Security Bulletin: Open Source Apache CXF Vulnerabilities

Summary Apache CXF is vulnerable to a denial of service. By using a specially crafted message attachment header, a remote attacker could exploit this vulnerability to cause the AX-WS and JAX-RS services stop responding. Vulnerability Details CVEID: CVE-2017-12624 DESCRIPTION: Apache CXF is...

Security Bulletin: Information disclosure of stack trace in browser window in WebSphere Application Server LIBERTY

Summary IBM Worklight has addressed the following vulnerability. Information disclosure of stack trace in browser window in WebSphere Application Server LIBERTY Vulnerability Details CVEID: CVE-2018-1553 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a remote attacker to obtain...

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation

Summary OpenSSL vulnerabilities were disclosed on APR 16, 2018 onward by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation

Summary OpenSSL vulnerabilities were disclosed on Nov 02, 2017 onward by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...

Security Bulletin: IBM MobileFirst Platform Foundation is vulnerable to cross-site scripting (CVE-2017-1772)

Summary A security vulnerability is found in Application Center component of the product IBM MobileFirst Platform Foundation Vulnerability Details CVEID: CVE-2017-1772 DESCRIPTION: IBM Worklight is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server Liberty Profile 8.5.5.8 shipped with IBM MobileFirst Platform Foundation 8.0.0.0(CVE-2017-1583, CVE-2011-4343)

Summary WebSphere Application Server Liberty Profile 8.5.5.8 is shipped with MobileFirst Platform Foundation 8.0.0.0. Information about a security vulnerability affecting WebSphere Application Server Liberty Profile 8.5.5.8 has been published in a security bulletin. Vulnerability Details Refer to...

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation

Summary OpenSSL vulnerabilities were disclosed on Dec 16, 2016 by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...

Security Bulletin: Open Source Apache Cordova Android Vulnerabilities affect IBM Worklight and IBM MobileFirst Platform Foundation

Summary Apache Cordova is an open source framework for mobile development. The Cordova framework is used in all Mobile environments in IBM Workligh and IBM MobileFirst Platform Foundation but this particluar Open Source Apache Cordova vulnerability is affected only for Android platform. Affected...

Security Bulletin: Reflected XSS in IBM Worklight OAuth Server Web Api

Summary A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework. The vulnerable parameter is "scope", if you set as value a "realm"; not defined in authenticationConfig.xml you get an HTTP 403 Forbidden response...

Security Bulletin: Multiple Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Worklight and IBM MobileFirst Platform Foundation

Summary IBM WebSphere Application Server Liberty vulnerabilities have been disclosed by IBM WebSphere Application Server Liberty . IBM WebSphere Application Server Liberty is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have...

Security Bulletin: Vulnerabilities in OpenSSL affect MobileFirst Quality Assurance

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by MobileFirst Quality Assurance. MobileFirst Quality Assurance has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a...

Security Bulletin: Vulnerability in Apache Cordova affects IBM MobileFirst Platform Foundation (CVE-2015-5256)

Summary An Apache Cordova Vulnerability for improper application of whitelist restrictions on Android was addressed by IBM MobileFirst Platform Foundation. Android applications created using Apache Cordova that use a remote server contain a vulnerability where whitelist restrictions are not...

Security Bulletin: Vulnerability in Apache Cordova affects IBM MobileFirst Platform Foundation (CVE-2015-8320)

Summary An Apache Cordova Vulnerability for weak randomization was addressed by IBM MobileFirst Platform Foundation. Vulnerability Details CVEID: CVE-2015-8320 DESCRIPTION: Apache Cordova Android could allow a remote attacker to bypass security restrictions, caused by weak randomization of...

Security Bulletin: GNU C library (glibc) vulnerability affects IBM MobileFirst Quality Assurance (CVE-2015-7547)

Summary A GNU C library glibc stack-based buffer overflow in getaddrinfo vulnerability affects IBM MobileFirst Quality Assurance. Vulnerability Details CVEID: CVE-2015-7547 DESCRIPTION: GNU C Library glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196)

Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3194...

Security Bulletin: Vulnerability in Apache Commons affects IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Worklight and IBM MobileFirst Platform Foundation. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrar...

Security Bulletin: Vulnerability in Apache Cordova affects IBM Worklight, IBM Mobile Foundation and IBM MobileFirst Platform Foundation (CVE-2015-5204)

Summary Apache Cordova File Transfer Plugin for Android is vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will all...

Security Bulletin: Vulnerability in Apache Cordova affects IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2015-1835)

Summary An Apache Cordova vulnerability was disclosed May 26, 2015. Apache Cordova is used by IBM Worklight and IBM MobileFirst Platform Foundation. Android applications built with the Cordova framework might allow a remote attacker to cause arbitrary commands to be executed in the application. I...

Security Bulletin: Vulnerabilities in Dojo Toolkit affect IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2014-8917)

Summary There are cross-site scripting vulnerabilities in the Dojo Toolkit that is used by IBM Worklight and IBM MobileFirst Platform Foundation. Vulnerability Details CVEID: CVE-2014-8917 DESCRIPTION: IBM Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2014-3570, CVE-2014-3572, CVE-2015-0204)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes the vulnerability that has been referred to as “FREAK”. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation when the optional FIPS 140-2 data-in-motion feature is enabled o...