Security Bulletin: IBM Sterling B2B Integrator is affected by security vulnerability in OpenSSH

Summary IBM Sterling B2B Integrator is affected by security vulnerability in OpenSSH Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity chec...

Security Bulletin: IBM B2B Sterling Integrator is affected by Fasterxml jackson-databind vulnerability to denial of service

Summary IBM B2B Sterling Integrator is affected by Fasterxml jackson-databind vulnerability to denial of service Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to ope...

Security Bulletin: Security Vulnerabilities in IBM MQ Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator is affected by vulnerabilities in IBM MQ. Vulnerability Details CVEID:CVE-2024-25015 DESCRIPTION: IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all...

PT-2024-10279 · Ibm · Ibm Sterling Secure Proxy

Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy versions 6.0.0.0 through 6.2.0.0 Description: The issue is related to improper validation of a specified type of input, which can allow a privileged user to inject commands into the underlying operating system. This...

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074)

Summary B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path CVE-2023-51074. IBM Sterling B2B Integrator has remediated this vulnerabilty; Follow steps identified in Remediation/Fixes section to address vulnerability in your environment. Vulnerability Details...

Security Bulletin: IBM Sterling B2B Integrator Document Service container vulnerable to multiple issues due to Apache Tomcat

Summary IBM Sterling B2B Integrator's Document Service container users Apache Tomcat. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-46589 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsin...

Security Bulletin: IBM Sterling Control Center is vulnerable to remote attack on MQXR service due to IBM WebSphere MQ (CVE-2015-4943)

Summary IBM WebSphere MQ is used by IBM Sterling Control Center. IBM WebSphere MQ could allow a remote attacker to crash the MQXR service, and the issue has been addressed. Vulnerability Details CVEID: CVE-2015-4943 DESCRIPTION: IBM WebSphere MQ could allow a remote attacker to crash the MQXR...

Security Bulletin: Hibernate ORM Vulnerabilities Affect IBM Control Center (CVE-2019-14900, CVE-2020-25638)

Summary Hibernate ORM is vulnerable to SQL injection. Vulnerability Details CVEID: CVE-2019-14900 DESCRIPTION: Hibernate ORM is vulnerable to SQL injection. The implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the...

Security Bulletin: Eclipse Jetty Vulnerability Affects IBM Control Center (CVE-2020-27216)

Summary Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system. Vulnerability Details CVEID: CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in th...

Security Bulletin: IBM Worklight and IBM Mobile Foundation application authenticity bypass (CVE-2014-0888)

Summary IBM Worklight and IBM Mobile Foundation application authenticity verification can be bypassed under certain conditions. Vulnerability Details CVEID: CVE-2014-0888 DESCRIPTION: The application authenticity feature in IBM Worklight and IBM Mobile Foundation enables the Worklight server to...

Unspecified Vulnerability in Oracle Supply Chain Products Suite Agile Engineering Data Management Component

Oracle Supply Chain Products Suite is a suite of supply chain solutions from Oracle that provides value chain planning, value chain execution, product lifecycle management, etc. Oracle Agile Engineering Data Management is one of the Data Management component. A remote security vulnerability exist...

Kaseya 6.2.0.0 Cross Site Scripting

Summary The Kaseya version 6.2.0.0 web interface and possibly other versions is vulnerable to Cross-Site Scripting in the "adminName" variable. 2. Description By submitting malicious input such as the following, it is possible to render javascript in the security context of the Kaseya server:...