81 matches found
Security Bulletin: A vulnerability in IBM® Java SDK affects Liberty for Java for IBM Cloud CVE-2021-35561 (deferred from Oracle Jul 2021 CPU)
Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code using the IBM...
Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
Summary There are multiple vulnerabilities in the swagger-ui library used by Liberty for Java for IBM Cloud with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0, openapi-3.0 or the openapi-3.1 feature enabled. These vulnerabilities could allow spoofing attacks or clickjacking...
Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2021-20492)
Summary There is an XML External Entity Injection XXE vulnerablility in IBM WebSphere Application Server Liberty used in Liberty for Java for IBM Cloud. This does not occur in the default configuration, it occurs when batchManagement-1.0 is configured. Vulnerability Details CVEID:CVE-2021-20492...
Security Bulletin: Potential spoofing attack in Liberty for Java (CVE-2020-4421)
Summary IBM WebSphere Application Server Liberty using openidConnectServer feature could allow spoofing identity by an authenticated user. This has been addressed. Vulnerability Details CVEID:CVE-2020-4421 DESCRIPTION: IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an...
Security Bulletin: There is an information disclosure vulnerability in Liberty for Java (CVE-2020-4329)
Summary There is an information disclosure in WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive...
Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to an Information Disclosure (CVE-2022-22310)
Summary Liberty for Java for IBM Cloud is vulnerable to an Information Disclosure. This has been addressed. Vulnerability Details CVEID:CVE-2022-22310 DESCRIPTION: IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2020 - Includes Oracle Apr 2020 CPU minus CVE-2020-2773 affects Liberty for Java for IBM Cloud
Summary Multiple Vulnerabilities in IBM® Java SDK affect Liberty for Java April 2020 CPU. Vulnerability Details CVEID:CVE-2020-2805 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system...
Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition included in Liberty for Java for IBM Cloud
Summary CVE-2020-2654 was disclosed as part of the Oracle January 2020 Critical Patch Update. Vulnerability Details CVEID:CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of...
Security Bulletin: IBM Java XML vulnerability affects Liberty for Java for IBM Cloud due to CVE-2022-21299 deferred from Oracle Jan 2022 CPU
Summary CVE-2022-21299 was disclosed as part of the Oracle January 2022 Critical Patch Update and it affects Liberty for Java for IBM Cloud. Vulnerability Details CVEID:CVE-2022-21299 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated...
Security Bulletin:Liberty for Java for IBM Cloud is vulnerable to Information Disclosure (CVE-2021-29842)
Summary IBM WebSphere Application Server Liberty is vulnerable to Information Exposure. Vulnerability Details CVEID:CVE-2021-29842 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a...
Security Bulletin: Man in the middle vulnerability in Liberty for Java for IBM Cloud (CVE-2014-3603)
Summary There is a man in the middle vulnerability in WebSphere Application Server Liberty. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2014-3603 DESCRIPTION: The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4....
Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting that affects Liberty for Java for IBM Cloud (CVE-2020-4303, CVE-2020-4304)
Summary There is a cross-site scripting vulnerability in the OAuth, OpenID Connect and SAML features. This has been addressed. Vulnerability Details CVEID:CVE-2020-4303 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2020 - Includes Oracle Oct 2020 CPU minus CVE-2020-14781 and CVE-2020-14782 affects Liberty for Java for IBM Cloud
Summary Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java October 2020 CPU. Vulnerability Details CVEID:CVE-2020-14792 DESCRIPTION: An unspecified vulnerability in Java SE related to the Hotspot component could allow an unauthenticated attacker to cause low confidentiality impact,...
Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud
Summary Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud including January 2021 CPU, and deferred CVEs from Oracle April 2020 CPU and October 2020 CPU. Vulnerability Details CVEID:CVE-2020-14803 DESCRIPTION: An unspecified vulnerability in Java SE could allow an...
Security Bulletin: Vulnerability in Apache MyFaces affects Liberty for Java for IBM Cloud (CVE-2021-26296)
Summary There is a vulnerability in the Apache MyFaces library used by WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2021-26296 DESCRIPTION: Apache MyFaces is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an...
Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to a denial of service (CVE-2019-4720)
Summary There is a denial of service vulnerablility in WebSphere Application Server. Vulnerability Details CVEID:CVE-2019-4720 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacke...
Security Bulletin: Vulnerability in Apache CXF affects Liberty for Java for IBM Cloud(CVE-2019-12406)
Summary There is a denial of service in the Apache CXF library used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID:CVE-2019-12406 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by the failure to restrict the number of message attachment...
Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud due to January 2022 CPU plus deferred CVE-2021-35550 and CVE-2021-35603
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code usin...
Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect Liberty for Java for IBM Cloud (CVE-2021-33517, CVE-2021-36090)
Summary Multiple Vulnerabilities in Apache Commons Compress affect Liberty for Java for IBM Cloud. Vulnerability Details CVEID:CVE-2021-35517 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By...
Security Bulletin: Multiple vulnerabilities in HTTP/2 implementation used by Liberty for Java for IBM Cloud
Summary There are multiple vulnerabilities in the HTTP/2 implementation that is used by WebSphere Application Server Liberty. This affects the servlet-4.0 and servlet-3.1 features. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2019-9515 DESCRIPTION: Some HTTP/2...