Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnerable to Cross Origin Resource Sharing (CORS) (CVE-2021-38928)

Summary IBM Sterling B2B Integrator has addressed the Cross Origin Sharing vulnerability in B2B API Vulnerability Details CVEID:CVE-2021-38928 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged...

SUSE CVE-2023-34149

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...

SUSE CVE-2023-34396

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...

Apache Struts vulnerable to memory exhaustion

Denial of service via out of memory OOM owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set...

GHSA-8F6X-V685-G2XC Apache Struts vulnerable to memory exhaustion

Denial of service via out of memory OOM owing to not properly checking of list bounds. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to OOM if developer has set struts.multipart.maxSize to a...