Security Bulletin: IBM Sterling Global Mailbox vulnerable to sensitive information exposure due to Jackson Data Mapper (CVE-2019-10172)

Summary Data mapper for Jackson is shipped with IBM Sterling Global Mailbox. Sensitive information exposure due to XXE error impacts Data mapper for Jackson. Remediation is available for the issues. Vulnerability Details CVEID: CVE-2019-10172 DESCRIPTION: Jackson-mapper-asl could allow a remote...

Security Bulletin: Apache Wink as used by IBM Disconnected Log Collector is vulnerable to an XML External Entity Error (XXE) (CVE-2010-2245)

Summary Apache Wink as used by IBM Disconnected Log Collector is vulnerable to an XML External Entity Error XXE Vulnerability Details CVEID: CVE-2010-2245 DESCRIPTION: Apache Wink could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when...

Security Bulletin: Android Mobile SDK compile builder includes vulnerable components

Summary A third party JSON parser that Android Mobile SDK uses include vulnerable components. The JSON parser is included in the compile builder provided to customers to compile their Mobile SDK manifest. It is not included within customer apps. Vulnerability Details CVEID: CVE-2018-7489...

Security Bulletin: IBM InfoSphere Change Data Capture is affected by an Apache Derby open source library vulnerability (CVE-2015-1832)

Summary IBM InfoSphere Change Data Capture has addressed the following vulnerability: CVE-2015-1832 - Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML datatype and XmlVTI. An attacker could...

Security Bulletin: Vulnerabilities in OpenSource Spring Source/Pivotal Spring Framework affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2013-7315, CVE-2013-4152, CVE-2014-0054)

Summary There are a number of potential security vulnerabilities in OpenSource Spring Source/Pivotal Spring Framework, that is used by IBM Tivoli Netcool Configuration Manager ITNCM. Vulnerability Details CVEID: CVE-2013-7315 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to...

Security Bulletin: Vulnerability in Apache Batik affects IBM Maximo Asset Management (CVE-2017-5662)

Summary Apache Batik used by IBM Maximo Asset Management could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data. By using a specially-crafted SVG file, a remote attacker could exploit this vulnerability to...

Security Bulletin: Jazz for Service Management is affected by Open Source Apache ActiveMQ vulnerability - Reported in 02/05/2015 X-Force Report

Summary Jazz for Service Management JazzSM bundles the Open Source Apache ActiveMQ jar files for use by the underlying DASH/TWL Component and a vulnerability was reported related to the jar used Vulnerability Details CVEID: CVE-2014-3600 DESCRIPTION: Apache ActiveMQ could allow a remote attacker ...

Security Bulletin: Vulnerability in Apache Derby affects IBM Cúram Social Program Management (CVE-2015-1832)

Summary IBM Cúram Social Program Management uses the Apache Derby Library. Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML datatype and XmlVTI. An attacker could exploit this vulnerability to...

Security Bulletin: Apache POI as used in IBM QRadar SIEM is vulnerable to a denial of service. (CVE-2017-5644)

Summary Open Source Apache Poi Vulnerability Vulnerability Details CVEID: CVE-2017-5644 DESCRIPTION: Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection XXE error when processing XML data. By using a specially-crafted OOXML file, a remote attacker could...

Security Bulletin: IBM Security Access Manager appliances are affected by an XML External Entity Injection vulnerability (CVE-2016-3027)

Summary IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. Vulnerability Details CVEID: CVE-2016-3027 DESCRIPTION: IBM Security Access Manager for Web is vulnerable to a denial of service, caused...

Security Bulletin: IBM Forms Experience Builder could be susceptible to Apache POI Vulnerabilities

Summary IBM Forms Experience Builder could be susceptible to allowing for a denial of service, cause by an error in Apache POI Libraries Vulnerability Details CVEID: CVE-2014-3574 DESCRIPTION: Apache POI is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error wh...

Security Bulletin: IBM OpenPages GRC Platform has addressed multiple Apache POI vulnerabilities (CVE-2017-5644, CVE-2016-5000, CVE-2014-3574)

Summary IBM OpenPages GRC Platform has addressed potential security exposure due to multiple vulnerabilities in Apache POI library. Vulnerability Details CVE-ID: CVE-2017-5644 Description: Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection XXE error when...

CVE-2016-2908

CVE-2016-2908 is a XML External Entity (XXE) vulnerability affecting IBM Security products. IBM security advisories and IBM/Tivoli bulletins show that the flaw arises from XML parsing in affected components, enabling a remote attacker to read arbitrary files or cause a denial of service. Affected...