Rocky Linux 8 : maven:3.6 (RLSA-2022:1860)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1860 advisory. - Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.U...

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-34981 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain...

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities

Summary IBM Cognos Dashboards on Cloud Pak for Data 4.7.3 resolves vulnerabilities reported in the Node.js February 2023 CVE-2023-23918, CVE-2023-23920, CVE-2023-24807, CVE-2023-23936, CVE-2023-23919 and June 2023 CVE-2023-30588, CVE-2023-30589 Security Releases as well as vulnerabilities in Pyth...

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient have affected IBM Jazz Reporting Service

Summary IBM Jazz Reporting Service is vulnerable to Apache HttpClient vulnerabilities described in220912, CVE-2020-13956. The fix includes httpclient-4.5.jar upgraded to httpclient-4.5.13.jar Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker t...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : HttpClient vulnerability (USN-5239-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5239-1 advisory. It was discovered that HttpClient mishandled certain input. An attacker could use this vulnerability to cause a crash or possibly execute...

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to jna-platform, ant, httpclient, http-cache-semantics

Summary Vulnerabilities in jna-platform, ant, httpclient, http-cache-semantics such as remote attacker to obtain sensitive information, denial of service, remote attacker to bypass security restrictions may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node....

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient have affected IBM Jazz Reporting Service

Summary IBM Jazz Reporting Service is vulnerable to Apache HttpClient vulnerabilities described in220912, CVE-2020-13956. The fix includes httpclient-4.5.jar upgraded to httpclient-4.5.13.jar Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker t...

Security Bulletin: Multiple Vulnerabilities in Apache HttpClient, HttpComponents and HttpCommons affect IBM Engineering Lifecycle Optimization - Publishing

Summary There are multiple vulnerabilities in Apache HttpClient, HttpComponents and HttpCommons libraries. This has been addressed. Vulnerability Details CVEID:CVE-2015-5262 DESCRIPTION: Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection...

TOTOLINK Wireless Routers Remote Command Execution Exploit

Multiple TOTOLINK network products contain a command injection vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the command parameter. After exploitation, an attacker will have full access with the same user privileges under...

LG Simple Editor Remote Code Execution Exploit

This Metasploit module exploits broken access control and directory traversal vulnerabilities in LG Simple Editor software for gaining code execution. The vulnerabilities exist in versions of LG Simple Editor prior to v3.21. By exploiting this flaw, an attacker can upload and execute a malicious...

LG Simple Editor Remote Code Execution

This Metasploit module exploits broken access control and directory traversal vulnerabilities in LG Simple Editor software for gaining code execution. The vulnerabilities exist in versions of LG Simple Editor prior to v3.21. By exploiting this flaw, an attacker can upload and execute a malicious...

Security Bulletin: There is a vulnerability in Apache Commons HttpClient used by IBM Maximo Asset Management (CVE-2012-5783)

Summary There is a vulnerability in Apache Commons HttpClient used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could allow a remote attacker ...

The vulnerability of the Apache HttpClient client module allows a perpetrator to gain unauthorized access to protected data or to modify, add, or delete protected data.

The vulnerability of the Apache HttpClient client module is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected data or to modify, add, or delete protected data...

RaspAP Unauthenticated Command Injection

RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running...

Rudder Server SQLI Remote Code Execution

This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform CDP. The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may le...

Security Bulletin:IBM TRIRIGA Application Platform discloses Apache HttpClient vulnerability (CVE-2020-13956)

Summary Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security...

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to security bypass due to Apache HttpClient (CVE-2020-13956)

Summary Vulnerability in Apache HttpClient library shipped with IBM Sterling Global Mailbox has been addressed. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed...

Security Bulletin: Vulnerabilities in httpclient library affects IBM Engineering Test Management (ETM) (CVE-2020-13956)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the imprope...

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient and Jackson-mapper have affected IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines

Summary IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines is vulnerable to Apache HttpClient and jackson-mapper as described in 220912, CVE-2020-13956, CVE-2019-10202, CVE-2019-10172. The fix includes upgrading required libraries to latest version...

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient and Jackson-mapper have affected IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines

Summary IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines is vulnerable to Apache HttpClient and jackson-mapper as described in 220912, CVE-2020-13956, CVE-2019-10202, CVE-2019-10172. The fix includes upgrading required libraries to latest version...