Security Bulletin: Multiple vulnerabilities in multiple dependencies affect IBM MessageGateway/ MessageSight

Summary There are multiple vulnerabilities in Liberty, IBM Runtime Environment Java Version 8.0, Dojo and OpenSSL used by IBM MessageGateway/ MessageSight Vulnerability Details CVEID:CVE-2022-21365 DESCRIPTION: An unspecified vulnerability in Java SE related to the ImageIO component could allow a...

Security Bulletin: Vulnerabilities in Java affect IBM WIoTP MessageGateway (CVE-2021-213)

Summary There is a vulnerabilities in Java that affects IBM WIoTP MessageGateway. Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high...

Security Bulletin: Vulnerabilities in openSSL and WebSphere Liberty affect IBM WIoTP MessageGateway (CVE-2022-22476 CVE-2019-11777 CVE-2022-22475 CVE-2022-2097 CVE-2022-2068 CVE-2022-1292)

Summary There is a vulnerabilities in OpenSSL and WebSphere Liberty that affect IBM WIoTP MessageGateway. Vulnerability Details CVEID:CVE-2022-2097 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by improper encryption of data by the AES OCB mode for...

Security Bulletin: A vulnerability in Liberty affects IBM WIoTP MessageGateway (CVE-2021-29842)

Summary There is a vulnerability in Liberty that affects IBM WIoTP MessageGateway. Vulnerability Details CVEID: CVE-2021-29842 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a differenc...

Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-2021-3711)

Summary MessageGateway has addressed the following vulnerabilityies by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2021-3711 DESCRIPTION: OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVPPKEYdecrypt function within implementation of th...

Security Bulletin: IBM MessageSight/MessageGateway is affected by the following WebSphere Application Server vulnerability

Summary IBM MessageSight/MessageGateway has addressed the following WebSphere Application Server vulnerability: CVE-2019-4046: IBM WebSphere Application Server is vulnerable to a denial of service, caused by improper handling of request headers Vulnerability Details CVEID: CVE-2019-4046...

Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-2021-3712)

Summary MessageGateway has addressed the following vulnerabilityies by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageGateway

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8.0 used by IBM MessageGateway. Vulnerability Details CVEID: CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to take control of...

Security Bulletin: A vulnerability in IBM WebSphere Liberty affects IBM WIoTP MessageGateway

Summary There is a Dojo vulnerability in IBM WebSphere Liberty that affects IBM WIoTP MessageGateway. Vulnerability Details CVEID: CVE-2020-5258 DESCRIPTION: Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By injecting other...

Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-CVE-2021-3449)

Summary MessageGateway has addressed the following vulnerability by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a specially...

Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-2020-1971)

Summary MessageGateway has addressed the following vulnerabilityies by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an EDIPARTYNAM...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageGateway (CVE-2020-14803, CVE-2020-27221)

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8.0 used by IBM MessageGateway These issues were disclosed as part of the IBM Java SDK updates in January, 2021. Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified vulnerability in Java SE coul...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM MessageGateway (CVE-2020-14781)

Summary There is a vulnerability in IBM Runtime Environment Java Version 8.0 used by IBM MessageGateway. This issue was disclosed as part of the IBM Java SDK updates in October, 2020. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

Security Bulletin: OpenSSL publicly disclosed vulnerabilities affect MessageGateway (CVE-2021-23841 CVE-2021-23840)

Summary MessageGateway has addressed the following vulnerabilities by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM MessageGateway

Summary There is a vulnerability in IBM Runtime Environment Java Version 8.0 used by IBM MessageGateway. This issue was disclosed as part of the IBM Java SDK updates in October, 2020. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageGateway (CVE-2020-14797, CVE-2020-14779, CVE-2020-14796)

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8.0 used by IBM MessageGateway These issues were disclosed as part of the IBM Java SDK updates in October, 2020. Vulnerability Details CVEID: CVE-2020-14797 DESCRIPTION: An unspecified vulnerability in Java SE...

Security Bulletin: OpenLDAP publicly disclosed vulnerabilities affects MessageGateway (CCVE-2020-36230, CVE-2020-36229)

Summary MessageGateway has addressed the following vulnerabilityies by updating the version of OpenLDAP. Vulnerability Details CVEID: CVE-2020-36230 DESCRIPTION: OpenLDAP is vulnerable to a denial of service, caused by an assertion failure in the X.509 DN parsing in decode.c bernextelement. By...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageGateway

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8.0 used by IBM MessageGateway These issues were disclosed as part of the IBM Java SDK updates in Month, Year. Vulnerability Details CVEID: CVE-2020-14556 DESCRIPTION: An unspecified vulnerability in Java SE relate...

Security Bulletin: Multiple vulnerabilities in jQuery affect IBM WIoTP MessageGateway (CVE-2020-11023, CVE-2020-11022)

Summary There are multiple vulnerabilities in jQuery that affect IBM WIoTP MessageGateway. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could...

Security Bulletin: Multiple Vulnerabilities in jQuery affect IBM WIoTP MessageGateway

Summary There are multiple vulnerabilities in jQuery that affect IBM WIoTP MessageGateway. Vulnerability Details Third Party Entry: 180875 DESCRIPTION: jQuery cross-site scripting CVSS Base score: 6.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180875 for the...