Security Bulletin: Vulnerabilities in FasterXML affects IBM Common Licensing’s Administration And Reporting Tool (ART) and its Agent (217968, CVE-2020-36518)
## Summary Security Vulnerablities have been addressed in IBM Common Licensing. Faster-XML Jackson is a JSON to Java object conversion API (217968, CVE-2020-36518). A fix is available to address the v ...
Continue Reading
January 04, 2023
Security Bulletin: B2B API of IBM Sterling B2B Integrator vulnerable to multiple issues due to CKEditor
## Summary IBM Sterling B2B Integrator has addressed the CKEditor security vulnerabilities in B2B API. ## Vulnerability Details ** CVEID: **[CVE-2021-32808]() ** DESCRIPTION: **CKEditor is vulnerable ...
Continue Reading
January 03, 2023
CVE-2022-43438
The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access rest ...
Continue Reading
January 03, 2023
CVE-2022-40740
Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execu ...
Continue Reading
January 03, 2023
CVE-2022-43436
The File Upload function of EasyTest has insufficient filtering for special characters and file type. A remote attacker authenticated as a general user can upload and execute arbitrary files, to manip ...
Continue Reading
January 03, 2023
CVE-2022-46304
ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the componen ...
Continue Reading
January 03, 2023
CVE-2022-43437
The Download functionâs parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or d ...
Continue Reading
January 03, 2023
CVE-2022-46306
ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious we ...
Continue Reading
January 03, 2023
CVE-2022-39040
aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.Read ...
Continue Reading
January 03, 2023
CVE-2022-43438
The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access rest ...
Continue Reading
January 03, 2023
