Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 7:56 a.m.70 views

Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8

Summary Third party reported 'Stored XSS' and 'CSRF' issues, Apache Tomcat, Apache ActiveMQ, CKEditor, libcURL, xmlbeans, scala-library, json-smart, jna-platform, jackson-databind, commons-io, shiro-core, commons-net, snappy-java, xercesImpl are identified as vulnerable components with multiple...

10CVSS9.9AI score0.99999EPSS
Exploits138Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/29 11:50 a.m.48 views

Security Bulletin: Vulnerabilities in xercesImpl library affects IBM Engineering Test Management (ETM) (CVE-2022-23437)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the...

7.1CVSS6.5AI score0.0444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/30 11:9 a.m.73 views

Security Bulletin: Addressing the Security vulnerability CVE-2022-23437,CVE-2009-2625,CVE-2012-0881,CVE-2013-4002 found in xercesImpl-2.9.1.jar and its previous versions affects ITCAM for Transactions

Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following xercesImpl-2.9.1.jar vulnerability and updated xercesImpl.jar from version 2.5.0 to 2.12.2 and its dependency xml-apis.jar to version 2.5.0 Vulnerability Details...

7.8CVSS6.8AI score0.3038EPSS
Exploits2Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/13 1:1 a.m.5 views

ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0), ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0) +5848 more potentially affected by CVE-2013-4002 via xerces:xercesImpl (>=2.10.0 <=2.11.0)

xerces:xercesImpl MAVEN version =2.10.0, =1.0.0, =4.5.0, =4.7.11, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =0.2, =5.0.9, =5.1.3 and more Source cves: CVE-2013-4002 Source advisory: OSV:GHSA-7J4H-8WPF-RQFH...

7.1CVSS6.7AI score0.24738EPSS
Exploits0
Veracode
Veracode
added 2022/01/25 4:25 a.m.35 views

Denial Of Service (DoS)

xercesImpl is vulnerable to denial of service. The vulnerability exists because the library does not properly handle XML document payloads, allowing an attacker to crash the application by providing a specially crafted XML document through the XML parser...

6.5CVSS5.3AI score0.0444EPSS
Exploits0References6Affected Software27
RedHat Linux
RedHat Linux
added 2021/08/11 6:21 p.m.159 views

Moderate: Red Hat Security Advisory: Red Hat Fuse 7.9.0 release and security update

A minor version update from 7.8 to 7.9 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring...

9.8CVSS7.1AI score0.9927EPSS
Exploits80References45
Veracode
Veracode
added 2020/10/14 4:33 a.m.20 views

Validation Bypass

wildfly is vulnerable to validation bypass. An XML validation manipulation vulnerability exists due to incomplete application of use-grammar-pool-only in xercesImpl...

5.3CVSS2.5AI score0.01292EPSS
Exploits0References7Affected Software29
Rows per page
Query Builder