29 matches found
EUVD-2014-0935
Malware in sbrugna...
EUVD-2011-3106
Malware in sbrugna...
EUVD-2011-1327
Malware in sbrugna...
EUVD-2015-0159
Malware in sbrugna...
EUVD-2010-4557
Malware in sbrugna...
EUVD-2006-2433
Malware in sbrugna...
Security Bulletin: The IBM® Engineering Lifecycle Management products recommendation for IBM WebSphere Application Server Liberty vulnerability to Identity Spoofing (CVE-2022-22475)
Summary On applications on IBM WebSphere Application Server Liberty, an authenticated user could use a brute force attack to extract an encryption key from LTPA token and through a series of involved steps could conduct an attack whereby they replace their user name with that of another user in t...
Security Bulletin: Possible security exposure with WebSphere Application Server with WS-Security enabled applications using LTPA tokens (PM43585/PM43792/PM45181)
Summary There is a possible security exposure when using WS-Security resulting in a user gaining elevated privileges. This impacts applications using either JAX-WS and JAX-RPC. Vulnerability Details WebSphere Application Server could provide weaker than expected security when using web services...
CVE-2015-0121
IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation RDNG 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management RM session upon LTPA token...
Design/Logic Flaw
IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation RDNG 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management RM session upon LTPA token...
CVE-2015-0121
IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation RDNG 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management RM session upon LTPA token...
CVE-2015-0121
CVE-2015-0121 affects IBM Rational Requirements Composer (RRC) versions 3.0–3.0.1.6 and 4.0–4.0.7, and Rational DOORS Next Generation (RDNG) 4.0–4.0.7 and 5.0–5.0.2. When WebSphere Application Server uses LTPA single sign-on, the RM session is not terminated after LTPA token expiration, allowing ...
CVE-2014-0905
IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
Session fixation
IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2014-0905
The vulnerability CVE-2014-0905 affects IBM InfoSphere BigInsights Console (Versions 2.0–2.1.2). The root cause is that the LTPA cookie does not set the Secure attribute in HTTPS sessions, allowing a man‑in‑the‑middle to intercept potentially sensitive cookies transmitted over non-HTTP (insecure)...
CVE-2014-0905
IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
Design/Logic Flaw
The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway TFIMBG 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit JDK class, which might allow attackers to bypass...
CVE-2011-3138
The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway TFIMBG 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit JDK class, which might allow attackers to bypass...
CVE-2011-3138
The CVE affects IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 prior to 6.2.0.9 and TFIMBG 6.2.0 prior to 6.2.0.9, where the LTPA STS module relies on a static instance of a JDK class. This static/non-thread-safe usage could allow bypass of LTPA token signature verification. The issue is tied...
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 01 - March 2011
The host is running IBM WebSphere Application Server and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbibmwasmultvulnmar1101.nasl 7044 2017-09-01 11:50:59Z teissa $ IBM WebSphere Application Server WAS Multiple Vulnerabilities 01 - March 2011 Authors: Sooraj KS Copyright...