Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8

Summary Third party reported 'Stored XSS' and 'CSRF' issues, Apache Tomcat, Apache ActiveMQ, CKEditor, libcURL, xmlbeans, scala-library, json-smart, jna-platform, jackson-databind, commons-io, shiro-core, commons-net, snappy-java, xercesImpl are identified as vulnerable components with multiple...

Security Bulletin: Vulnerabilities in xercesImpl library affects IBM Engineering Test Management (ETM) (CVE-2022-23437)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the...

Security Bulletin: Addressing the Security vulnerability CVE-2022-23437,CVE-2009-2625,CVE-2012-0881,CVE-2013-4002 found in xercesImpl-2.9.1.jar and its previous versions affects ITCAM for Transactions

Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following xercesImpl-2.9.1.jar vulnerability and updated xercesImpl.jar from version 2.5.0 to 2.12.2 and its dependency xml-apis.jar to version 2.5.0 Vulnerability Details...

ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0), ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0) +5847 more potentially affected by CVE-2013-4002 via xerces:xercesImpl (>=2.10.0 <=2.11.0)

xerces:xercesImpl MAVEN version =2.10.0, =1.0.0, =4.5.0, =4.7.11, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =0.2, =5.0.9, =5.1.3 and more Source cves: CVE-2013-4002 Source advisory: OSV:GHSA-7J4H-8WPF-RQFH...

Denial Of Service (DoS)

xercesImpl is vulnerable to denial of service. The vulnerability exists because the library does not properly handle XML document payloads, allowing an attacker to crash the application by providing a specially crafted XML document through the XML parser...

Moderate: Red Hat Security Advisory: Red Hat Fuse 7.9.0 release and security update

A minor version update from 7.8 to 7.9 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring...

Validation Bypass

wildfly is vulnerable to validation bypass. An XML validation manipulation vulnerability exists due to incomplete application of use-grammar-pool-only in xercesImpl...