Xxe

Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity XXE attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML SNAPSHOT versions are being resolved...

CVE-2022-41967 Improper Restriction of XML External Entity Reference in Dragonfly

Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity XXE attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML SNAPSHOT versions are being resolved...

CVE-2022-41967 Improper Restriction of XML External Entity Reference in Dragonfly

Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity XXE attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML SNAPSHOT versions are being resolved...

PT-2022-26190 · Dragonfly · Dragonfly

Name of the Vulnerable Software and Affected Versions: Dragonfly version 0.3.0-SNAPSHOT Description: The issue concerns a Java runtime dependency management library that does not configure DocumentBuilderFactory to prevent XML external entity XXE attacks. This can be avoided by not trying to...

Security Bulletin: Vulnerability (CVE-2021-2163) in IBM Java Runtime affects CICS Transaction Gateway Desktop Editon

Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway Desktop Editon. The fix removes vulnerability CVE-2021-2163 that could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. Vulnerability Details...

Security Bulletin: Vulnerability (CVE-2021-2163) in IBM Java Runtime affects CICS Transaction Gateway

Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway. The fix removes vulnerability CVE-2021-2163 that could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. Vulnerability Details CVEID:CVE-2021-2163...

Security Bulletin: Vulnerabilities (CVE-2022-21541 and CVE-2022-21540 ) in IBM Java Runtime affects CICS Transaction Gateway

Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway. The fix removes vulnerabilities CVE-2022-21541 and CVE-2022-21540 that can allow an unauthenticated attacker to obtain sensitive information. Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweig...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtim...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 7 and 8 and IBM® Runtime Environment Java™ Version 7 and 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVE. This issue was disclosed as part of the IBM Java SD...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.5.25 used by IBM Cloud Transformation Advisor. IBM Cloud Transformation Advisor has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in March 2019. Vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.5.20 used by IBM Cloud Transformation Advisor. IBM Cloud Transformation Advisor has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in October 2018. Vulnerabilit...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.5.25 used by IBM Cloud Transformation Advisor. IBM Cloud Transformation Advisor has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in April 2019. Vulnerability...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2022-3676)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass securit...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2021-41041)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-41041 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass securi...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime may affect Tivoli Netcool Performance Manager for Wireless.

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 & 8 used by Tivoli Netcool Performance Manager for Wireless. Tivoli Netcool Performance Manager for Wireless has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates ti...

Security Bulletin: A vulnerability in IBM Java Runtime used by the IBM Installation Manager and IBM Packaging Utility - CVE-2021-2163

Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVE and we recommend updating to the latest version to remediate...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Express (CVE-2014-4244, CVE-2014-4263)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Cognos Express. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEID: CVE-2014-4263 DESCRIPTION: An unspecified vulnerability related to the...

Security Bulletin: The Java version bundled with IBM Cognos Express is susceptible to unspecified vulnerabilities in the Java Runtime Environment (JRE) (CVE-2012-0498 and CVE-2012-5081)

Summary The version of Java included with IBM Cognos Express has a reported vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D CVE-2012-0498 and allows remote attackers to affect availability CVE-2012-5081...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Planning Analytics and IBM Planning Analytics Workspace

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics and IBM Planning Analytics Workspace. There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Planning Analytics and IBM Planning Analytics Workspace. The...