MvpnExcludeDomains fails to take effect on iOS when using Citrix WebSSO micro VPN with Microsoft Endpoint Manager MAM (Intune)

Microsoft Edge or Citrix Secure Mail for iOS is configured with 'MvpnExcludeDomains'. When a user browses to a website that is listed under'MvpnExcludeDomains', the traffic is still sent through Citrix Gateway. This traffic is instead expected to be sent directly to the website not through Citrix...

CVE-2017-1095

CVE-2017-1095 affects IBM Jazz Reporting Service’s Lifecycle Query Engine (LQE). The IBM Security Bulletin reports a cross-site scripting vulnerability in JRS, enabling a user to embed arbitrary JavaScript in the Web UI and potentially disclose credentials within a trusted session. Affected produ...

CVE-2021-33517

CVE-2021-33517 and CVE-2021-36090 are vulnerabilities in Apache Commons Compress that affect IBM WebSphere Liberty (and WebSphere Liberty-based bundles) used in IBM Cloud Pak for Applications and IBM WebSphere Application Server families. The issues cause denial of service through memory-related ...

CVE-2020-4720

IBM Daeja ViewONE Professional, Standard & Virtual (5.0CD) could allow an authenticated user to obtain sensitive information from documents they should not access due to cached content exposure. Remediation: apply fixes in ViewONE Virtual 5.0.7 iFix009 or 5.0.8 iFix003. The fix relies on the cont...

CVE-2018-1687

IBM API Connect is vulnerable to a denial-of-service (CVE-2018-1687) due to a lack of rate limiting in the TCP listener. A remote attacker could launch a TCP SYN flood to exhaust CPU and memory. Affected: IBM API Connect versions 5.0.0.0–5.0.8.3. Remediation: upgrade to IBM API Connect Developer ...

CVE-2019-4524

IBM Db2 for Linux, UNIX and Windows contains CVE-2019-4524, an information-disclosure vulnerability that exposes remote storage credentials to privileged users after running LOAD or UPDATE ALERT CFG through the ADMIN_CMD() stored procedure. Affected are all fix-pack levels of Db2 V9.7, V10.1, V10...

CVE-2017-1123

CVE-2017-1123 is an escal ation of privilege in the IBM DS8000 Hardware Management Console (HMC) service interface. The IBM bulletin lists affected models (DS8880/DS8870/DS8800) and indicates affected code levels where exposure exists; a patch set CVE_1Q2018_v1.0 is available to remediate all lis...

CVE-2018-1942

IBM Emptoris Supplier Lifecycle Management (SLM) could disclose highly sensitive information via detailed error messages. Affected versions include 10.0.0.x through 10.1.3.x. Root cause: overly verbose error reporting exposing information in some features. CVSS base score reported as 5.3. Remedia...

CVE-2012-3339

CVE-2012-3339 is an XML External Entity (XXE) vulnerability in IBM InfoSphere Guardium. The issue allows remote authenticated users to obtain sensitive information, specifically via an error report that can reveal server file contents (including a database password). Affected platforms include IB...

CVE-2019-4042

IBM Sterling B2B Integrator is affected by CVE-2019-4042 through a permission-control vulnerability that could allow a user without proper permissions to access EBICS configuration using their own secure token. Affected versions are IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0. Remediation...

CVE-2019-4714

IBM InfoSphere Information Server family is affected by CVE-2019-4714, a cross-site scripting vulnerability that allows embedding arbitrary JavaScript in the Web UI and could lead to credentials disclosure within a trusted session. Affected products/versions include InfoSphere Information Server ...

CVE-2018-1527

Affected software : IBM i2 Analyst’s Notebook (Premium) versions around 9.0.8. Vulnerability : XML Entity Injection (XXE) when processing XML during import (Cellebrite, XRY, Notebook Exchange from the Import menu). Root cause : processing XML data with external entities that can call out to exter...

CVE-2019-4221

IBM Cognos Analytics is affected by CVE-2019-4221 via DOM-based link manipulation. Affected products include IBM Cognos Analytics 11.1 and 11.0. The issue allows an attacker to manipulate links in the Web UI to facilitate various attacks. remediation is to apply the provided fixes: Cognos Analyti...

CVE-2017-1399

CVE-2017-1399 affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance. The vulnerability stems from weaker-than-expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Affected IGI releases include 5.2, 5.2.1, 5.2.2, 5.2.2....

CVE-2017-1464

IBM TRIRIGA is affected by CVE-2017-1464 due to the failure to enable HTTP Strict Transport Security (HSTS), enabling a remote attacker to obtain sensitive information via man-in-the-middle techniques. Affected IBM TRIRIGA Platform versions include 3.5.0–3.5.3.0, 3.4.0–3.4.2.5, and 3.3.0–3.3.2.5....

CVE-2020-20353

CVE-2020-20353: IBM WebSphere Application Server in IBM Cloud is affected by an XML External Entity (XXE) Injection vulnerability. Affected product: IBM WebSphere Application Server in IBM Cloud (WebSphere Application Server 9.0 and 8.5). The IBM bulletin directs readers to the security bulletin(...

CVE-2019-4610

CVE-2019-4610 affects IBM Cloud Private Identity and Access Management. The IBM bulletin states the issue arises from use of an API key that grants access to a resource type, enabling an authenticated attacker to access other resources of the same type beyond the intended scope. Affected product/...

CVE-2019-4037

CVE-2019-4037 affects IBM Security Access Manager Appliance. The IBM advisory states that an authenticated user could execute commands with the appliance admin credentials, impacting IBM Security Access Manager versions 9.0.1.0 through 9.0.5.0 (on appliances). The vulnerability’s CVSS base score ...

CVE-2019-4445

IBM Security Bulletin aggregates CVE-2019-4445 under the IBM Rational CLM/RQM/RTC family. Affected products and versions include Rational CLM 6.0–6.0.6.1, Rational Quality Manager 6.0–6.0.6.1, Rational Team Concert 6.0–6.0.6.1, Rational DOORS Next Generation 6.0–6.0.6.1, Rational Engineering Life...

CVE-2019-4634

CVE-2019-4634 affects IBM Security Secret Server (all versions). The IBM security bulletin and Symantec writeup describe information-disclosure vulnerabilities where an attacker could learn details about underlying technologies through headers and response data (e.g., X-Powered-By, X-ASPNET-VERSI...