Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities fixed in 9.7.2.7

Summary cURL libcurl, Apache Xerces2 Java, Apache Jena, Spring Framework, json-smart-v1 and json-smart-v2 , libxml2, Apache Standard Taglibs , Apache ActiveMQ, Apache Commons Codec are identified as vulnerable components with multiple reported vulnerabilities, CVE-2022-35260, CVE-2022-42915,...

Security Bulletin: There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-1471, CVE-2023-1370 and CVE-2021-42550)

Summary There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the syste...

Security Bulletin: IBM Spectrum Conductor with json-smart-v2 is vulnerable to a denial of service

Summary IBM Spectrum Conductor with json-smart-v2 is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, ...

Security Bulletin: IBM Spectrum Symphony with json-smart-v2 is vulnerable to a denial of service

Summary IBM Spectrum Symphony with json-smart-v2 is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a...

Security Bulletin: Mutiple Vulnerabilties Affecting IBM Watson Machine Learning Accelerator

Summary IBM Watson Machine Learning Accelerator 1.2.x is vulnerable to several vulnerabilities coming from dependent compoents. These are addressed. Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input...

Security Bulletin: netplex json-smart-v2 component is vulnerable to CVE-2023-1370 is used by IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses netplex json-smart-v2 package which is vulnerable to CVE-2023-1370. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a...

Security Bulletin: Netplex json-smart-v2 is vulnerable to CVE-2023-1370 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Netplex json-smart-v2 which is vulnerable to CVE-2023-1370. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By...

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2023-28530, XFID: 212233, CVE-2022-24999, CVE-2023-28530, CVE-2023-25929)

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.2.4 FP2. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.1.7 FP7. Denial of Service DOS vulnerabilities have been addressed in Netplex json-smart-v2 CVE-2023-1370 , node.js d3-colo...

Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in netplex json-smart-v2 (CVE-2023-1370)

Summary A denial of service vulnerability in netplex json-smart-v2 used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to netplex json-smart-v2 denial of service vulnerability( CVE-2023-1370)

Summary Potential netplex json-smart-v2 denial of service vulnerability CVE-2023-1370 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is...

Security Bulletin: IBM Cloud Pak for Network Automation 2.4.6 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.4.6 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-28154 DESCRIPTION: Webpack could allow a remote attacker to bypass security restrictions, caused by the mishandling of the magic comment featu...

CVE-2021-27568

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive...

CVE-2021-27568

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive...

CVE-2021-27568

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive...

CVE-2021-27568

CVE-2021-27568 affects Netplex json-smart-v1 and json-smart-v2 (NumberFormatException uncaught), leading to potential denial of service or exposure of sensitive information when unhandled exceptions occur in the library. Connected IBM advisories confirm the vulnerability in IBM DOORS-related prod...

PT-2021-6276 · Netplex · Netplex Json-Smart-V1 +1

Name of the Vulnerable Software and Affected Versions: netplex json-smart-v1 versions through 2015-10-23 netplex json-smart-v2 versions through 2.4 Description: An issue was discovered where an exception is thrown from a function but not caught, as demonstrated by NumberFormatException. This may...