Security Bulletin: IBM Transformation Extender Advanced and IBM Standards Processing Engine are susceptible to a vulnerability in 10x (CVE-2017-1152)

Summary IBM 10x framework does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. Vulnerability Details CVEID: CVE-2017-1152 DESCRIPTION: IBM Sterling Global Integration On-Demand Environment does not properly upda...

Security Bulletin: A vulnerability in IBM Java SDK affects IBM Standards Processing Engine and IBM Transformation Extender Advanced (CVE-2016-5597)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 7 and 8, that is used by IBM Standards Processing Engine and IBM Transformation Extender Advanced. This issue was disclosed as part of the IBM Java SDK updates for October 2016. Vulnerability Details CVEID: CVE-2016-55...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Standards Processing Engine and IBM Transformation Extender Advanced (CVE-2015-2017).

Summary IBM WebSphere Application Server Liberty is shipped with IBM Standards Processing Engine and IBM Transformation Extender Advanced. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...

Security Bulletin: Vulnerability in Apache Commons affects IBM Standards Processing Engine (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Standards Processing Engine. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system,...

Security Bulletin: Information disclosure vulnerability affects IBM Standards Processing Engine (CVE-2015-7410)

Summary IBM Standards Processing Engine is vulnerable to cookie hijacking for Web Services hosted over HTTPS protocol. Vulnerability Details CVEID: CVE-2015-7410 DESCRIPTION: Applications based on an internal IBM UI framework are vulnerable to cookie hijacking for Web Services hosted over HTTPS...

CVE-2021-29883

IBM Standards Processing Engine IBM Transformation Extender Advanced 9.0 and 10.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. T...

Authorization

IBM Standards Processing Engine IBM Transformation Extender Advanced 9.0 and 10.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. T...

Cisco Identity Services Engine Denial of Service Vulnerability

A vulnerability in the syslog processing engine of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. A...

Apache Heron Code Issue Vulnerability

Apache Heron is a distributed , fault-tolerant real-time stream processing engine . A code issue vulnerability exists in Apache Heron versions 0.20.2-incubating, 0.20.1-incubating, and 0.20.0-incubating. An attacker could exploit the vulnerability to execute code...

Cisco Firepower Threat Defense Software 6.x < 6.2.3.12 / 6.3.x < 6.3.0.3 Multiple Vulnerabilities

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by following vulnerabilities: - A vulnerability in the TCP ingress handler for the data interfaces that are configured with management access to Cisco Firepower Threat Defense FTD Software could allow an...

Dell Precision Optimizer Local Privilege Escalation Vulnerability(CVE-2017-2802)

Summary An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege...

On the QQ upgrade custom emoticons vulnerability-vulnerability warning-the black bar safety net

QQ2006 New Year Edition SP2 Fix Windows XP not playing MS04-0 2 8 overflow vulnerability patch case the presence of security issues QQ requires the upgrade How to use this? First, we have to make the picture of the Trojans! Tool a lot of their own to go to baidu to find! I have always advocated i...