Medium Severity
Security Bulletin: Insecure Use of InnerHTML or OuterHTML in IBM Enterprise Records
Sep 25, 2020 8:00 pm EDT
Categorized: Medium Severity
Share this post:
It also is the case that we internally create the text to go into the HTML, not an external entity.
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Enterprise Records | 5.2.1 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6337457
Security Bulletin: IBM Security Verify Bridge uses a hard-coded key to encrypt the client secret (CVE-2021-20442)
Mar 2, 2021 7:00 pm EST | Medium Severity
The obfuscation logic in IBM Security Verify Bridge (ISVB) relies on a hard-coded key to encrypt the client secret string. This means all ISVB users have the same encryption key. As of v1.0.5, ISVB has re-implemented its obfuscation logic so that each user gets assigned a unique key. ...read more
Security Bulletin: iOS Vulnerable Minimum OS Version Supported
Mar 2, 2021 7:00 pm EST | Medium Severity
IBM Maximo Anywhere is compatible on running on iOS version previous to iOS 10. ...read more
Security Bulletin: IBM InfoSphere Information Server is affected by a cross-site scripting vulnerability
Mar 2, 2021 7:00 pm EST | Medium Severity
A cross-site scripting vulnerability was addressed by IBM InfoSphere Information Server. ...read more