CVE-2022-31619

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.13, Teamcenter V13.0 All versions V13.0.0.9, Teamcenter V13.1 All versions V13.1.0.9, Teamcenter V13.2 All versions V13.2.0.9, Teamcenter V13.3 All versions V13.3.0.3, Teamcenter V14.0 All versions V14.0.0.2. Java EE...

EUVD-2022-53071

Malicious code in bioql PyPI...

Thinkgem JeeSite 代码注入漏洞

Thinkgem JeeSite is an open source Java EE enterprise-class rapid development platform for China Zhuo Yuan Thinkgem company . The platform includes system permissions components , data permissions components , data dictionary components , core tools components , view manipulation components ,...

J2eeFAST Code Execution Vulnerability

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the small and medium-sized enterprises the best use of open source and free back-end framework platform . A code execution vulnerability exists in J2eeFAST version 2.7 and earlier versions, which stems fr...

IBM WebSphere Application Server Cross-Site Scripting Vulnerability (CNVD-2024-30215)

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM...

Fedora: Security Advisory for cdi-api (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: cdi-api-2.0.2-14.fc40

APIs for JSR-299: Contexts and Dependency Injection for Java EE...

Oracle WebLogic Server vulnerability added to CISA list as “known to be exploited”

On May 1, 2023 the Cybersecurity and Infrastructure Security Agency CISA added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies are obliged to remediate the...

SIEMENS Teamcenter Hardcoded Default Credentials Vulnerability

Teamcenter software is a modern, adaptable product lifecycle management PLM system that connects people and processes across functional silos through digital threads to enable innovation.SIEMENS Teamcenter is vulnerable to a hard-coded default credential vulnerability that originates in the Java ...

CVE-2022-31619

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.13, Teamcenter V13.0 All versions V13.0.0.9, Teamcenter V13.1 All versions V13.1.0.9, Teamcenter V13.2 All versions V13.2.0.9, Teamcenter V13.3 All versions V13.3.0.3, Teamcenter V14.0 All versions V14.0.0.2. Java EE...

Hardcoded credentials

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.13, Teamcenter V13.0 All versions V13.0.0.9, Teamcenter V13.1 All versions V13.1.0.9, Teamcenter V13.2 All versions V13.2.0.9, Teamcenter V13.3 All versions V13.3.0.3, Teamcenter V14.0 All versions V14.0.0.2. Java EE...

CVE-2022-31619

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.13, Teamcenter V13.0 All versions V13.0.0.9, Teamcenter V13.1 All versions V13.1.0.9, Teamcenter V13.2 All versions V13.2.0.9, Teamcenter V13.3 All versions V13.3.0.3, Teamcenter V14.0 All versions V14.0.0.2. Java EE...

PT-2022-20874 · Siemens · Teamcenter

Name of the Vulnerable Software and Affected Versions: Teamcenter versions prior to V12.4.0.13 Teamcenter versions prior to V13.0.0.9 Teamcenter versions prior to V13.1.0.9 Teamcenter versions prior to V13.2.0.9 Teamcenter versions prior to V13.3.0.3 Teamcenter versions prior to V14.0.0.2...

Siemens Teamcenter

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Vulnerability: Use of Hard-coded Credentials 2. UPDATE This updated advisory is a follow-up to the original advisory titled ICSA-22-167-13 Siemens Teamcenter that was...

com.butor:butor-sso (=0.9.0), org.apache.geronimo.assemblies:geronimo-jetty7-javaee5 (>=2.2 <=2.2.1) +31 more potentially affected by CVE-2014-5326 via org.directwebremoting:dwr (=3.0.M1)

org.directwebremoting:dwr MAVEN version =3.0.M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.directwebremoting:dwr and may be impacted: - com.butor:butor-sso =0.9.0 - org.apache.geronimo.assemblies:geronimo-jetty7-javaee5 =2.2, =2.2, =2.2, =2.2,...

com.butor:butor-sso (=0.9.0), org.apache.geronimo.assemblies:geronimo-jetty7-javaee5 (>=2.2 <=2.2.1) +31 more potentially affected by CVE-2014-5325 via org.directwebremoting:dwr (=3.0.M1)

org.directwebremoting:dwr MAVEN version =3.0.M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.directwebremoting:dwr and may be impacted: - com.butor:butor-sso =0.9.0 - org.apache.geronimo.assemblies:geronimo-jetty7-javaee5 =2.2, =2.2, =2.2, =2.2,...

GitHub Security Lab: [Java]: CWE-552 Add sources and sinks to detect unsafe getResource calls in Java EE applications

This bug was reported directly to GitHub Security Lab...

Apache Struts Remote Code Execution Vulnerability (CNVD-2023-02478)

A remote code execution vulnerability exists in Apache Struts, an open source web application architecture for developing Java EE web applications from the Apache Foundation, which stems from the use of mandatory OGNL evaluation in tag attributes for untrusted user input. An attacker could exploi...

File upload vulnerability exists in InforSuite AS of Shandong Zhongchuang Software Commercial Middleware Co.

InforSuite AS is an enterprise-class middleware certified as fully compatible with Jakarta EE 9, 8 and Java EE8, 7, 6. Ltd. InforSuite AS has a file upload vulnerability, which can be exploited by attackers to gain control of the server...

Apache Struts 2 Double OGNL Evaluation Vulnerability (CVE-2020-17530)

A vulnerability CVE-2020-17530 discovered last year in the Object Graph Navigation Language OGNL evaluation function of Apache Struts versions 2.0.0 – 2.5.25 can be exploited by attackers to perform remote code execution. This RCE vulnerability doesn’t come packaged with Apache struts but is...