Security Bulletin: Vulnerability exists in Apache-Xalan-Java used in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2014-0107)

Summary A security bypass vulnerability has been discovered in Apache Xalan-Java libraries used by IBM Sterling B2B Integrator and IBM Sterling File Gateway. Vulnerability Details CVEID: CVE-2014-0107 Description: Apache Xalan-Java could allow a remote attacker to bypass security restrictions...

Security Bulletin: A vulnerability exists in Apache Xalan-Java prior to 2.7.2 as used in IBM Sterling Control Center 5.2 (CVE-2014-0107)

Summary IBM Sterling Control Center 5.2 utilizes Apache Xalan-Java that contains a vulnerability. Vulnerability Details CVE-ID: CVE-2014-0107 DESCRIPTION: Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An...

Apache Xalan Remote Code Execution

Apache Xalan-Java contains a vulnerability that allows for Remote Code Execution. This vulnerability allows a malicious user to remotely bypass the expected restrictions and load arbitrary code...

Security Bulletin: Open Source Apache Xalan-Java reported in April X-Force Report in IBM Content Navigator

Summary Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes. Vulnerability Details Apache...

Security Bulletin: Apache Xalan-Java の脆弱性 (CVE-2014-0107) による IBM FileNet Business Process Framework への影響

Summary Apache Xalan-Java にはリモートの攻撃者がセキュリティの制限をバイパスできてしまうおそれがあります。 ご利用の IBM FileNet Business Process Framework V4.1.0.x に4.1 Fix Pack 10 を適用後、4.1.0.10-P8BPF-IF002 を適用してください。修正を適用する以外の回避策はございません。 Vulnerability Details 影響を受ける製品およびバージョン： · IBM FileNet Business Process Framework V4.1.0.x 解決策および回避策：...

Security Bulletin: IBM FileNet Business Process Framework is affected by a vulnerability in Apache Xalan-Java (CVE-2014-0107)

Summary Open Source Apache Xalan-Java could allow a remote attacker to bypass security restrictions. Vulnerability Details CVE ID: CVE--2014-0107 Description: Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An...

Security Bulletin: A vulnerability exists in Apache Xalan-Java prior to 2.7.2 as used in IBM QRadar SIEM 7.1 MR2, and 7.2 MR2. (CVE-2014-0107)

Summary IBM QRadar Security Information and Event Manager SIEM 7.1 MR2 and 7.2 MR2 utilizes Apache Xalan-Java that contains a vulnerability. Vulnerability Details CVE ID: CVE-2014-0107 DESCRIPTION: The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certa...

Security Bulletin: Security exposure in IBM Cognos Incentive Compensation Management (CVE-2014-0107)

Summary There is a security vulnerability whereby a remote attacker could bypass security restrictions in Apache Xalan-Java within IBM Cognos Incentive Compensation Management 8.x and 7.x. Vulnerability Details CVE IDs: CVE-2014-0107 DESCRIPTION: Apache Xalan-Java could allow a remote attacker to...

Security Bulletin: A security vulnerability has been identified in Cognos BI Server shipped with IBM Business Monitor (CVE-2014-0107)

Summary There is a vulnerability in Apache Xalan-Java™ used by Cognos BI Server in IBM Business Monitor. Vulnerability Details For vulnerability details, see the Security Bulletin: Cognos BI Server is affected by the following vulnerabilities: CVE-2014-0107, CVE-2014-0075, CVE-2014-0096,...

Gentoo Security Advisory GLSA 201604-02

Gentoo Linux Local Security Checks SPDX-FileCopyrightText: 2016 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.121459";...

GLSA-201604-02 : Xalan-Java: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201604-02 Xalan-Java: Arbitrary code execution The TransformerFactory in Apache Xalan-Java does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled. This can also be exploited via a Java...

Xalan-Java: Arbitrary code execution

Background Xalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. Description The TransformerFactory in Apache Xalan-Java does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled. This can also be exploit...

Oracle WebCenter Sites Apache Xalan-Java Library Security Bypass (January 2016 CPU)

The version Oracle WebCenter Sites installed on the remote host is missing a security patch from the January 2016 Critical Patch Update CPU. It is, therefore, affected by a security bypass vulnerability in the Apache Xalan-Java library due to a failure to properly restrict access to certain...

Oracle WebLogic Server Multiple Vulnerabilities (January 2016 CPU)

Binary data oracleweblogicservercpujan2016.nbin...

Important: Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 security update

An update for Red Hat JBoss SOA Platform 5.3.1 which fixes multiple security issues is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

Important: Red Hat Security Advisory: Red Hat JBoss Fuse Service Works 6.0.0 security update

Red Hat JBoss Fuse Service Works 6.0.0 roll up patch 3, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base score...

Important: Red Hat Security Advisory: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 update

Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P6 Patch 6 on Rollup Patch 1, which addresses three security issues, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...