Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

81 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2023/12/14 7:22 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Liberty for Java for IBM Cloud

Summary There are vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM Liberty for Java for IBM Cloud. This product has addressed the applicable CVE. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code t...

9.8CVSS8.2AI score0.944EPSS
Exploits19
IBM Security Bulletins
IBM Security Bulletinsadded 2023/07/06 6:4 p.m.32 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud due to April 2023 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. The CVEs listed in this document might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you...

9.1CVSS8.6AI score0.02108EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2023/05/02 6:19 p.m.27 views

Security Bulletin: IBM Liberty for Java for IBM Cloud is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary There is a vulnerability in the Apache Commons FileUpload library used by IBM Liberty for Java for IBM Cloud with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. This has been addressed in the remediation section. Vulnerability Details...

7.5CVSS7.8AI score0.339EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2023/03/09 3:38 p.m.36 views

Security Bulletin: IBM Liberty for Java for IBM Cloud is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)

Summary There is a vulnerability in the Apache CXF library used by IBM Liberty for Java for IBM Cloud with the jaxws-2.2 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a flaw in...

9.8CVSS9.3AI score0.00103EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2023/01/10 6:48 p.m.33 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects Liberty for Java for IBM Cloud due to the October 2022 CPU plus CVE-2022-3676

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. The CVEs listed in this document might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you...

6.5CVSS6.3AI score0.00341EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2022/10/27 2:55 a.m.32 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to a Denial of Service due to Neko HTML (CVE-2022-24839)

Summary There is a vulnerability in the Neko HTML library used by Liberty for Java for IBM Cloud with the openid-2.0 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-24839 DESCRIPTION: Sparkle Motion Nokogiri is vulnerable to a denial of service, caused by a...

7.5CVSS7.5AI score0.00454EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2022/10/07 5:40 p.m.28 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to Identity Spoofing (CVE-2022-22475)

Summary Liberty for Java for IBM Cloud is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Op...

6.5CVSS6.1AI score0.00086EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2022/10/07 4:9 p.m.47 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud due to July 2022 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code usin...

5.9CVSS7AI score0.00438EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2022/10/07 4:9 p.m.13 views

Security Bulletin: Vulnerability in IBM® Java SDK affects Liberty for Java for IBM Cloud due to July 2022 CPU plus deferred CVE-2021-2163

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code usin...

5.3CVSS6AI score0.00081EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2022/10/07 4:1 p.m.19 views

Security Bulletin: Man in the middle vulnerability in Liberty for Java for IBM Cloud (CVE-2014-3603)

Summary There is a man in the middle vulnerability in WebSphere Application Server Liberty. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2014-3603 DESCRIPTION: The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4....

5.9CVSS5.5AI score0.00104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2022/10/07 4:1 p.m.59 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud October 2021 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code usin...

9.8CVSS8.9AI score0.00675EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2022/10/07 4:1 p.m.76 views

Security Bulletin: Vulnerability in Apache CXF affects Liberty for Java for IBM Cloud(CVE-2019-12406)

Summary There is a denial of service in the Apache CXF library used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID:CVE-2019-12406 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by the failure to restrict the number of message attachment...

6.5CVSS6.5AI score0.04134EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2022/10/07 4:1 p.m.26 views

Security Bulletin: Vulnerability in Hibernate Validator affects Liberty for Java for IBM Cloud (CVE-2020-10693)

Summary There is a vulnerability in the Hibernate Validator library used by WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2020-10693 DESCRIPTION: Hibernate Hibernate Validator could allow a remote attacker to bypass security restrictions, caused by a flaw in the message...

5.3CVSS6.6AI score0.00094EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2022/10/07 4:1 p.m.30 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Summary There are multiple vulnerabilities in the swagger-ui library used by Liberty for Java for IBM Cloud with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0, openapi-3.0 or the openapi-3.1 feature enabled. These vulnerabilities could allow spoofing attacks or clickjacking...

6.1CVSS5.5AI score0.8042EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2022/10/07 4:1 p.m.59 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud due to April 2022 CPU (minus CVE-2022-21426)

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code usin...

5.3CVSS6.7AI score0.00109EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2022/10/07 4:1 p.m.11 views

Security Bulletin: Vulnerability in Apache MyFaces affects Liberty for Java for IBM Cloud (CVE-2021-26296)

Summary There is a vulnerability in the Apache MyFaces library used by WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2021-26296 DESCRIPTION: Apache MyFaces is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an...

7.5CVSS7.2AI score0.00321EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2022/10/07 4:1 p.m.12 views

Security Bulletin: A vulnerability in IBM® Java SDK affects Liberty for Java for IBM Cloud CVE-2021-35561 (deferred from Oracle Jul 2021 CPU)

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code using the IBM...

5.3CVSS6.3AI score0.00176EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2022/10/07 4:1 p.m.13 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2021-20492)

Summary There is an XML External Entity Injection XXE vulnerablility in IBM WebSphere Application Server Liberty used in Liberty for Java for IBM Cloud. This does not occur in the default configuration, it occurs when batchManagement-1.0 is configured. Vulnerability Details CVEID:CVE-2021-20492...

8.2CVSS7.2AI score0.00304EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletinsadded 2022/10/07 4:1 p.m.20 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to an Information Disclosure (CVE-2022-22310)

Summary Liberty for Java for IBM Cloud is vulnerable to an Information Disclosure. This has been addressed. Vulnerability Details CVEID:CVE-2022-22310 DESCRIPTION: IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker...

6.5CVSS6.1AI score0.00242EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2022/10/07 4:1 p.m.36 views

Security Bulletin: A vulnerability may affect IBM® SDK, Java™ Technology Edition used in Liberty for Java for IBM Cloud (CVE-2020-2590)

Summary CVE-2020-2590 was disclosed in the Oracle January 2020 Critical Patch Update. Vulnerability Details CVEID:CVE-2020-2590 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact...

3.7CVSS5.3AI score0.00449EPSS
Exploits0Affected Software1
Rows per page
Query Builder