Security Bulletin: IBM Integration Designer is vulnerable to a denial of service due to commons-fileupload-1.4.jar (CVE-2023-24998)

Summary The fix includes a new version of the commons-fileupload jar file that resolves the specified vulnerability. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts ...

Security Bulletin: IBM Robotic Process Automation is vulnerable to man in the middle attacks

Summary IBM Robotic Process Automation defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. Vulnerability Details CVEID:CVE-2023-22863 DESCRIPTION: IBM Robotic...

CVE-2022-43574

"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679."...

Security Bulletin: IBM Robotic Process Automation is allows weak passwords priort to 21.0.3 (CVE-2022-35280)

Summary Prior to version 21.0.3 IBM Robotic Process Automation allowed weak passwords that may make it easier for attackers to compromise accounts. As of release 21.0.3 IBM Robotic Process Automation enforces strong passwords. Vulnerability Details CVEID:CVE-2022-35280 DESCRIPTION: IBM Robotic...

Security Bulletin: IBM Robotic Process Automation allows weak passwords prior to 21.0.3 (CVE-2022-35280)

Summary Prior to version 21.0.3 IBM Robotic Process Automation allowed weak passwords that may make it easier for attackers to compromise accounts. As of release 21.0.3 IBM Robotic Process Automation enforces strong passwords. Vulnerability Details CVEID:CVE-2022-35280 DESCRIPTION: IBM Robotic...

Security Bulletin: IBM Robotic Process Automation is vulnerable to a man-in-the-middle due to ssh.net (CVE-2022-29245)

Summary ssh.net is used by IBM Robotic Process Automation as part of the secure communications. CVE-2022-29245. The fix includes ssh.net 2020.0.2.0 Vulnerability Details CVEID:CVE-2022-29245 DESCRIPTION: SSH.NET is vulnerable to a man-in-the-middle attack, caused by the use of a weak cryptographi...

CVE-2021-32734 File path disclosure of shared files in Nextcloud Text application

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issu...

CVE-2021-32725 Default share permissions not respected for federated reshares

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known...

CVE-2021-21074 Adobe Animate out-of-bounds read vulnerability

Adobe Animate version 21.0.3 and earlier is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...

CVE-2021-21071 Adobe Animate memory corruption vulnerability

Adobe Animate version 21.0.3 and earlier is affected by a Memory Corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...

CVE-2021-21076 Adobe Animate out-of-bounds read vulnerability

Adobe Animate version 21.0.3 and earlier is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...

Adobe Animate 缓冲区错误漏洞

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. An out-of-bounds read vulnerability exists in Adobe Animate 21.0.3 and earlier versions, which can be exploited by an unauthenticated attacker with the help of a malicious file to cause an information...

Adobe Animate 缓冲区错误漏洞

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. An out-of-bounds read vulnerability exists in Adobe Animate 21.0.3 and earlier versions, which can be exploited by an unauthenticated attacker with the help of a malicious file to cause an information...

Adobe Animate 缓冲区错误漏洞

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. An out-of-bounds read vulnerability exists in Adobe Animate 21.0.3 and earlier versions, which can be exploited by an unauthenticated attacker with the help of a malicious file to cause an information...

Adobe Animate 缓冲区错误漏洞

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. A buffer overflow vulnerability exists in Adobe Animate 21.0.3 and earlier versions, which can be exploited by an unauthenticated attacker to achieve arbitrary code execution in the context of the current...