587 matches found
IBM UrbanCode Deploy Encryption Issue Vulnerability
IBM UrbanCode Deploy UCD is a suite of application automation deployment tools from IBM. The tool is based on an application deployment automation management information model, and through remote agent technology to automate the deployment of complex applications in different environments, etc. I...
CVE-2022-22327
IBM UrbanCode Deploy UCD 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859...
CVE-2022-22327
IBM UrbanCode Deploy UCD 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859...
Code injection
IBM UrbanCode Deploy UCD 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859...
CVE-2022-22327
IBM UrbanCode Deploy (UCD) is affected by CVE-2022-22327 due to weaker-than-expected cryptographic algorithms that could allow decryption of highly sensitive information. Affected products and versions include UCD 7.0.5.3–7.0.5.7 and 7.1.0.0–7.1.2.4 (inclusive). Remediation: upgrade to 7.0.5.9, 7...
CVE-2022-22327
IBM UrbanCode Deploy UCD 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859...
IBM UrbanCode Deploy 加密问题漏洞
IBM UrbanCode Deploy UCD is a suite of application automation deployment tools from IBM. The tool is based on an application deployment automation management information model, and through remote agent technology to automate the deployment of complex applications in different environments, etc. I...
Security Bulletin: CVE-2022-22327 Urbancode Deploy Web-Agent communication uses system default TLS protocol instead of application configured value.
Summary Urbancode Deploy may use the system default TLS protocol instead of the application value when install.server.ssl.enabledProtocols is set to a non-default value. Vulnerability Details CVEID: CVE-2022-22327 DESCRIPTION: IBM UrbanCode Deploy UCD uses weaker than expected cryptographic...
Security Bulletin: IBM Urbancode Deploy impacted by Apache Log4j SQL Injection vulnerability. (CVE-2022-23305)
Summary When added to the logging configuration, the Log4j JDBCAppender may not be properly encoding content sent to an external SQL database. This is a non-default configuration. The fix removes this component. Vulnerability Details CVEID: CVE-2022-23305 DESCRIPTION: Apache Log4j is vulnerable t...
CVE-2022-22327
IBM UrbanCode Deploy UCD 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859...
Security Bulletin: IBM Urbancode Deploy server/agent/relay releases before 7.1.2.1 impacted by Apache Log4j vulnerabilities. (CVE-2021-4104)
Summary IBM Urbancode Deploy server, agent, and relay releases before release 7.1.2.1 are impacted by CVE-2021-4104. The product uses Log4j 1.2 logging library which may be exploited with administrative access. Vulnerability Details CVEID:CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remo...
Security Bulletin: CVE-2021-42340 Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections.
Summary Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition. Vulnerability Details CVEID:...
Security Bulletin: CVE-2020-17521 Apache Groovy's provided extension methods to aid with creating temporary directories was using a now superseded Java JDK method call that is potentiallly not secure in some situations.
Summary Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Vulnerabili...
Security Bulletin: CVE-2021-33037 Apache Tomcat 8.5.66 did not correctly parse the HTTP transfer-encoding request header leading to the possibility to request smuggling when used with a reverse proxy
Summary Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the...
Security Bulletin: CVE-2020-27221 Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow
Summary Java SE issues disclosed in CVE-2020-27221 for IBM provided JRE. Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could...
Security Bulletin: CVE-2020-27223 when Jetty handles a request containing multiple Accept headers the server may enter a denial of service (DoS) state
Summary when Jetty handles a request containing multiple Accept headers with a large number of quality i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality values Vulnerability Details CVEID: CVE-2020-27223 DESCRIPTION: Eclipse Jetty...
Security Bulletin: CVE-2021-29711 Agent Upgrade through CLI requires inconsistent permission.
Summary Security Bulletin: CVE-2021-29711 Agent Upgrade through CLI requires inconsistent permission set with UI. Vulnerability Details CVEID: CVE-2021-29711 DESCRIPTION: IBM UrbanCode Deploy UCD could allow an authenticated user with certain permissions to initiate an agent upgrade through the C...
Security Bulletin: CVE-2021-28165 In Eclipse Jetty CPU usage can reach 100% upon receiving a large invalid TLS frame.
Summary CVE-2021-28165 In Eclipse Jetty CPU usage can reach 100% upon receiving a large invalid TLS frame. Vulnerability Details CVEID: CVE-2021-28165 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a...
Security Bulletin: CVE-2021-27568 An issue was discovered in netplex json-smart-v1, an exception is thrown from a function
Summary CVE-2021-27568 An issue was discovered in netplex json-smart-v1, an exception is thrown from a function, may cause programs to crash or expose sensitive info Vulnerability Details CVEID: CVE-2021-27568 DESCRIPTION: Netplex json-smart-v1 and json-smart-v2 are vulnerable to a denial of...
IBM UrbanCode Deploy has an unspecified vulnerability
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM Corporation in the United States. The tool is based on an application deployment automation management information model and uses remote agent technology to automate the deployment of complex applications in...