23 matches found
EUVD-2012-4741
Malware in sbrugna...
Security Bulletin: Rational Automation Framework Environment Wizard Vulnerability (CVE-2012-4816)
Summary Accessing the IBM Rational Automation Framework web user interface via the standard port 80 forces a login prompt to the user. However, a user can bypass this by hitting the default application server port 8080 and browsing various context roots until they locate the wizard. Vulnerability...
Security Bulletin: Vulnerability in IBM Java SDK affect Rational Automation Framework (CVE-2015-4872)
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 7SR8 that is used by Rational Automation Framework. This issue was disclosed as part of the IBM Java SDK updates in October 2015. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: An unspecified vulnerability in...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Automation Framework (CVE-2015-1931, CVE-2015-2601, CVE-2015-2625)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7SR8 that is used by Rational Automation Framework. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2601 DESCRIPTION: An unspecified...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Automation Framework (CVE-2015-0488, CVE-2015-0204, CVE-2015-2808, CVE-2015-1916 )
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by Rational Automation Framework. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID:CVE-2015-0488 DESCRIPTION:An unspecified vulnerability related to...
Security Bulletin: Vulnerabilities in OpenSSL affect Rational Automation Framework (CVE-2015-1790)
Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by Rational Automation Framework. Rational Automation Framework has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-1790 DESCRIPTION: OpenSSL is vulnerable to a denial of...
Security Bulletin: Vulnerabilities in OpenSSL affect Rational Automaiton Framework (CVE-2015-1793)
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project and affect Rational Automation Framework. This includes the alternate chains certificate forgery vulnerability CVE-2015-1793. Rational Automation Framework has addressed the applicable CVEs. Vulnerability Details CVEID:...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Automation Framework (CVE-2015-0410 and CVE-2014-6593 )
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7SR8, that is used by Rational Automation Framework. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPORT...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Rational Automation Framework (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Rational Automation Framework. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to...
Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Automation Framework (CVE-2015-2808)
Summary The RC4 "Bar Mitzvah" Attack for SSL/TLS affects Rational Automation Framework. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit...
Security Bulletin: Vulnerability in IBM Java SDK affects Rational Automation Framework (CVE-2015-0138)
Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® SDK Java™ Technology Edition that is used by Rational Automation Framework, Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations...
Security Bulletin: OpenSSL vulnerabilities for Rational Automation Framework Security Advisory (CVE-2015-0204)
Summary A vulnerability in the OpenSSL ssl3getkeyexchange function could allow a remote attacker to downgrade the security of certain TLS connections. An OpenSSL client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using...
Security Bulletin: Java Technology Edition Quarterly CPU - October 2014 for Rational Automation Framework (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLTLS is enabled by default in embedded Build Forge in some pages. Vulnerability Details | Subscribe to My Notifications to be notified of important product suppo...
Security Bulletin: Rational Automation Framework Security Advisory (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLTLS is enabled by default in embedded Build Forge in some pages. Vulnerability Details | Subscribe to My Notifications to be notified of important product suppo...
Security Bulletin: Open Source Apache HTTP vulnerabilities (CVE-2014-0098) for RAF
Summary Previous releases of IBM Rational Automation Framework RAF are affected by the vulnerabilitie in Apache HTTP Server that may allow remote attackers to influence the availability of the Framework Server. Vulnerability Details | Subscribe to My Notifications to be notified of important...
Security Bulletin: Open Source Apache Tomcat - 4 issues (CVE-2013-4286) for RAF
Summary Previous releases of IBM Rational Automation Framework RAF are affected by the vulnerabilitie in Apache Tomcat that may allow remote attackers to influence the availability of the Framework Server. Vulnerability Details | Subscribe to My Notifications to be notified of important product...
Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-4002, CVE-2013-5825, CVE-2013-5372)
Summary Previous releases of IBM Rational Automation Framework are affected by the vulnerabilities in Java that may allow remote attackers to influence the availability of the Framework Server. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alert...
Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-0169)
Summary Previous releases of IBM Rational Automation Framework are affected by a vulnerability in Java that may allow remote attackers to execute plaintext-recovery attacks. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow...
Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-0440)
Summary Previous releases of IBM Rational Automation Framework are affected by a vulnerability in Java that may allow remote attackers to influence the availability of the Framework Server. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts li...
CVE-2012-4816
IBM Rational Automation Framework RAF 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard aka Environment Generation Wizard access restrictions by visiting context roots in HTTP sessions on port 8080...