Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)
On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]
Security Bulletin: jackson-databind (Publicly disclosed vulnerability) found in Network Performance Insight (CVE-2019-14892, CVE-2019-14893)
Aug 4, 2020 8:01 pm EDT | Critical Severity
jackson-databind (Publicly disclosed vulnerability) found in Network Performance Insight (CVE-2019-14892, CVE-2019-14893) ...read more
Security Bulletin: CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name
Aug 4, 2020 8:01 pm EDT | Medium Severity
CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name ...read more
Security Bulletin: CVE-2020-4481 HTTP properties vulnerable to an XXE attack
Aug 4, 2020 8:01 pm EDT | High Severity
HTTP properties are vulnerable to an XXE attack. This could allow files from the server host to be extracted. ...read more
Security Bulletin: vulnerabilities in in IBM® Runtime Environment Java™ Version 8 affect IBM WIoTP MessageGateway (CVE-2020-2805, CVE-2020-2803, CVE-2020-2781, CVE-2020-2755, CVE-2020-2754)
Aug 4, 2020 8:01 pm EDT | High Severity
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 that affect IBM WIoTP MessageGateway ...read more
Security Bulletin: CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan
Aug 4, 2020 8:00 pm EDT | High Severity
CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan ...read more
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js http-proxy module denial of service
Aug 4, 2020 8:00 pm EDT | High Severity
Node.js http-proxy module is vulnerable to a denial of service. By sending a specially crafted HTTP request with an overly long body, a remote attacker could exploit this vulnerability to trigger an ERR_HTTP_HEADERS_SENT unhandled exception and crash the server. ...read more
Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition
Aug 4, 2020 8:00 pm EDT | Medium Severity
CVE-2019-2949 was disclosed in the Oracle October 2019 Critical Patch Update ...read more
Security Bulletin: CVE-2015-5254 Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker
Aug 4, 2020 8:00 pm EDT | High Severity
CVE-2015-5254 Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. ...read more
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11.
Aug 4, 2020 8:00 pm EDT | Medium Severity
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by IBM Integration Bus & IBM App Connect Enterprise v11. These issues were disclosed as part of the IBM Java SDK updates in April 2020. ...read more