Lucene search
K

28 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:41 a.m.73 views

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not lim...

7.8CVSS8.3AI score0.46836EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/08 10:40 a.m.36 views

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is vulnerable to a denial of service, caused by stack-based buffer overflow. By...

7.5CVSS7.1AI score0.01181EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/08 10:37 a.m.59 views

Security Bulletin: OpenSSL publicly disclosed vulnerabilities affect IBM® MobileFirst Platform

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilities by updating the version of OpenSSL Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly, or use any of the OpenSS...

7.5CVSS7.2AI score0.73461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/19 5:26 p.m.76 views

Security Bulletin: Multiple vulnerabilities found in third party libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

6.9CVSS7.2AI score0.99019EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/19 4:22 a.m.40 views

Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM® MobileFirst Platform

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilities by updating the version of OpenSSL Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA...

7.5CVSS7.7AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/17 3:44 p.m.100 views

Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2022-3517 DESCRIPTION: minimatch is vulnerable to a denial of service, caused by a regular expression denial of servi...

9.8CVSS9.6AI score0.19312EPSS
Exploits39Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/26 5:1 p.m.53 views

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2020-17521 DESCRIPTION: Apache Groovy could allow a local authenticated attacker to obtain sensitive information,...

9.8CVSS10AI score0.91354EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/18 8:55 a.m.24 views

Security Bulletin: IBM® MobileFirst Platform on Red Hat® OpenShift® is vulnerable to Http Header injection due to IBM WebSphere® Liberty version used (CVE-2022-34165)

Summary IBM Websphere Liberty is the stack on top of which the MobileFirst runtime is hosted. The Liberty version that is packaged with the MobileFirst Platform on RHOS uses an older Liberty version 19.0.0.5 which is impacted by the vulnerability described in CVE-2022-34165 Vulnerability Details...

5.4CVSS5.4AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/10 6:40 p.m.19 views

Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform (CVE-2020-1971)

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilityies by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function...

5.9CVSS0.6AI score0.06968EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/27 10:38 a.m.20 views

Security Bulletin: Information disclosure vulnerability in WebSphere Application Server - Liberty affects IBM MobileFirst Platform Foundation

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability: Information disclosure in WebSphere Application Server - Liberty Vulnerability Details CVEID: CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4...

4.3CVSS0.8AI score0.01263EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/01 6:22 a.m.31 views

Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server Liberty (CVE-2019-12406)

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability: Vulnerability in Apache CXF affects WebSphere Application Server Liberty Vulnerability Details CVEID: CVE-2019-12406 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by the failure to restri...

6.5CVSS0.3AI score0.06257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/01 4:3 a.m.26 views

Security Bulletin: WebSphere liberty is vulnerable to a DOS (CVE-2019-4720)

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability: WebSphere liberty is vulnerable to a DOS Vulnerability Details CVEID: CVE-2019-4720 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a...

7.5CVSS0.5AI score0.02155EPSS
Exploits0Affected Software1
Prion
Prion
added 2020/05/27 2:15 p.m.12 views

Information disclosure

IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 175207...

5CVSS6.8AI score0.01295EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/02 4:44 p.m.27 views

Security Bulletin: IBM MobileFirst Platform Foundation susceptible to privilege escalation on Android

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability. The affected version of the InAppBrowser plugin has been upgraded. Vulnerability Details CVEID: CVE-2019-0219 DESCRIPTION: Apache Cordova could allow a remote attacker to gain elevated privileges on the system,...

9.8CVSS1.4AI score0.0783EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/02 4:40 p.m.25 views

Security Bulletin: OpenSSL publicly disclosed vulnerability

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilityies by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2019-1552 DESCRIPTION: OpenSSL could allow a local attacker to bypass security restrictions, caused by the building of . mingw programs or...

3.3CVSS0.5AI score0.00678EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/27 7:6 a.m.22 views

Security Bulletin: MobileFirst Platform Foundation is affected by WebSphere Application Server Liberty is affected by Apache Commons Compress vulnerability (CVE-2019-12402)

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability.WebSphere Application Server Liberty is affected by Apache Commons Compress vulnerability Vulnerability Details CVEID: CVE-2019-12402 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service,...

7.5CVSS0.4AI score0.16157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/26 4:4 p.m.17 views

Security Bulletin: Bypass security restrictions in WAS Liberty

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability. Bypass security restrictions in WAS Liberty . Vulnerability Details CVEID: CVE-2019-4304 DESCRIPTION: IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions...

6.5CVSS0.5AI score0.0114EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/05 11:50 a.m.49 views

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation

Summary OpenSSL vulnerabilities were disclosed on 30 October 2018 and later by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVE-ID:...

5.9CVSS0.6AI score0.17139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/10/31 2:30 p.m.26 views

Security Bulletin: Open Source Apache CXF Vulnerabilities

Summary Apache CXF is vulnerable to a denial of service. By using a specially crafted message attachment header, a remote attacker could exploit this vulnerability to cause the AX-WS and JAX-RS services stop responding. Vulnerability Details CVEID: CVE-2017-12624 DESCRIPTION: Apache CXF is...

5.5CVSS1.4AI score0.03697EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/10/12 6:0 p.m.71 views

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation

Summary OpenSSL vulnerabilities were disclosed on APR 16, 2018 onward by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...

7.5CVSS0.6AI score0.49268EPSS
Exploits0Affected Software1
Rows per page
Query Builder