66 matches found
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation
Summary OpenSSL vulnerabilities were disclosed on 30 October 2018 and later by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVE-ID:...
Security Bulletin: WAS traditional and liberty vulnerable to CVE-2014-7810
Summary IBM Worklight has addressed the following vulnerability. WAS traditional and liberty vulnerable to CVE-2014-7810 Vulnerability Details CVEID: CVE-2014-7810 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of expression language. A...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation
Summary OpenSSL vulnerabilities were disclosed on APR 16, 2018 onward by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation
Summary OpenSSL vulnerabilities were disclosed on Nov 02, 2017 onward by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...
Security Bulletin: Open Source Apache Cordova Android Vulnerabilities affect IBM Worklight and IBM MobileFirst Platform Foundation
Summary Apache Cordova is an open source framework for mobile development. The Cordova framework is used in all Mobile environments in IBM Workligh and IBM MobileFirst Platform Foundation but this particluar Open Source Apache Cordova vulnerability is affected only for Android platform. Affected...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation
Summary OpenSSL vulnerabilities were disclosed on Dec 16, 2016 by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...
Security Bulletin: Reflected XSS in IBM Worklight OAuth Server Web Api
Summary A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework. The vulnerable parameter is "scope", if you set as value a "realm"; not defined in authenticationConfig.xml you get an HTTP 403 Forbidden response...
Security Bulletin: Multiple Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Worklight and IBM MobileFirst Platform Foundation
Summary IBM WebSphere Application Server Liberty vulnerabilities have been disclosed by IBM WebSphere Application Server Liberty . IBM WebSphere Application Server Liberty is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196)
Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3194...
Security Bulletin: Vulnerability in Apache Commons affects IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2015-7450)
Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Worklight and IBM MobileFirst Platform Foundation. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrar...
Security Bulletin: Vulnerability in SSLv3 affects WorkLight Quality Assurance (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in Worklight Quality Assurance WQA Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like...
Security Bulletin: Vulnerabilities in Bash affect IBM Worklight Quality Assurance (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities affecting IBM Worklight Quality Assurance WQA. Vulnerability Details | Subscribe to My...
Security Bulletin: Vulnerability in Apache Cordova affects IBM Worklight, IBM Mobile Foundation and IBM MobileFirst Platform Foundation (CVE-2015-5204)
Summary Apache Cordova File Transfer Plugin for Android is vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will all...
Security Bulletin: Vulnerability in Apache Cordova affects IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2015-1835)
Summary An Apache Cordova vulnerability was disclosed May 26, 2015. Apache Cordova is used by IBM Worklight and IBM MobileFirst Platform Foundation. Android applications built with the Cordova framework might allow a remote attacker to cause arbitrary commands to be executed in the application. I...
Security Bulletin: Vulnerabilities in Dojo Toolkit affect IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2014-8917)
Summary There are cross-site scripting vulnerabilities in the Dojo Toolkit that is used by IBM Worklight and IBM MobileFirst Platform Foundation. Vulnerability Details CVEID: CVE-2014-8917 DESCRIPTION: IBM Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2014-3570, CVE-2014-3572, CVE-2015-0204)
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes the vulnerability that has been referred to as “FREAK”. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation when the optional FIPS 140-2 data-in-motion feature is enabled o...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Worklight (CVE-2014-3509, CVE-2014-5139)
Summary There are multiple vulnerabilities in OpenSSL that is used by the optional FIPS 140-2 data-in-motion feature in IBM Worklight. These issues were disclosed on August 6, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-3509 DESCRIPTION: OpenSSL is vulnerable to a denial o...
Security Bulletin: Vulnerability in SSLv3 affects IBM Worklight (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Worklight. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information,...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Worklight (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568)
Summary OpenSSL vulnerabilities along with SSL 3 Fallback protection TLSFALLBACKSCSV were disclosed on October 15, 2014 by the OpenSSL Project. OpenSSL is used by the optional FIPS 140-2 data-in-motion feature in IBM Worklight. IBM Worklight has addressed the applicable CVEs and included the SSL...
Security Bulletin: IBM Worklight and IBM Mobile Foundation application authenticity bypass (CVE-2014-0888)
Summary IBM Worklight and IBM Mobile Foundation application authenticity verification can be bypassed under certain conditions. Vulnerability Details CVEID: CVE-2014-0888 DESCRIPTION: The application authenticity feature in IBM Worklight and IBM Mobile Foundation enables the Worklight server to...