Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DataGrid component. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Tag: IBM
ASA-2019-00254 – IBM Planning Analytics: OpenJDK did not ensure that the same endpoint identification algorithm was used during TLS session resumption
A vulnerability related to the Java SE Embedded JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. Java Secure Socket Extension (JSSE) implementation in OpenJDK did not ensure that the same endpoint identification algorithm was used during TLS session resumption as during initial session setup. An attacker could use this to expose sensitive information.
ASA-2019-00253 – IBM Planning Analytics: Cross-Site Scripting (XSS) vulnerability
IBM Planning Analytics is vulnerable to Cross-Site Scripting (XSS). This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
ASA-2019-00252 – IBM Planning Analytics: Apache Derby XML External Entity (XXE) information disclosure
Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML datatype and XmlVTI. An attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service.
ASA-2019-00251 – IBM Planning Analytics: Bouncy Castle CBC information disclosure
Bouncy Castle could allow a remote attacker to obtain sensitive information, caused by the exposure of timing differences during padding check verification by the CBC ciphersuite of the Transport Layer Security (TLS) implementation. An attacker could exploit this vulnerability using a timing attack to recover the original plaintext and obtain sensitive information.
ASA-2019-00250 – IBM Rational Engineering Lifecycle Manager: Use weaker than expected cryptographic algorithms
IBM Rational Engineering Lifecycle Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
ASA-2019-00249 – IBM Sterling B2B Integrator Standard Edition: Multiple Cross-Site Scripting (XSS) Vulnerabilities
IBM Sterling B2B Integrator Standard Edition is vulnerable to Cross-Site Scripting (XSS). This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
ASA-2019-00248 – IBM Sterling B2B Integrator Standard Edition: Multiple Cross-Site Scripting (XSS) Vulnerabilities
IBM Sterling B2B Integrator Standard Edition is vulnerable to Cross-Site Scripting (XSS). This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.