23 matches found
CVE-2026-3676
IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced...
IBM Cloud APM 安全漏洞
IBM Cloud APM is an application performance monitoring and operations analysis platform provided by the American multinational company IBM. There are security vulnerabilities in the IBM Cloud APM Base Private 8.1.4 version and the IBM Cloud APM Advanced Private 8.1.4 version. These vulnerabilitie...
EUVD-2020-25966
Malware in sbrugna...
Security Bulletin: Multiple vulnerabilities in Akka affect IBM Application Performance Management products.
Summary Akka actor jar is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2017-1000034 DESCRIPTION: Akka could allow a remote attacker to execute arbitrary code on the system, caused by a Java...
Security Bulletin: Multiple vulnerabilities in Apache POI affect IBM Application Performance Management products
Summary Apache POI is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2017-12626 DESCRIPTION: Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG...
Security Bulletin: Multiple vulnerabilities in Lightbend Spray spray-json affect IBM Application Performance Management products.
Summary Lightbend Spray spray-json is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2018-18854 DESCRIPTION: Lightbend Spray spray-json is vulnerable to a denial of service, caused by an error during the parsing of many JSON object fields. By sending a...
Security Bulletin: Multiple vulnerabilities in Apache Xerces2 Java XML Parser affect IBM Application Performance Management products
Summary Apache Xerces2 Java XML Parser is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to open a...
Security Bulletin: Multiple vulnerabilities in Apache Commons IO affect IBM Application Performance Management products
Summary Apache Commons IO is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An...
Security Bulletin: Due to use of, IBM Application Performance Management is vulnerable to a local authenticated attacker to obtain sensitive information.
Summary Google Guava is used within IBM Application Performance Management. CVE-2023-2976. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default temporary directory...
Security Bulletin: Multiple vulnerabilities in hadoop-mapreduce-client-core-2.7.3.jar affect IBM Application Performance Management products
Summary There are multiple vulnerabilities in hadoop-mapreduce-client-core-2.7.3.jar used by IBM Application Performance Management. IBM Applicatoon Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2017-3166 DESCRIPTION: Apache Hadoop could allow a remote...
Security Bulletin: Multiple vulnerabilities in hadoop-hdfs-2.7.3.jar affect IBM Application Performance Management products
Summary There are multiple vulnerabilities in hadoop-hdfs-2.7.3.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2018-11768 DESCRIPTION: Apache Hadoop is vulnerable to a denial of service,...
Security Bulletin: Multiple vulnerabilities in gson-2.2.4.jar affect IBM Application Performance Management products
Summary There are multiple vulnerabilities in gson-2.2.4.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused b...
Security Bulletin: IBM Performance Management is affected by multiple vulnerabilities in IBM Websphere Application Server (CVE-2021-39031, CVE-2022-22393, and CVE-2022-22476)
Summary Multiple vulnerabilities in IBM Websphere Application Server - Liberty could allow a remote autheticated attacker to conduct an LDAP injection; issue a request to obtain the status of HTTP/HTTPS ports; and/or use a specially crafted request. Details are described in CVE-2021-39031,...
Security Bulletin: Multiple vulnerabilities in IBM Websphere Application Server affect the IBM Performance Management product
Summary Multiple vulnerabilities in IBM Websphere Application Server - Liberty could allow a remote attacker to exploit them to cause a denial of service condition against services that use Compress' zip package. IBM Performance Management has addressed the applicable CVEs. Vulnerability Details...
CVE-2020-4719
The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861...
Authorization
The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861...
CVE-2020-4725
CVE-2020-4725 affects IBM Cloud APM (IBM Monitoring) 8.1.4. An authenticated user can modify HTML content via a specially crafted HTTP request to the APM UI, potentially misleading another user. Root cause: UI content modification without proper access segregation. Impact is limited to HTML conte...
Security Bulletin: A vulnerability in Netty affects the IBM Performance Management product (CVE-2019-16869)
Summary Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual whitespaces before the colon in HTTP headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and...
Security Bulletin: A vulnerability in IBM Websphere Application Server affects the IBM Performance Management product (CVE-2019-4304)
Summary A vulnerability in IBM Websphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM Performance Management has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-4304 DESCRIPTION: IBM...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Performance Management. IBM Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2604 DESCRIPTION: An unspecified vulnerability in Java SE could allow an...