2004 matches found
CVE-2018-13439
The CVE-2018-13439 entry affects WXPayUtil in the WeChat Pay Java SDK, where the WXPayUtil class is vulnerable to XML External Entity (XXE) attacks via a merchant notification URL. The connected documents confirm XXE exploitation risk and describe the underlying issue as improper XML processing t...
CVE-2018-13439
WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Agile Lifecycle Manager
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 Service Refresh 5 Fix Pack 10 and earlier releases used by IBM Agile Lifecycle Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2018. Vulnerability Details If you run your own...
XXE in WeChat Pay SDK
Background “Mobile payments surge to $9 trillion a year, changing how people shop, borrow—even panhandle”, as WSJ.com once reported. As a payment security researcher, I occasionally found a perilous problem about WeChat Pay which I think may be esay to make use of. Therefore, I hope to be able to...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems, AIX-based, and Windows-based deployments for IBM PureApplication System
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7, used by the OS Images for IBM PureApplication System. Java 7 is used by IBM Base OS images. These issues were disclosed as part of the IBM Java SDK updates in April 2018. IBM OS Image for Red Hat Lin...
Security Bulletin: Vulnerability in IBM® Java SDK affects IBM SPSS Analytic Server (CVE-2018-2602, CVE-2018-2634)
Summary An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors, and could cause low confidentiality impact, low integrity impact, and low availability...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7, used by the IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK updates in April 2018 and the following vulnerabilities have been addressed. Vulnerability Details CVEI...
Spoofing Vulnerability
The Azure IoT Device Provisioning AMQP Transport library is vulnerable to spoofing due to improper validation of certificates over the AMQP protocol. The vulnerability affects C SDK, C SDK and Java SDK...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director.
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 that is used by IBM Systems Director. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017. Vulnerability Details CVEID: CVE-2016-5546 DESCRIPTION: An unspecified...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer used in IBM Business Process Manager
Summary There are vulnerabilities in IBM SDK Java™ Technology Edition that is used by IBM Integration Designer in IBM Business Process Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2018. Vulnerability Details CVEID: CVE-2018-2633 DESCRIPTION: An unspecified...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer used in IBM Business Process Manager
Summary There are vulnerabilities in IBM SDK Java™ Technology Edition that is used by IBM Integration Designer in IBM Business Process Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2018. Vulnerability Details CVEID: CVE-2018-2783 DESCRIPTION: An unspecified...
Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Storwize V7000 Unified (CVE-2015-0488, CVE-2015-2808, CVE-2015-1916, and CVE-2015-0204)
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Storwize V7000 Unified. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID: CVE-2015-0488 DESCRIPTION: An unspecified...
Security Bulletin: Vulnerability in IBM Java SDK affect IBM SONAS (CVE-2015-2808)
Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SONAS. This issue was disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS...
Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server shipped with IBM Security Key Lifecycle Manager April 2018 CPU
Summary There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager. Vulnerability Details Please consult the security bulletin...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Algo One - Core
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0.10.15 and earlier and 8.0.5.7 and earlier and IBM® Runtime Environment Java™ Version 7.0.10.15 and earlier and 8.0.5.7 and earlier used by IBM Algo One - Core. These issues were disclosed as part of the I...
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects Liberty for Java for IBM Cloud April 2018 CPU
Summary There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in April 2018. These may affect some configurations of IBM WebSphere Application Server...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum LSF Analytics
Summary There are multiple vulnerabilities in IBM®Runtime Environment Java™Version 7 used by IBM Spectrum LSF Analytics. These issues were disclosed as part of the IBM Java SDK updates in April 2018 Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with this...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in April 2018. Vulnerability Details CVEID: CVE-2018-2800 DESCRIPTION: An unspecified vulnerability in Oracle Jav...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions, Version 6 Service Refresh 16 Fix Pack 55 and earlier releases used by IBM Platform Symphony 6.1.1, Version 7 Service Refresh 10 Fix Pack 15 and earlier releases used by IBM Platform Symphony 7.1 Fix Pack 1,...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, 7.1, and 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in January 2018. Vulnerability Details CVEID: CVE-2018-2639 DESCRIPTION: An unspecified vulnerability relat...