IBM Sterling B2B Integrator Standard Edition 188.8.131.52 through 184.108.40.206 and 220.127.116.11 through 18.104.22.168 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230824.
IBM Cloud Pak for Security (CP4S) 22.214.171.124 through 126.96.36.199 and IBM QRadar Suite Software 188.8.131.52 through 184.108.40.206could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665.
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.��
In details, in ActiveMQ configurations, jetty allows
org.jolokia.http.AgentServlet to handler request to /api/jolokia
org.jolokia.http.HttpRequestHandler#handlePostRequest is able to
create JmxRequest through JSONObject. And calls to
Into deeper ca ...
OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution ...