Lucene search
+L

81 matches found

ibm
ibm
added 2023/12/14 7:22 p.m.53 views

Security Bulletin: Multiple vulnerabilities in IBM Liberty for Java for IBM Cloud

Summary There are vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM Liberty for Java for IBM Cloud. This product has addressed the applicable CVE. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code t...

9.8CVSS8.2AI score0.99999EPSS
Exploits19
ibm
ibm
added 2023/07/06 6:4 p.m.34 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud due to April 2023 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. The CVEs listed in this document might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you...

9.1CVSS8.6AI score0.02474EPSS
Exploits1Affected Software1
ibm
ibm
added 2023/05/02 6:19 p.m.29 views

Security Bulletin: IBM Liberty for Java for IBM Cloud is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary There is a vulnerability in the Apache Commons FileUpload library used by IBM Liberty for Java for IBM Cloud with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. This has been addressed in the remediation section. Vulnerability Details...

7.5CVSS7.8AI score0.46836EPSS
Exploits1Affected Software1
ibm
ibm
added 2023/03/09 3:38 p.m.40 views

Security Bulletin: IBM Liberty for Java for IBM Cloud is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)

Summary There is a vulnerability in the Apache CXF library used by IBM Liberty for Java for IBM Cloud with the jaxws-2.2 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a flaw in...

9.8CVSS9.3AI score0.0193EPSS
Exploits6Affected Software1
ibm
ibm
added 2023/01/10 6:48 p.m.35 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects Liberty for Java for IBM Cloud due to the October 2022 CPU plus CVE-2022-3676

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. The CVEs listed in this document might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you...

6.5CVSS6.3AI score0.02376EPSS
Exploits0Affected Software1
ibm
ibm
added 2022/10/27 2:55 a.m.33 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to a Denial of Service due to Neko HTML (CVE-2022-24839)

Summary There is a vulnerability in the Neko HTML library used by Liberty for Java for IBM Cloud with the openid-2.0 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-24839 DESCRIPTION: Sparkle Motion Nokogiri is vulnerable to a denial of service, caused by a...

7.5CVSS7.5AI score0.02114EPSS
Exploits0Affected Software1
ibm
ibm
added 2022/10/07 5:40 p.m.29 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to Identity Spoofing (CVE-2022-22475)

Summary Liberty for Java for IBM Cloud is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Op...

6.5CVSS6.1AI score0.00602EPSS
Exploits0Affected Software1
ibm
ibm
added 2022/10/07 4:9 p.m.14 views

Security Bulletin: Vulnerability in IBM® Java SDK affects Liberty for Java for IBM Cloud due to July 2022 CPU plus deferred CVE-2021-2163

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code usin...

5.3CVSS6AI score0.03566EPSS
Exploits0Affected Software1
ibm
ibm
added 2022/10/07 4:9 p.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud due to July 2022 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code usin...

5.9CVSS7AI score0.03693EPSS
Exploits0Affected Software1
ibm
ibm
added 2022/10/07 4:1 p.m.38 views

Security Bulletin: A vulnerability may affect IBM® SDK, Java™ Technology Edition used in Liberty for Java for IBM Cloud (CVE-2020-2590)

Summary CVE-2020-2590 was disclosed in the Oracle January 2020 Critical Patch Update. Vulnerability Details CVEID:CVE-2020-2590 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact...

3.7CVSS5.3AI score0.03085EPSS
Exploits0Affected Software1
ibm
ibm
added 2022/10/07 4:1 p.m.20 views

Security Bulletin: Man in the middle vulnerability in Liberty for Java for IBM Cloud (CVE-2014-3603)

Summary There is a man in the middle vulnerability in WebSphere Application Server Liberty. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2014-3603 DESCRIPTION: The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4....

5.9CVSS5.5AI score0.00844EPSS
Exploits1Affected Software1
ibm
ibm
added 2022/10/07 4:1 p.m.26 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to Identity Spoofing (CVE-2022-22476)

Summary Liberty for Java for IBM Cloud is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-22476 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0...

8.8CVSS6.9AI score0.0077EPSS
Exploits0Affected Software1
ibm
ibm
added 2022/10/07 4:1 p.m.25 views

Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect Liberty for Java for IBM Cloud (CVE-2021-33517, CVE-2021-36090)

Summary Multiple Vulnerabilities in Apache Commons Compress affect Liberty for Java for IBM Cloud. Vulnerability Details CVEID:CVE-2021-35517 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By...

7.5CVSS7.8AI score0.12945EPSS
Exploits0Affected Software1
ibm
ibm
added 2022/10/07 4:1 p.m.27 views

Security Bulletin: Vulnerability in Hibernate Validator affects Liberty for Java for IBM Cloud (CVE-2020-10693)

Summary There is a vulnerability in the Hibernate Validator library used by WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2020-10693 DESCRIPTION: Hibernate Hibernate Validator could allow a remote attacker to bypass security restrictions, caused by a flaw in the message...

5.3CVSS6.6AI score0.02294EPSS
Exploits0Affected Software1
ibm
ibm
added 2022/10/07 4:1 p.m.61 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud due to April 2022 CPU (minus CVE-2022-21426)

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code usin...

5.3CVSS6.7AI score0.03203EPSS
Exploits0Affected Software1
ibm
ibm
added 2022/10/07 4:1 p.m.25 views

Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition used in Liberty for Java

Summary CVE-2019-2949 was disclosed in the Oracle October 2019 Critical Patch Update Vulnerability Details CVEID:CVE-2019-2949 DESCRIPTION: An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting i...

6.8CVSS6.2AI score0.03603EPSS
Exploits0Affected Software1
ibm
ibm
added 2022/10/07 4:1 p.m.15 views

Security Bulletin: A vulnerability in IBM® Java SDK affects Liberty for Java for IBM Cloud CVE-2021-35561 (deferred from Oracle Jul 2021 CPU)

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code using the IBM...

5.3CVSS6.3AI score0.06468EPSS
Exploits0Affected Software1
ibm
ibm
added 2022/10/07 4:1 p.m.31 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Summary There are multiple vulnerabilities in the swagger-ui library used by Liberty for Java for IBM Cloud with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0, openapi-3.0 or the openapi-3.1 feature enabled. These vulnerabilities could allow spoofing attacks or clickjacking...

6.1CVSS5.5AI score0.42326EPSS
Exploits4Affected Software1
ibm
ibm
added 2022/10/07 4:1 p.m.15 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2021-20492)

Summary There is an XML External Entity Injection XXE vulnerablility in IBM WebSphere Application Server Liberty used in Liberty for Java for IBM Cloud. This does not occur in the default configuration, it occurs when batchManagement-1.0 is configured. Vulnerability Details CVEID:CVE-2021-20492...

8.2CVSS7.2AI score0.02071EPSS
Exploits0
ibm
ibm
added 2022/10/07 4:1 p.m.26 views

Security Bulletin: Potential spoofing attack in Liberty for Java (CVE-2020-4421)

Summary IBM WebSphere Application Server Liberty using openidConnectServer feature could allow spoofing identity by an authenticated user. This has been addressed. Vulnerability Details CVEID:CVE-2020-4421 DESCRIPTION: IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an...

5.4CVSS5.2AI score0.00621EPSS
Exploits0Affected Software1
Rows per page
Query Builder