Security Bulletin: Multiple security vulnerabilities with IBM FileNet Content Manager component in IBM Business Automation Workflow -CVE-2021-31811, CVE-2021-31812, CVE-2021-23926, CVE-2021-38965

Summary The embedded IBM FileNet Content Manager component, that is shipped with IBM Business Automation Workflow is vulnerable to multiple vulnerabilities. Vulnerability Details CVEID: CVE-2021-38965 DESCRIPTION: IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote...

Security Bulletin: Apache XMLBeans XML Entity Expansion security vulnerability in IBM FileNet Content Manager

Summary IBM FileNet Content Manager has XML Entity Expansion security vulnerabilties with Apache XMLBeans. Vulnerability Details CVEID: CVE-2021-23926 DESCRIPTION: Apache XMLBeans is vulnerable to a denial of service, caused by an XML external entity XXE error when processing XML data. By sending...

xmlbeans: allowed malicious XML input may lead to XML Entity Expansion attack

A flaw was found when parsing XML files using XMLBeans 2.6.0 or below. The underlying parser created by XMLBeans could be susceptible to XML External Entity XXE attacks. The highest threat from this vulnerability is to confidentiality and system availability...

Critical: Red Hat Security Advisory: Red Hat Fuse 7.10.0 release and security update

A minor version update from 7.9 to 7.10 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring...

Security Bulletin: Apache XML Beans Vulnerability Affects the B2B API of IBM Sterling B2B Integrator (CVE-2021-23926)

Summary IBM Sterling B2B Integrator has addressed the security vulnerability. Vulnerability Details CVEID: CVE-2021-23926 DESCRIPTION: Apache XMLBeans is vulnerable to a denial of service, caused by an XML external entity XXE error when processing XML data. By sending a specially-crafted XML...

Security Bulletin: Multiple vulnerabilites affect IBM Jazz Foundation and IBM Engineering products.

Summary There are multiple vulnerabilities that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Requirements Management DOORS Next DOORS Next, IBM Engineering Workflow Management EWM, IBM...

Debian: Security Advisory (DLA-2693-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2693-1] xmlbeans security update

Debian LTS Advisory DLA-2693-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 28, 2021 https://wiki.debian.org/LTS Package : xmlbeans Version : 2.6.0+dfsg-1+deb9u1 CVE ID : CVE-2021-23926 The XML parsers used by XMLBeans did not set the properties needed to...

Security Bulletin: Multiple vulnerabilities in open source libraries affects Tivoli Netcool/OMNIbus WebGUI

Summary Fixes are available for vulnerabilities in open source libraries affects Tivoli Netcool/OMNIbus WebGUI CVE-2021-23926, CVE-2018-15494, CVE-2020-5258, CVE-2021-29425 and CVE-2020-11988. Vulnerability Details CVEID: CVE-2021-23926 DESCRIPTION: Apache XMLBeans is vulnerable to a denial of...

DLA-2693-1 xmlbeans - security update

Bulletin has no description...

Debian DLA-2693-1 : xmlbeans - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2693 advisory. The XML parsers used by XMLBeans did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include the possibility for XML Entity...

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ar.com.fdvs:DynamicJasper (=4.0.4) +5788 more potentially affected by CVE-2021-23926 via org.apache.xmlbeans:xmlbeans (>=2.2.0 <=2.6.0)

org.apache.xmlbeans:xmlbeans MAVEN version =2.2.0, =1.3, =1.10.2, =1.13.0, =1.0.1, =0.0.1, =1.1.8, =2.23.5, =2.23.5, =25.11.0 and more Source cves: CVE-2021-23926 Source advisory: OSV:GHSA-MW3R-PFMG-XP92...

Improper Restriction of Recursive Entity References in Apache XMLBeans

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0...

GHSA-MW3R-PFMG-XP92 Improper Restriction of Recursive Entity References in Apache XMLBeans

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0...

CVE-2021-23926

A flaw was found when parsing XML files using XMLBeans 2.6.0 or below. The underlying parser created by XMLBeans could be susceptible to XML External Entity XXE attacks. The highest threat from this vulnerability is to confidentiality and system availability. Mitigation Affected users are advised...

Apache Xmlbeans Input Validation Error Vulnerability

Apache Xmlbeans is the Apache Foundation , a software used to support Java and XMl format data to interact . Apache Xmlbeans up to version 2.6.0 suffers from an Input Validation Error vulnerability that stems from a failure to set an attribute required to protect a user from malicious XML input. ...

CVE-2021-23926

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0...

CVE-2021-23926

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0...

DEBIAN-CVE-2021-23926

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0...

CVE-2021-23926

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0...