Latest ibm cloud pak for business automation Vulnerabilities

CVE-2023-50959
IBM Cloud Pak for Business Automation information disclosure
IBM Cloud Pak for Business Automation=18.0.0
IBM Cloud Pak for Business Automation=18.0.1
IBM Cloud Pak for Business Automation=18.0.2
IBM Cloud Pak for Business Automation=19.0.1
IBM Cloud Pak for Business Automation=19.0.2
IBM Cloud Pak for Business Automation=19.0.3
and 10 more
CVE-2023-50947
IBM Business Automation Workflow cross-site scripting
IBM Business Automation Workflow>=19.0.0.1<=19.0.0.3
IBM Business Automation Workflow>=21.0.1<=21.0.3.1
IBM Business Automation Workflow=20.0.0.1
IBM Business Automation Workflow=20.0.0.1
IBM Business Automation Workflow=20.0.0.2
IBM Business Automation Workflow=20.0.0.2
and 62 more
CVE-2023-40691
IBM Cloud Pak for Business Automation information disclosure
IBM Cloud Pak for Business Automation=18.0.0
IBM Cloud Pak for Business Automation=18.0.2
IBM Cloud Pak for Business Automation=19.0.1
IBM Cloud Pak for Business Automation=19.0.3
IBM Cloud Pak for Business Automation=20.0.1
IBM Cloud Pak for Business Automation=20.0.3
and 48 more
IBM-7047198
IBM Cloud Pak for Business Automation<=V23.0.1 - V23.0.1-IF002
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF024
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF006 and later fixesV22.0.1 - V22.0.1-IF006 and later fixesV21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes
CVE-2023-35024
IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent...
IBM Cloud Pak for Business Automation<=V23.0.1 - V23.0.1-IF002
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF024
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF006 and later fixesV22.0.1 - V22.0.1-IF006 and later fixesV21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes
IBM Cloud Pak for Business Automation=18.0.0
IBM Cloud Pak for Business Automation=18.0.1
IBM Cloud Pak for Business Automation=18.0.2
and 11 more
CVE-2023-43642
### Summary snappy-java is a data compression library in Java. Its SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too-large chunk size....
maven/org.xerial.snappy:snappy-java<=1.1.10.3
redhat/snappy-java<1.1.10.4
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
IBM Cloud Pak for Business Automation<1.1.10.4
IBM-7030357
IBM Cloud Pak for Business Automation<=V23.0.1 - V23.0.1-IF001
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF023
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF006 and later fixes V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixes V21.0.1 - V21.0.1-IF007 and later fixes V20.0.1 - V20.0.3 and later fixes V19.0.1 - V19.0.3 and later fixes V18.0.0 - V18.0.2 and later fixes
CVE-2023-35899
IBM Cloud Pak for Automation CSV injection
IBM Cloud Pak for Business Automation<=V23.0.1 - V23.0.1-IF001
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF023
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF006 and later fixes V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixes V21.0.1 - V21.0.1-IF007 and later fixes V20.0.1 - V20.0.3 and later fixes V19.0.1 - V19.0.3 and later fixes V18.0.0 - V18.0.2 and later fixes
CVE-2023-33858
IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent...
IBM Cloud Pak for Business Automation<=V23.0.1 - V23.0.1-IF001
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF023
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF006 and later fixes V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixes V21.0.1 - V21.0.1-IF007 and later fixes V20.0.1 - V20.0.3 and later fixes V19.0.1 - V19.0.3 and later fixes V18.0.0 - V18.0.2 and later fixes
CVE-2023-38367
IBM Cloud Pak for Automation authentication bypass
IBM Cloud Pak for Business Automation<=V23.0.1
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF022
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF006 and later fixesV22.0.1 - V22.0.1-IF006 and later fixesV21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes
IBM-7015271
IBM Cloud Pak for Business Automation<=V23.0.1
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF022
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF006 and later fixesV22.0.1 - V22.0.1-IF006 and later fixesV21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes
CVE-2023-22041
An unspecified vulnerability in Java SE related to the VM component could allow a local attacker to cause high confidentiality impacts.
Oracle GraalVM=20.3.10
Oracle GraalVM=21.3.6
Oracle GraalVM=22.3.2
Oracle GraalVM for JDK=17.0.7
Oracle GraalVM for JDK=20.0.1
Oracle JDK=1.8.0-update371
and 30 more
CVE-2023-29406
Insufficient sanitization of Host header in net/http
Golang Go>=1.20.0<1.20.6
Golang Go<1.19.11
IBM Cloud Pak for Business Automation<=V23.0.1 - V23.0.1-IF002
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF024
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF006 and later fixesV22.0.1 - V22.0.1-IF006 and later fixesV21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes
redhat/golang<1.19.11
and 1 more
CVE-2023-35887
Apache MINA SSHD could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization validation by the RootedFilesystem. By sending a specially crafted reques...
Apache MINA>=1.0.0<2.10.0
Apache Sshd>=1.0.0<2.9.3
maven/org.apache.sshd:sshd-sftp>=1.0.0<2.9.3
maven/org.apache.sshd:sshd-common>=2.1.0<2.9.3
maven/org.apache.sshd:sshd-core>=1.0.0<2.1.0
redhat/apache-mina<2.10
and 3 more
CVE-2023-22045
An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts.
Oracle GraalVM=20.3.10
Oracle GraalVM=21.3.6
Oracle GraalVM=22.3.2
Oracle GraalVM for JDK=17.0.7
Oracle GraalVM for JDK=20.0.1
Oracle JDK=1.8.0-update371
and 39 more
CVE-2023-22036
An unspecified vulnerability in Java SE related to the Utility component could allow a remote attacker to cause low availability impacts.
redhat/java<11-openjdk-1:11.0.20.0.8-1.el7_9
redhat/java<17-openjdk-1:17.0.8.0.7-2.el8
redhat/java<11-openjdk-1:11.0.20.0.8-2.el8
redhat/java<11-openjdk-1:11.0.20.0.8-1.el8_1
redhat/java<11-openjdk-1:11.0.20.0.8-1.el8_2
redhat/java<11-openjdk-1:11.0.20.0.8-1.el8_4
and 41 more
CVE-2023-22006
An unspecified vulnerability in Java SE related to the Networking component could allow a remote attacker to cause low integrity impacts.
Oracle GraalVM=20.3.10
Oracle GraalVM=21.3.6
Oracle GraalVM=22.3.2
Oracle GraalVM for JDK=17.0.7
Oracle GraalVM for JDK=20.0.1
Oracle JDK=11.0.19
and 28 more
CVE-2023-32339
IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent...
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF004
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF020
IBM Cloud Pak for Business Automation<=V22.0.1 - V22.0.1-IF006 and later fixesV21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes
IBM Cloud Pak for Business Automation=18.0.0
IBM Cloud Pak for Business Automation=18.0.2
IBM Cloud Pak for Business Automation=19.0.1
and 58 more
IBM-6998727
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF004
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF020
IBM Cloud Pak for Business Automation<=V22.0.1 - V22.0.1-IF006 and later fixesV21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes
CVE-2023-26115
A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a spec...
Word-wrap Project Word-wrap
Word-wrap Project Word-wrap<1.2.4
npm/word-wrap<1.2.4
redhat/word-wrap<1.2.4
IBM Cloud Pak for Business Automation<=V23.0.1 - V23.0.1-IF001
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF023
and 1 more
CVE-2022-25883
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex us...
redhat/nodejs<18-9020020230825081254.rhel9
redhat/eap7-activemq-artemis<0:2.16.0-15.redhat_00049.1.el8ea
redhat/eap7-bouncycastle<0:1.76.0-4.redhat_00001.1.el8ea
redhat/eap7-hal-console<0:3.3.19-1.Final_redhat_00001.1.el8ea
redhat/eap7-hibernate<0:5.3.31-1.Final_redhat_00001.1.el8ea
redhat/eap7-ironjacamar<0:1.5.15-1.Final_redhat_00001.1.el8ea
and 52 more
CVE-2023-34455
## Summary Due to use of an unchecked chunk length, an unrecoverable fatal error can occur. ## Impact Denial of Service ## Description The code in the function [hasNextChunk](https://github.com/xerial...
maven/org.xerial.snappy:snappy-java<=1.1.10.0
redhat/snappy-java<1.1.10.1
IBM Cloud Pak for Business Automation<1.1.10.1
IBM Cloud Pak for Business Automation<=V23.0.1 - V23.0.1-IF001
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF023
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF006 and later fixes V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixes V21.0.1 - V21.0.1-IF007 and later fixes V20.0.1 - V20.0.3 and later fixes V19.0.1 - V19.0.3 and later fixes V18.0.0 - V18.0.2 and later fixes
CVE-2023-34454
## Summary Due to unchecked multiplications, an integer overflow may occur, causing an unrecoverable fatal error. ## Impact Denial of Service ## Description The function [compress(char[] input)](https...
maven/org.xerial.snappy:snappy-java<=1.1.10.0
redhat/snappy-java<1.1.10.1
IBM Cloud Pak for Business Automation<1.1.10.1
IBM Cloud Pak for Business Automation<=V23.0.1 - V23.0.1-IF001
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF023
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF006 and later fixes V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixes V21.0.1 - V21.0.1-IF007 and later fixes V20.0.1 - V20.0.3 and later fixes V19.0.1 - V19.0.3 and later fixes V18.0.0 - V18.0.2 and later fixes
CVE-2023-34453
## Summary Due to unchecked multiplications, an integer overflow may occur, causing a fatal error. ## Impact Denial of Service ## Description The function [shuffle(int[] input)](https://github.com/xer...
maven/org.xerial.snappy:snappy-java<=1.1.10.0
redhat/snappy-java<1.1.10.1
IBM Cloud Pak for Business Automation<1.1.10.1
IBM Cloud Pak for Business Automation<=V23.0.1 - V23.0.1-IF001
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF023
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF006 and later fixes V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixes V21.0.1 - V21.0.1-IF007 and later fixes V20.0.1 - V20.0.3 and later fixes V19.0.1 - V19.0.3 and later fixes V18.0.0 - V18.0.2 and later fixes
CVE-2023-32731
gRPC could allow a remote attacker to obtain sensitive information, caused by a flaw when gRPC HTTP2 stack raised a header size exceeded error. By sending a specially crafted request, an attacker coul...
Grpc Grpc>=1.53.0<1.55.0
rubygems/grpc<1.53.0
pip/grpcio<1.53.0
maven/io.grpc:grpc-protobuf<1.53.0
IBM Cloud Pak for Business Automation<=V23.0.1 - V23.0.1-IF001
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF023
and 1 more
CVE-2023-1428
gRPC is vulnerable to a denial of service. By sending a specially crafted header, an attacker could exploit this vulnerability to cause a denial of service.
Grpc Grpc>=1.51.0<1.53.0
IBM Cloud Pak for Business Automation<=V23.0.1 - V23.0.1-IF001
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF023
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF006 and later fixes V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixes V21.0.1 - V21.0.1-IF007 and later fixes V20.0.1 - V20.0.3 and later fixes V19.0.1 - V19.0.3 and later fixes V18.0.0 - V18.0.2 and later fixes
CVE-2023-32732
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disco...
Grpc Grpc<1.53.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
rubygems/grpc<1.53.0
pip/grpcio<1.53.0
maven/io.grpc:grpc-protobuf<1.53.0
and 3 more
CVE-2023-2597
Eclipse Openj9 is vulnerable to a buffer overflow, caused by improper bounds checking by the getCachedUTFString() function. By using specially crafted input, a local authenticated attacker could overf...
Eclipse Openj9<0.38.0
IBM Cloud Pak for Business Automation<=V23.0.1
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF022
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF006 and later fixesV22.0.1 - V22.0.1-IF006 and later fixesV21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes
CVE-2023-29159
### Summary When using `StaticFiles`, if there's a file or directory that starts with the same name as the `StaticFiles` directory, that file or directory is also exposed via `StaticFiles` which is a ...
pip/starlette>=0.13.5<0.27.0
IBM Cloud Pak for Business Automation>=0.13.5<0.27.0
CVE-2023-30441
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Forc...
Ibm Infosphere Information Server=11.7
IBM Java>=8.0.7.0<8.0.7.15
Ibm Websphere Application Server>=8.5.0.0<8.5.5.23
Ibm Websphere Application Server
Ibm Websphere Application Server=9.0.0.0
IBM Cloud Pak for Business Automation=1.1
and 1 more
CVE-2023-26022
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force I...
Ibm Db2>=11.1<11.1.4
Ibm Db2>=11.5<11.5.8
Ibm Db2=10.5
Ibm Db2=10.5-fp1
Ibm Db2=10.5-fp10
Ibm Db2=10.5-fp2
and 20 more
CVE-2023-26021
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT ...
Ibm Db2>=11.1<11.1.4
Ibm Db2>=11.5<11.5.8
Ibm Db2=11.1.4
Ibm Db2=11.1.4-fp1
Ibm Db2=11.1.4-fp2
Ibm Db2=11.1.4-fp3
and 8 more
CVE-2023-25930
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server...
Ibm Db2>=11.1<11.1.4
Ibm Db2>=11.5<11.5.8
Ibm Db2=10.5
Ibm Db2=10.5-fp1
Ibm Db2=10.5-fp10
Ibm Db2=10.5-fp2
and 20 more
CVE-2023-27555
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-For...
Ibm Db2>=11.1<11.1.4
Ibm Db2>=11.5<11.5.8
Ibm Db2=10.5
Ibm Db2=10.5-fp1
Ibm Db2=10.5-fp10
Ibm Db2=10.5-fp2
and 20 more
CVE-2023-29255
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Forc...
Ibm Db2>=11.1<11.1.4
Ibm Db2>=11.5<11.5.8
Ibm Db2=10.5
Ibm Db2=10.5-fp1
Ibm Db2=10.5-fp10
Ibm Db2=10.5-fp2
and 20 more
CVE-2023-29257
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write...
Ibm Db2>=11.1<11.1.4
Ibm Db2>=11.5<11.5.8
Ibm Db2=10.5
Ibm Db2=10.5-fp1
Ibm Db2=10.5-fp10
Ibm Db2=10.5-fp2
and 20 more
CVE-2023-2253
### Impact Systems that run `distribution` built after a specific commit running on memory-restricted environments can suffer from denial of service by a crafted malicious `/v2/_catalog` API endpoint...
go/github.com/docker/distribution<2.8.2-beta.1
debian/docker-registry<=2.6.2~ds1-2
ubuntu/docker-registry<2.8.2+
ubuntu/docker-registry<2.8.0+
ubuntu/docker-registry<2.8.1+
ubuntu/docker-registry<2.6.2~
and 9 more
CVE-2023-30798
Encode Starlette is vulnerable to a denial of service, caused by a flaw with accepting unlimited number of multipart parts in the python-multipart package in the MultipartParser. By sending a speciall...
IBM Cloud Pak for Business Automation<0.25.0
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF004
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF020
IBM Cloud Pak for Business Automation<=V22.0.1 - V22.0.1-IF006 and later fixesV21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes
CVE-2023-21968
An unspecified vulnerability in Oracle Java SE and GraalVM Enterprise Edition related to the Libraries component could allow an unauthenticated attacker to cause low integrity impact.
debian/openjdk-11<=11.0.16+8-1~deb10u1
debian/openjdk-17
debian/openjdk-20
debian/openjdk-8
IBM Cloud Pak for Business Automation<=V23.0.1
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF022
and 92 more
CVE-2023-21937
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Networking component could allow a remote attacker to cause integrity impact.
Oracle GraalVM=20.3.9
Oracle GraalVM=21.3.5
Oracle GraalVM=22.3.1
Oracle JDK=1.8.0-update361
Oracle JDK=11.0.18
Oracle JDK=17.0.6
and 92 more
CVE-2023-21938
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Libraries component could allow a remote attacker to cause integrity impact.
Oracle GraalVM=20.3.8
Oracle GraalVM=21.3.4
Oracle GraalVM=22.3.0
Oracle JDK=1.8.0-update361
Oracle JDK=11.0.18
Oracle JDK=17.0.6
and 92 more
CVE-2023-21939
An HTML validation flaw was found in the Swing component of OpenJDK. A specially crafted HTML document could cause a Swing Java application to misbehave leading to integrity problems.
Oracle GraalVM=20.3.9
Oracle GraalVM=21.3.5
Oracle GraalVM=22.3.1
Oracle JDK=1.8.0-update361
Oracle JDK=11.0.18
Oracle JDK=17.0.6
and 92 more
CVE-2023-21967
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow a remote attacker to cause high availability impact.
Oracle GraalVM=20.3.9
Oracle GraalVM=21.3.5
Oracle GraalVM=22.3.1
Oracle JDK=1.8.0-update361
Oracle JDK=11.0.18
Oracle JDK=17.0.6
and 92 more
CVE-2023-21954
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Hotspot component could allow a remote attacker to cause high confidentiality impact.
Oracle GraalVM=20.3.9
Oracle GraalVM=21.3.5
Oracle GraalVM=22.3.1
Oracle JDK=1.8.0-update361
Oracle JDK=11.0.18
Oracle JDK=17.0.6
and 90 more
CVE-2023-21930
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high confidentiality impact and high i...
Oracle GraalVM=20.3.9
Oracle GraalVM=21.3.5
Oracle GraalVM=22.3.1
Oracle JDK=1.8.0-update361
Oracle JDK=11.0.18
Oracle JDK=17.0.6
and 92 more
CVE-2023-22860
IBM Business Automation Workflow is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF001
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF017
IBM Cloud Pak for Business Automation<=V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes
IBM Cloud Pak for Business Automation=18.0.0
IBM Cloud Pak for Business Automation=18.0.2
IBM Cloud Pak for Business Automation=19.0.1
and 52 more
IBM-6958062
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF001
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF017
IBM Cloud Pak for Business Automation<=V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes
CVE-2023-24815
### Summary When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker c...
maven/io.vertx:vertx-web>=4.0.0<4.3.8
redhat/vertx-web<4.3.8
Eclipse Vert.x-Web>=4.0.0<4.3.8
IBM Cloud Pak for Business Automation<=V23.0.1 - V23.0.1-IF001
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF023
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF006 and later fixes V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixes V21.0.1 - V21.0.1-IF007 and later fixes V20.0.1 - V20.0.3 and later fixes V19.0.1 - V19.0.3 and later fixes V18.0.0 - V18.0.2 and later fixes
CVE-2023-23469
IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which ...
IBM Cloud Pak for Business Automation>=18.0.0<=20.0.3
IBM Cloud Pak for Business Automation=21.0.1
IBM Cloud Pak for Business Automation=21.0.1-interim_fix_001
IBM Cloud Pak for Business Automation=21.0.1-interim_fix_002
IBM Cloud Pak for Business Automation=21.0.1-interim_fix_003
IBM Cloud Pak for Business Automation=21.0.1-interim_fix_004
and 24 more
CVE-2022-25881
Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially-crafted regex input using request header...
redhat/nodejs<18-9020020230327152102.rhel9
redhat/nodejs<1:16.19.1-1.el9_2
redhat/nodejs<1:16.20.2-1.el9_0
redhat/rh-nodejs14<0:3.6-2.el7
redhat/rh-nodejs14-nodejs<0:14.21.3-2.el7
IBM Cloud Pak for Business Automation<4.1.1
and 2 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203