1-13.4 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10381-1 apache-commons-httpclient-3.1-8.5 on GA media

These are all security issues fixed in the apache-commons-httpclient-3.1-8.5 package on the GA media of openSUSE Tumbleweed...

Security Bulletin: Security fixes available for The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology

Summary The IBM® Engineering System Design Rhapsody 10.0 iFix001, The IBM® Engineering System Design Rhapsody 9.0.2 iFix002 and The IBM® Engineering System Design Rhapsody 9.0.1 iFix006 contain fixes for vulnerabilities identified in the Vulnerabilities Details section. The refererred iFix versio...

RHEL 7 : httpclient (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - apache-httpclient: incorrect handling of malformed authority component in request URIs CVE-2020-13956 Note that...

RHEL 5 : jakarta-commons-httpclient (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - jakarta-commons-httpclient, httpcomponents-core: missing HTTPS connection timeout CVE-2015-5262 Note that Nessus ha...

Security Bulletin: Security fixes available for The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology

Summary The IBM® Engineering System Design Rhapsody 9.0.1 iFix006 and The IBM® Engineering System Design Rhapsody 9.0.2 iFix002 contains fixes which was identified as a vulnerability during OSS scan. These version contain upgraded version of guava-28.0-jre.jar CVE-2020-8908, httpclient-4.0.jar...

Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 269. Vulnerability Details CVEID:CVE-2024-20918 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause...

Malicious code in unity-httpclient (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0977626ba11b5a72288f3676902a548d2ea29143cc48b35243974ae95e6c68f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1061 Malicious code in unity-httpclient (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0977626ba11b5a72288f3676902a548d2ea29143cc48b35243974ae95e6c68f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

[SECURITY] Fedora 40 Update: httpcomponents-client-4.5.14-8.fc40

HttpClient is a HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It also provides reusable components for client-side authentication, HTTP state management, and HTTP connection management. HttpComponents Client is a successor of and replacement for Commons HttpClient...

GHSA-67M4-QXP3-J6HH TrueLayer.Client SSRF when fetching payment or payment provider

Impact The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to informatio...

TrueLayer.Client SSRF when fetching payment or payment provider

Impact The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to informatio...

CVE-2024-23838

TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet cou...

Information disclosure

TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet cou...

CVE-2024-23838 TrueLayer.Client SSRF when fetching payment or payment provider

TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet cou...

CVE-2024-23838

TrueLayer.NET (the .NET client for TrueLayer) has a SSRF-type issue where an attacker could manipulate the destination URL used by HttpClient in the API classes, potentially causing requests to local network resources or external destinations and leading to information disclosure. Affected: TrueL...

CVE-2024-23838 TrueLayer.Client SSRF when fetching payment or payment provider

TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet cou...

Rocky Linux 8 : maven:3.5 (RLSA-2022:1861)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1861 advisory. - Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.U...