Security Bulletin: A security vulnerability in Node.js vm2 module affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js vm2 module affects IBM Cloud Automation Manager. Vulnerability Details CVEID:CVE-2021-23555 DESCRIPTION: Node.js vm2 module could allow a remote attacker to execute arbitrary code on the system, caused by a sandbox bypass flaw during generation of a...

Security Bulletin: A security vulnerability in Node.js follow-redirects module affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js follow-redirects module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2022-0536 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by a leakage of the...

Security Bulletin: A security vulnerability in golang affects IBM Cloud Automation Manager

Summary A security vulnerability in golang affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-44717 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by an error in the syscall.ForkExec interface. By causing the erroneous closing...

Security Bulletin: A security vulnerability in Node.js node-forge module affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js node-forge module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2022-0122 DESCRIPTION: Node.js node-forge could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could...

Security Bulletin: Multiple Eclipse Jetty Vulnerabilities Affect IBM Sterling Secure External Authentication Server

Summary Three Eclipse Jetty vulnerabilities were addressed by IBM Sterling Secure External Authentication Server. Vulnerability Details CVE-ID: CVE-2019-10241 Description: Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServl...

Security Bulletin: Vulnerabilities in Django affect SmartCloud Provisioning (CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483)

Summary Vulnerabilities found in Django as per August 2014 X-Force report CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483 affect SmartCloud Provisioning 2.3. SmartCloud Provisioning 2.3 is shipped with Django. Securities vulnerabilities have been discovered in Django that may affect...

Security Bulletin: Content Classification is affected by Open Source Apache Xerces-C XML parser Vulnerability (CVE-2016-0729)

Summary Content Classification is affected by Open Source Apache Xerces-C XML parser Vulnerability. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and error...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Content Classification (CVE-2016-0494, CVE-2016-0466 and CVE-2016-0603)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6.0 that is used by IBM Content Classification. These vulnerabilities have different impacts and different levels of risk. Vulnerability Details CVEID: CVE-2016-0494 DESCRIPTION: An unspecifie...

Cross site scripting

Cross-site scripting XSS vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On ISAM ESSO 8.2 allows remote attackers to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form...

CVE-2013-5421

Cross-site scripting XSS vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On ISAM ESSO 8.2 allows remote attackers to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form...