38 matches found
Security Bulletin: Rational Test Automation Server is vulnerable to request smuggling using CRLF injection due to netty-codec-http (CVE-2025-67735)
Summary Due to use of netty-codec-http, Rational Test Automation Server and IBM DevOps Test Hub contain a CRLF injection based request smuggling vulnerability CVE-2025-67735. The netty-codec-http java library is used for asynchronous HTTP handling capabilities. Vulnerability Details...
EUVD-2015-2018
Malware in sbrugna...
Security Bulletin: A Netty vulnerability affects Rational Test Virtualization Server / DevOps Virtualization and Rational Performance Test Server / DevOps Test Performance Test Server ( CVE-2024-47535 )
Summary Rational Test Virtualization Server / DevOps Virtualization and Rational Performance Test Server / DevOps Test Performance Test Server are vulnerable to a denial of service due to a vulnerability in Netty CVE-2024-47535 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an...
Security Bulletin: A Netty vulnerability affects Rational Test Workbench / DevOps Test Workbench ( CVE-2024-47535 )
Summary Rational Test Workbench / Devops Test Workbench are vulnerable to a denial of service due to a vulnerability in Netty CVE-2024-47535 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of...
Security Bulletin: Rational Test Virtualization Server and Rational Test Workbench are vulnerable to denial of service due to Spring MVC (CVE-2024-38828)
Summary Rational Test Control Panel RTCP component of Rational Test Virtualization Server and Rational Test Workbench uses Spring MVC which is vulnerable to a denial of service attack CVE-2024-38828. Vulnerability Details CVEID:CVE-2024-38828 DESCRIPTION: Spring MVC controller methods with an...
Security Bulletin: Rational Test Automation Server is vulnerable to incorrect authorization vulnerability due to Keycloak (CVE-2021-4133)
Summary Keycloak vulnerability of incorrect authorization impacts Rational Test Automation Server. Vulnerability Details CVEID:CVE-2021-4133 DESCRIPTION: Keycloak could allow a remote authenticated attacker to bypass security restrictions, caused by improper authorization validation by the...
Security Bulletin: Rational Test Automation Server is vulnerable to malicious code execution due to Keycloak (CVE-2021-20222)
Summary Keycloak vulnerability that allows malicious code to be executed impacts Rational Test Automation Server. Vulnerability Details CVEID:CVE-2021-20222 DESCRIPTION: Keycloak is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the referrer URL in the...
Security Bulletin: Rational Test Automation Server is vulnerable to Allocation of resources without limits vulnerability due to Keycloak (CVE-2021-3637)
Summary Vulnerability related to allocation of resources without limits associated with the Keycloak versions before 14.0.0 impacts Rational Test Automation Server. Vulnerability Details CVEID:CVE-2021-3637 DESCRIPTION: Keycloak is vulnerable to a denial of service, caused by a flaw in the...
Security Bulletin: Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench is vulnerable to a denial of service attack in Spring Framework (CVE-2022-22971)
Summary Spring Framework is vulnerable to a security issue affecting Rational Test Control Panel Vulnerability Details CVEID:CVE-2022-22971 DESCRIPTION: Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. By sending a...
Security Bulletin: Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
Summary Rational Test Control Panel is affected but not vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boot...
Security Bulletin: Rational Test Automation Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)
Summary Apache Log4j vulnerability associated with the Rational Performance Tester Apache JMeter™ Test Extension impacts Rational Test Automation Server. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system,...
Security Bulletin: Rational Test Workbench bundles Rational Performance Tester which is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)
Summary Rational Test Workbench RTW bundles Rational Performance Tester RPT. The Apache Log4j vulnerability impacts RPT Apache JMeter™ Test Extension. This bulletin addresses the vulnerability by removing Apache Log4j. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could...
Security Bulletin: Rational Test Control Panel affected by Spring Framework vulnerability
Summary Spring Framework is vulnerable to a security issue affecting Rational Test Control Panel Vulnerability Details CVEID: CVE-2020-5421 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a...
Security Bulletin: Rational Integration Tester HTTP/TCP Proxy component in Rational Test Virtualization Server and Rational Test Workbench affected by Netty vulnerabilities (CVE-2020-7238, CVE-2019-16869, CVE-2019-20445, CVE-2019-20444)
Summary Netty is vulnerable to security issues affecting the Rational Integration Tester HTTP/TCP Proxy component in Rational Test Virtualization Server and Rational Test Workbench Vulnerability Details CVEID: CVE-2020-7238 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a...
Security Bulletin: Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench affected by Spring vulnerability (CVE-2018-15756)
Summary The Spring framework is vulnerable to a security issue affecting the Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench. Vulnerability Details CVEID: CVE-2018-15756 DESCRIPTION: Pivotal Spring Framework is vulnerable to a denial of...
Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerability (CVE-2017-5664)
Summary Apache Tomcat is vulnerable to a security issue affecting the Rational Test Control Panel component in IBM Rational Test Workbench and Rational Test Virtualization Server. Vulnerability Details CVE-ID: CVE-2017-5664 Description: Apache Tomcat could allow a remote attacker to bypass securi...
Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerability (CVE-2016-6816)
Summary Apache Tomcat is vulnerable to a security issue affecting the Rational Test Control Panel component in IBM Rational Test Workbench and Rational Test Virtualization Server. Vulnerability Details CVE-ID: CVE-2016-6816 Description: Apache Tomcat is vulnerable to HTTP response splitting...
Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by multiple Apache Tomcat vulnerabilities
Summary Apache Tomcat is vulnerable to a number of security issues affecting the Rational Test Control Panel component in IBM Rational Test Workbench and Rational Test Virtualization Server. Vulnerability Details CVE-ID: CVE-2015-5345 Description: Apache Tomcat could allow a remote attacker to...
Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects RIT and RTCP in Rational Test Workbench, RTCP and RIT Agent in Rational Test Virtualization Server, and RIT Agent in Rational Performance Test Server (CVE-2015-7575)
Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects Rational Integration Tester and Rational Test Control Panel in Rational Test Workbench, Rational Test Control Panel and RIT Agent in Rational Test Virtualization Server, and RIT Agent in Rational Performance Test Server Vulnerability Detail...
Security Bulletin: Vulnerability in Spring Framework for Java Deserialization in Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server (CVE-2015-7450)
Summary A Spring Framework vulnerability for handling Java object deserialization was addressed by Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server. This vulnerability does not have its own CVE number, but is linked to CVE-2015-7450. Vulnerability...