Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2022-3517 DESCRIPTION: minimatch is vulnerable to a denial of service, caused by a regular expression denial of servi...

Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform (CVE-2020-1971)

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilityies by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function...

Security Bulletin: Information disclosure vulnerability in WebSphere Application Server - Liberty affects IBM MobileFirst Platform Foundation

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability: Information disclosure in WebSphere Application Server - Liberty Vulnerability Details CVEID: CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4...

Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server Liberty (CVE-2019-12406)

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability: Vulnerability in Apache CXF affects WebSphere Application Server Liberty Vulnerability Details CVEID: CVE-2019-12406 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by the failure to restri...

Security Bulletin: WebSphere liberty is vulnerable to a DOS (CVE-2019-4720)

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability: WebSphere liberty is vulnerable to a DOS Vulnerability Details CVEID: CVE-2019-4720 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a...

CVE-2020-4226

IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 175207...

CVE-2020-4226

IBM MobileFirst Platform Foundation 8.0.0.0 is affected by CVE-2020-4226 due to storing highly sensitive information in URL parameters, enabling potential information disclosure if URLs are exposed via server logs, referrer headers, or browser history. Root cause: sensitive data appended to URLs ...

IBM MobileFirst Platform Foundation Information Disclosure Vulnerability

IBM MobileFirst Platform Foundation is a suite of mobile application management solutions from IBM in the United States. The product is mainly used for building, managing and updating mobile applications. A security vulnerability exists in IBM MobileFirst Platform Foundation version 8.0.0.0, whic...

Security Bulletin: OpenSSL publicly disclosed vulnerability

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilityies by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2019-1552 DESCRIPTION: OpenSSL could allow a local attacker to bypass security restrictions, caused by the building of . mingw programs or...

Security Bulletin: MobileFirst Platform Foundation is affected by WebSphere Application Server Liberty is affected by Apache Commons Compress vulnerability (CVE-2019-12402)

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability.WebSphere Application Server Liberty is affected by Apache Commons Compress vulnerability Vulnerability Details CVEID: CVE-2019-12402 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service,...

Security Bulletin: Man in the middle vulnerability CVE-2014-3603 affects Websphere Liberty and OpenLiberty used by MobileFirst Platform Foundation

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability.Man in the middle vulnerability CVE-2014-3603 affects Websphere Liberty and OpenLiberty Vulnerability Details CVEID: CVE-2014-3603 DESCRIPTION: Shibboleth Identity Provider IdP and OpenSAML Java could allow a...

Security Bulletin: Information disclosure in WebSphere Application Server affects MobileFirst Platform Foundation (CVE-2019-4441)

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability: Information Disclosure in WebSphere Application Server Vulnerability Details CVEID: CVE-2019-4441 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to...

Security Bulletin: Information Disclosure in WAS Liberty affects IBM MobileFirst Platform Foundation (CVE-2019-4305)

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability: Information disclosure in WebSphere Application Server Liberty Vulnerability Details CVEID: CVE-2019-4305 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive...

Security Bulletin: Open Source Apache CXF Vulnerabilities

Summary Apache CXF is vulnerable to a denial of service. By using a specially crafted message attachment header, a remote attacker could exploit this vulnerability to cause the AX-WS and JAX-RS services stop responding. Vulnerability Details CVEID: CVE-2017-12624 DESCRIPTION: Apache CXF is...

Security Bulletin: Information disclosure of stack trace in browser window in WebSphere Application Server LIBERTY

Summary IBM Worklight has addressed the following vulnerability. Information disclosure of stack trace in browser window in WebSphere Application Server LIBERTY Vulnerability Details CVEID: CVE-2018-1553 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a remote attacker to obtain...

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation

Summary OpenSSL vulnerabilities were disclosed on APR 16, 2018 onward by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation

Summary OpenSSL vulnerabilities were disclosed on Nov 02, 2017 onward by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server Liberty Profile 8.5.5.8 shipped with IBM MobileFirst Platform Foundation 8.0.0.0(CVE-2017-1583, CVE-2011-4343)

Summary WebSphere Application Server Liberty Profile 8.5.5.8 is shipped with MobileFirst Platform Foundation 8.0.0.0. Information about a security vulnerability affecting WebSphere Application Server Liberty Profile 8.5.5.8 has been published in a security bulletin. Vulnerability Details Refer to...

Security Bulletin: Open Source Apache Cordova Android Vulnerabilities affect IBM Worklight and IBM MobileFirst Platform Foundation

Summary Apache Cordova is an open source framework for mobile development. The Cordova framework is used in all Mobile environments in IBM Workligh and IBM MobileFirst Platform Foundation but this particluar Open Source Apache Cordova vulnerability is affected only for Android platform. Affected...

Security Bulletin: Multiple Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Worklight and IBM MobileFirst Platform Foundation

Summary IBM WebSphere Application Server Liberty vulnerabilities have been disclosed by IBM WebSphere Application Server Liberty . IBM WebSphere Application Server Liberty is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have...