CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

81 matches found

IBM Security Bulletins•added 2023/12/14 7:22 p.m.•49 views

Security Bulletin: Multiple vulnerabilities in IBM Liberty for Java for IBM Cloud

Summary There are vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM Liberty for Java for IBM Cloud. This product has addressed the applicable CVE. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code t...

9.8CVSS8.2AI score0.99999EPSS

Exploits19

IBM Security Bulletins•added 2023/07/06 6:4 p.m.•34 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud due to April 2023 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. The CVEs listed in this document might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you...

9.1CVSS8.6AI score0.02474EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2023/05/02 6:19 p.m.•29 views

Security Bulletin: IBM Liberty for Java for IBM Cloud is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary There is a vulnerability in the Apache Commons FileUpload library used by IBM Liberty for Java for IBM Cloud with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. This has been addressed in the remediation section. Vulnerability Details...

7.5CVSS7.8AI score0.46836EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2023/03/09 3:38 p.m.•38 views

Security Bulletin: IBM Liberty for Java for IBM Cloud is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)

Summary There is a vulnerability in the Apache CXF library used by IBM Liberty for Java for IBM Cloud with the jaxws-2.2 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a flaw in...

9.8CVSS9.3AI score0.0193EPSS

Exploits5Affected Software1

IBM Security Bulletins•added 2023/01/10 6:48 p.m.•35 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects Liberty for Java for IBM Cloud due to the October 2022 CPU plus CVE-2022-3676

6.5CVSS6.3AI score0.02376EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/10/27 2:55 a.m.•33 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to a Denial of Service due to Neko HTML (CVE-2022-24839)

Summary There is a vulnerability in the Neko HTML library used by Liberty for Java for IBM Cloud with the openid-2.0 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-24839 DESCRIPTION: Sparkle Motion Nokogiri is vulnerable to a denial of service, caused by a...

7.5CVSS7.5AI score0.01998EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/10/07 5:40 p.m.•29 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to Identity Spoofing (CVE-2022-22475)

Summary Liberty for Java for IBM Cloud is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Op...

6.5CVSS6.1AI score0.00564EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/10/07 4:9 p.m.•51 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud due to July 2022 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code usin...

5.9CVSS7AI score0.0296EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/10/07 4:9 p.m.•14 views

Security Bulletin: Vulnerability in IBM® Java SDK affects Liberty for Java for IBM Cloud due to July 2022 CPU plus deferred CVE-2021-2163

5.3CVSS6AI score0.03566EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/10/07 4:1 p.m.•30 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Summary There are multiple vulnerabilities in the swagger-ui library used by Liberty for Java for IBM Cloud with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0, openapi-3.0 or the openapi-3.1 feature enabled. These vulnerabilities could allow spoofing attacks or clickjacking...

6.1CVSS5.5AI score0.42326EPSS

Exploits4Affected Software1

IBM Security Bulletins•added 2022/10/07 4:1 p.m.•77 views

Security Bulletin: Vulnerability in Apache CXF affects Liberty for Java for IBM Cloud(CVE-2019-12406)

Summary There is a denial of service in the Apache CXF library used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID:CVE-2019-12406 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by the failure to restrict the number of message attachment...

6.5CVSS6.5AI score0.06257EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/10/07 4:1 p.m.•13 views

Security Bulletin: Vulnerability in Apache MyFaces affects Liberty for Java for IBM Cloud (CVE-2021-26296)

Summary There is a vulnerability in the Apache MyFaces library used by WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2021-26296 DESCRIPTION: Apache MyFaces is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an...

7.5CVSS7.2AI score0.03026EPSS

Exploits3Affected Software1

IBM Security Bulletins•added 2022/10/07 4:1 p.m.•21 views

Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting that affects Liberty for Java for IBM Cloud (CVE-2020-4303, CVE-2020-4304)

Summary There is a cross-site scripting vulnerability in the OAuth, OpenID Connect and SAML features. This has been addressed. Vulnerability Details CVEID:CVE-2020-4303 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This...

6.1CVSS6AI score0.00797EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/10/07 4:1 p.m.•14 views

Security Bulletin: A vulnerability in IBM® Java SDK affects Liberty for Java for IBM Cloud CVE-2021-35561 (deferred from Oracle Jul 2021 CPU)

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code using the IBM...

5.3CVSS6.3AI score0.06468EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/10/07 4:1 p.m.•49 views

Security Bulletin: There is an information disclosure vulnerability in Liberty for Java (CVE-2020-4329)

Summary There is an information disclosure in WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive...

4.3CVSS4.3AI score0.01263EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/10/07 4:1 p.m.•38 views

Security Bulletin: A vulnerability may affect IBM® SDK, Java™ Technology Edition used in Liberty for Java for IBM Cloud (CVE-2020-2590)

Summary CVE-2020-2590 was disclosed in the Oracle January 2020 Critical Patch Update. Vulnerability Details CVEID:CVE-2020-2590 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact...

3.7CVSS5.3AI score0.03085EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/10/07 4:1 p.m.•22 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to a denial of service (CVE-2019-4720)

Summary There is a denial of service vulnerablility in WebSphere Application Server. Vulnerability Details CVEID:CVE-2019-4720 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacke...

7.5CVSS7.5AI score0.02155EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/10/07 4:1 p.m.•29 views

Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition included in Liberty for Java for IBM Cloud

Summary CVE-2020-2654 was disclosed as part of the Oracle January 2020 Critical Patch Update. Vulnerability Details CVEID:CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of...

3.7CVSS5.5AI score0.03299EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/10/07 4:1 p.m.•60 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud due to April 2022 CPU (minus CVE-2022-21426)

5.3CVSS6.7AI score0.03028EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/10/07 4:1 p.m.•20 views

Security Bulletin: Man in the middle vulnerability in Liberty for Java for IBM Cloud (CVE-2014-3603)

Summary There is a man in the middle vulnerability in WebSphere Application Server Liberty. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2014-3603 DESCRIPTION: The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4....

5.9CVSS5.5AI score0.00844EPSS

Exploits1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by