SUSE-RU-2024:3971-1 Recommended update for mojo-parent

This update for mojo-parent fixes the following issues: xalan-j2 was updated from version 2.7.2 to 2.7.3: - Security issues fixed: CVE-2022-34169: Fixed integer truncation issue when processing malicious XSLT stylesheets bsc1201684 - Changes and Bugs fixed: Java 8 is now the minimum requirement...

Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager software component and IBM Security Verify Governance - Identity Manager virtual appliance component. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu...

Security Bulletin: Order Management is subject to vulnerabilities regarding XML service where a remote attacker could exploit this vulnerability.

Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2009-2625, CVE-2013-4002, CVE-2012-0881, however the specific code related to the vulnerability is not in use, therefore the risk is lower. This bulletin identifies the steps to take to...

Security Bulletin: IBM Operational Decision Manager May 2023 - Multiple CVEs

Summary This Security Bulletin addresses the security vulnerabilities that have been fixed within the IBM Operational Decision Manager. This product now includes fixes for the following security vulnerabilities. Vulnerability Details CVEID:CVE-2023-20862 DESCRIPTION: VMware Tanzu Spring Security...

Oracle WebLogic Server 14.1.1 < 14.1.1.0.221010 (Oct 2022 CPU)

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the October 2022 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...

Security Bulletin: IBM Enterprise Content Management Widgets and potential Apache Xerces-J denial of service attack (CVE-2013-5372)

Abstract Potential denial of service attack due to usage of Apace Xerces-J against IBM Enterprise Content Management Widgets Content VULNERABILITY DETAILS: CVEID: CVE-2013-5372 DESCRIPTION: The Apache Xerces-J XML parser is potentially vulnerable to a denial of service attack, triggered by a...

Security Bulletin: TADDM 7.2.2.0: Apache Xerces-J XML parser Denial of Service attack.

Abstract The Apache Xerces-J XML parser is vulnerable to a denial of service attack, triggered by malformed XML data, that can affect the security of IBM Tivoli Application Dependency Discovery Manager. Content VULNERABILITY DETAILS: CVEID: CVE-2013-4002 CVSS 7.1 Description: The Apache Xerces-J...

Security Bulletin: IBM FileNet Business Process Manager – XML 4J denial of service attack (CVE-2013-4002)

Abstract The XML4J parser that is shipped with the IBM FileNet Business Process Manager is vulnerable to a denial of service attack, which is triggered by malformed XML data. Content The products that are listed below can be affected by security vulnerabilities reported to the Apache Xerces-J...

Security Bulletin: Atlas Suite and potential Apache Xerces-J XML parser Denial of Service attack (CVE-2013-4002)

Abstract Potential denial of service attack against Atlas Suite due to usage of the XML parser Apache Xerces-J. Content VULNERABILITY DETAILS: DESCRIPTION: The Apache Xerces-J XML parser is vulnerable to a denial of service attack, triggered by malformed XML data. The malformed data causes the XM...

Oracle Primavera Unifier (Jul 2022 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Document Management jackson-databind. Supported...

Security Bulletin: InfoSphere BigInsights affected by vulnerabilities in IBM SDK Java™ Technology Edition (CVE-2013-4002, CVE-2013-5780)

Summary InfoSphere BigInsights is vulnerable to two vulnerabilities in IBM SDK Java Technology Edition. Vulnerability Details CVE-2013-4002 DESCRIPTION: A denial of service vulnerability in the Apache Xerces-J parser used by IBM SDK Java Technology Edition could result in a complete availability...

Denial Of Service (DoS)

Xerces2-j aka Apache Xerces-J parser is vulnerable to denial of service DoS. The attack can be triggered when malicious XML data is passed to Apache Xerces-J parser and processed by the JRE...

Security Bulletin: Content Integrator- Apache Xerces-J XML parser Denial of Service attack (CVE-2013-4002)

Summary Apache Xerces-J XML parser XML4J shipped with IBM Content Integrator is vulnerable to a denial of service attack that can be triggered by malformed XML data Vulnerability Details DESCRIPTION: The Apache Xerces-J XML parser is vulnerable to a denial of service attack, triggered by malforme...

Security Bulletin: IBM Cognos Business Intelligence (CVE-2013-3030, CVE-2013-4002, CVE-2013-2407, CVE-2013-2450, CVE-2013-4034, CVE-2013-5372)

Summary A Number of security vulnerabilities exist in the IBM Cognos Business Intelligence product. Vulnerability Details VULNERABILITY DETAILS: CVEID: CVE-2013-3030 Denial of service attack against servlet gateway DESCRIPTION: A malicious user may be send specially crafted HTTP requests to the I...

Denial Of Service (DoS)

Xerces2-j aka Apache Xerces-J parser is vulnerable to denial of service DoS. The attack can be triggered when malicious XML data is passed to Apache Xerces-J parser and processed by the JRE...

Denial of Service attack through vulnerable Xerces-J library

quote There is WebDav endpoint that is accessible via following URL - https://pwnie.ninja/confluence/plugins/servlet/confluence/default . It is possible to pass XML as data for PROPFIND request. Following python code will generate XML with long pseudo-attribute name that exploits CVE-2013-4002...

Denial of Service attack through vulnerable Xerces-J library

quote There is WebDav endpoint that is accessible via following URL - https://pwnie.ninja/confluence/plugins/servlet/confluence/default . It is possible to pass XML as data for PROPFIND request. Following python code will generate XML with long pseudo-attribute name that exploits CVE-2013-4002...

Important: Red Hat Security Advisory: Red Hat JBoss Data Grid 6.4.1 update

Red Hat JBoss Data Grid 6.4.1, which fixes several security issues, multiple bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

OpenJDK: XML parsing Denial of Service (JAXP, 8017298)

A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an...

OpenJDK: XML parsing Denial of Service (JAXP, 8017298)

A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an...