Security Bulletin: Multiple vulnerabilities in IBM Infosphere Optim Data Growth for Oracle E-Business Suite (CVE-2013-0577, CVE-2013-0579, CVE-2013-0580)

Abstract Multiple vulnerabilities exist in the Optim E-Business Console that can allow an attacker to view sensitive information, perform actions as an impersonated legitimate user, or upload, modify or delete web pages or scripts on the server. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-057...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affects Optim Data Growth, Test Data Management and Application Retirement

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 and IBM® Runtime Environment Java™ Version 8 used by Optim Data Growth, Test Data Management, and Application Retirement. These issues were disclosed as part of the IBM Java SDK updates in January, April and Ju...

Security Bulletin: A Vulnerability in IBM Java Runtime Affects Optim Data Growth, Test Data Management and Application Retirement

Summary There is a vulnerabilitiy in IBM® Runtime Environment Java™ Version 6 and IBM® Runtime Environment Java™ Version 8 used by Optim Data Growth, Test Data Management and Application Retirement. This issue was disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Detail...

Security Bulletin: Multiple Vulnerabilites in IBM Java Runtime Affect Optim Data Growth, Test Data Management and Application Retirement

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 used by Optim Data Growth, Test Data Management and Application Retirement. These issues were disclosed as part of the IBM Java SDK updates in January 2017. Vulnerability Details If you run your own Java code...

CVE-2013-2956

SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2013-2954

The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack...

CVE-2013-2953

IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate...

CVE-2013-2959

The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not provide an encrypted session for transmitting login credentials, which allows remote attackers to obtain sensitive information by sniffing the network...

Sql injection

SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

Design/Logic Flaw

The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not provide an encrypted session for transmitting login credentials, which allows remote attackers to obtain sensitive information by sniffing the network...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, related to a stored XSS issue...

CVE-2013-2954

The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack...

CVE-2013-2956

SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2013-2953

IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate...

CVE-2013-2954

CVE-2013-2954 affects IBM InfoSphere Optim Data Growth for Oracle E-Business Suite (versions 6.0–9.1). The IBM bulletin documents an inadequate account lockout: the Optim E-Business Console login page does not limit consecutive incorrect authentication attempts, enabling potential brute-force acc...

CVE-2013-2953

CVE-2013-2953 affects IBM InfoSphere Optim Data Growth for Oracle E-Business Suite (versions 6.x–9.x) prior to 9.1.0.3. The issue is use of the MD5 algorithm for X.509 certificate signatures, which can enable MITM-style certificate spoofing. The IBM Flash/PR describes the vulnerability and notes ...

CVE-2013-2955

Cross-site scripting XSS vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, related to a stored XSS issue...

CVE-2013-2955

The CVE-2013-2955 entry is supported by IBM’s Security Bulletin for IBM InfoSphere Optim Data Growth for Oracle E-Business Suite (versions 6.0–9.1 affected). Description: Stored Cross-Site Scripting via a crafted URL could cause an authenticated user to have their browser execute arbitrary script...