16 matches found
Security Bulletin: WebSphere Dashboard Framework Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)
Abstract Java API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS CVEID: CVE-2013-1571 DESCRIPTION HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...
Security Bulletin: WebSphere Dashboard Framework contains a vulnerability that allows file access and deletion.
Summary WebSphere Dashboard Framework contains a vulerability in a charting feature used to access and delete generated images in a temporary folder. A fix has been created that removes the vulnerability. Vulnerability Details WebSphere Dashboard Framework contains a vulnerability in a charting...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Dashboard Framework
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 used by WebSphere Dashboard Framework. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with...
Security Bulletin: Vulnerabilities in IBM® Java™ Runtime affect WebSphere Dashboard Framework (CVE-2016-5573, CVE-2016-5597)
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Version 6 that is used by WebSphere Dashboard Framework. These issues were disclosed as part of the IBM Java SDK updates in October 2016. The vulnerabilities may affect some configurations of products bundled with WebSphere...
Security Bulletin: IBM WebSphere Dashboard Framework is affected by a security vulnerability in Apache POI (CVE-2016-5000)
Summary Apache POI, which is bundled with IBM WebSphere Dashboard Framework, could allow a remote attacker to obtain sensitive information. Vulnerability Details IBM WebSphere Dashboard Framework WDF bundles a copy of Apache POI, which is used by the spreadsheet integration functionality. CVEID:...
Security Bulletin: IBM WebSphere Dashboard Framework is affected by multiple security vulnerabilities in Apache POI
Summary Apache POI, which is bundled with IBM WebSphere Dashboard Framework, is vulnerable to denial of service attacks and could allow a remote attacker to obtain sensitive information. Vulnerability Details IBM WebSphere Dashboard Framework WDF bundles a copy of Apache POI, which is used by the...
Security Bulletin: A vulnerability in IBM® Java Runtime affects: WebSphere Dashboard Framework (CVE-2016-3485)
Summary There is a vulnerability in IBM® Runtime Environments Java™ Version 6 that is used by WebSphere Dashboard Framework. This issue was disclosed as part of the IBM Java SDK updates in July 2016. The vulnerability may affect some configurations of products bundled with WebSphere Dashboard...
Security Bulletin: Security Vulnerability in Apache Commons FileUpload affects IBM WebSphere Dashboard Framework (CVE-2016-3092 )
Summary Apache Commons FileUpload, which is bundled with IBM WebSphere Dashboard Framework, allows remote attackers to cause a denial of service CPU consumption via a long boundary string. Vulnerability Details IBM WebSphere Dashboard Framework WDF bundles a copy of Apache Commons FileUpload, whi...
Security Bulletin: Security vulnerabilities have been identified in the versions of IBM WebSphere Application Server Community Edition bundled with WebSphere Dashboard Framework 7.0.1 (CVE-2015-5345) (CVE-2016-0706) (CVE-2016-0714)
Summary IBM WebSphere Application Server Community Edition is bundled as an optional component of WebSphere Dashboard Framework. Information about security vulnerabilities affecting this component have been published. Vulnerability Details CVEID: CVE-2015-5345 DESCRIPTION: Apache Tomcat could all...
Security Bulletin: Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6, affects: WebSphere Dashboard Framework (CVE-2016-3427, CVE-2016-3426, CVE-2016-0264)
Summary There are multiple vulnerabilities in IBM® Runtime Environments Java™ Technology Edition, Version 6, that is used by WebSphere Dashboard Framework. These issues were disclosed as part of the IBM Java SDK updates in April 2016. The vulnerabilities may affect some configurations of products...
CVE-2014-6196
Cross-site scripting XSS vulnerability in IBM Web Experience Factory WEF 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework WDF and Lotus Widget Factory LWF, allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM Web Experience Factory WEF 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework WDF and Lotus Widget Factory LWF, allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere...
CVE-2014-6196
Cross-site scripting XSS vulnerability in IBM Web Experience Factory WEF 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework WDF and Lotus Widget Factory LWF, allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere...
CVE-2014-6196
The CVE-2014-6196 entry affects IBM Web Experience Factory (WEF) versions 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF). The root cause is a Dojo builder error in an unspecified WebSphere Portal configuration, which leads to improper construc...
CVE-2013-6728
The charting component in IBM WebSphere Dashboard Framework WDF 6.1.5 and 7.0.1 allows remote attackers to view or delete image files by leveraging incorrect security constraints for a temporary directory...
JVN#97334690: IBM Lotus vulnerable to denial-of-service (DoS)
IBM Lotus product line contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. Impact A remote attacker may cause a denial-of-service DoS. Solution Apply a patch Apply the appropriate patch according to the information provided by the developer. Products...