33 matches found
EUVD-2017-10516
Malware in sbrugna...
EUVD-2020-25476
Malware in sbrugna...
EUVD-2017-10788
Malware in sbrugna...
EUVD-2013-5231
Malware in sbrugna...
Security Bulletin: Session is not invalidated After Logout
Summary IBM Worklight/MobileFoundation has addressed the following vulnerability.The application does not invalidate the validation cookie when the user logs out from the application Vulnerability Details CVEID: CVE-2020-4229 DESCRIPTION: IBM Worklight does not properly invalidate session cookies...
Security Bulletin: User Credentials submitted using GET method
Summary IBM Worklight/MobileFoundation has addressed the following vulnerability. User Credentials submitted using GET method Vulnerability Details CVEID: CVE-2020-4226 DESCRIPTION: IBM WorkLight stores highly sensitive information in URL parameters. This may lead to information disclosure if...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation
Summary OpenSSL vulnerabilities were disclosed on 30 October 2018 and later by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVE-ID:...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation
Summary OpenSSL vulnerabilities were disclosed on APR 16, 2018 onward by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation
Summary OpenSSL vulnerabilities were disclosed on Nov 02, 2017 onward by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...
Security Bulletin: Open Source Apache Cordova Android Vulnerabilities affect IBM Worklight and IBM MobileFirst Platform Foundation
Summary Apache Cordova is an open source framework for mobile development. The Cordova framework is used in all Mobile environments in IBM Workligh and IBM MobileFirst Platform Foundation but this particluar Open Source Apache Cordova vulnerability is affected only for Android platform. Affected...
Security Bulletin: Reflected XSS in IBM Worklight OAuth Server Web Api
Summary A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework. The vulnerable parameter is "scope", if you set as value a "realm"; not defined in authenticationConfig.xml you get an HTTP 403 Forbidden response...
Security Bulletin: Multiple Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Worklight and IBM MobileFirst Platform Foundation
Summary IBM WebSphere Application Server Liberty vulnerabilities have been disclosed by IBM WebSphere Application Server Liberty . IBM WebSphere Application Server Liberty is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196)
Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3194...
Security Bulletin: Vulnerability in Apache Commons affects IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2015-7450)
Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Worklight and IBM MobileFirst Platform Foundation. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrar...
Security Bulletin: Vulnerability in Apache Cordova affects IBM Worklight, IBM Mobile Foundation and IBM MobileFirst Platform Foundation (CVE-2015-5204)
Summary Apache Cordova File Transfer Plugin for Android is vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will all...
Security Bulletin: Vulnerability in Apache Cordova affects IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2015-1835)
Summary An Apache Cordova vulnerability was disclosed May 26, 2015. Apache Cordova is used by IBM Worklight and IBM MobileFirst Platform Foundation. Android applications built with the Cordova framework might allow a remote attacker to cause arbitrary commands to be executed in the application. I...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2014-3570, CVE-2014-3572, CVE-2015-0204)
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes the vulnerability that has been referred to as “FREAK”. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation when the optional FIPS 140-2 data-in-motion feature is enabled o...
Security Bulletin: Vulnerabilities in Dojo Toolkit affect IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2014-8917)
Summary There are cross-site scripting vulnerabilities in the Dojo Toolkit that is used by IBM Worklight and IBM MobileFirst Platform Foundation. Vulnerability Details CVEID: CVE-2014-8917 DESCRIPTION: IBM Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of...
Security Bulletin: Vulnerability in SSLv3 affects IBM Worklight (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Worklight. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information,...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Worklight (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568)
Summary OpenSSL vulnerabilities along with SSL 3 Fallback protection TLSFALLBACKSCSV were disclosed on October 15, 2014 by the OpenSSL Project. OpenSSL is used by the optional FIPS 140-2 data-in-motion feature in IBM Worklight. IBM Worklight has addressed the applicable CVEs and included the SSL...