Malicious code in mobilefirst (npm)

The package mobilefirst was found to contain malicious code...

MAL-2025-26558 Malicious code in mobilefirst (npm)

The package mobilefirst was found to contain malicious code...

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not lim...

Security Bulletin: Due to use of Apache Commons IO, IBM MobileFirst Foundation is vulnerable to Uncontrolled Resource Consumption (CVE-2024-47554)

Summary Apache Commons IO is used by IBM MobileFirst Foundation as part of file handling operations. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively...

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2024-22243 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caus...

Security Bulletin: Due to use of Netty, IBM® MobileFirst Platform is vulnerable to a denial of service.

Summary Netty is used by IBM® MobileFirst Platform. CVE-2023-34462 Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel during the TLS handshake the SniHandler class. By sending a...

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is vulnerable to a denial of service, caused by stack-based buffer overflow. By...

Security Bulletin: OpenSSL publicly disclosed vulnerabilities affect IBM® MobileFirst Platform

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilities by updating the version of OpenSSL Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly, or use any of the OpenSS...

Security Bulletin: IBM® MobileFirst Platform is vulnerable to CVE-2023-24998

Summary IBM Websphere® Liberty is the stack on top of which the MobileFirst runtime is hosted. The Liberty version 19.0.0.5 that is packaged with the MobileFirst Platform is impacted by the vulnerability described in CVE-2023-24998. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache...

Security Bulletin: Multiple vulnerabilities found in third party libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM® MobileFirst Platform

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilities by updating the version of OpenSSL Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA...

Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2022-3517 DESCRIPTION: minimatch is vulnerable to a denial of service, caused by a regular expression denial of servi...

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2020-17521 DESCRIPTION: Apache Groovy could allow a local authenticated attacker to obtain sensitive information,...

Security Bulletin: IBM® MobileFirst Platform on Red Hat® OpenShift® is vulnerable to Http Header injection due to IBM WebSphere® Liberty version used (CVE-2022-34165)

Summary IBM Websphere Liberty is the stack on top of which the MobileFirst runtime is hosted. The Liberty version that is packaged with the MobileFirst Platform on RHOS uses an older Liberty version 19.0.0.5 which is impacted by the vulnerability described in CVE-2022-34165 Vulnerability Details...

Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform Foundation

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability by updating the version of OpenSSL Vulnerability Details CVEID: CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By...

Security Bulletin: OpenSSL (Publicly disclosed vulnerability)

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2021-4160 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squari...

Security Bulletin: Mobilefirst is affected by a log4j vulnerability (CVE-2021-4104)

Summary A vulnerability in the Apache Log4j open source library has been reported in CVE-2021-4104. The version of log4j bundled within MFP 8.0 is 1.x and hence impacted by vulnerability CVE-2021-4104. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote...

Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform (CVE-2020-1971)

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilityies by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function...

Security Bulletin: Multiple Vulnerabilities in jQuery fixed in Mobile Foundation ( CVE-2020-11023, CVE-2020-11022)

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability: Multiple Vulnerabilities in jQuery Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option...

Security Bulletin: Information disclosure vulnerability in WebSphere Application Server - Liberty affects IBM MobileFirst Platform Foundation

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability: Information disclosure in WebSphere Application Server - Liberty Vulnerability Details CVEID: CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4...