21229 matches found
CVE-2025-24907 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal
Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...
CVE-2025-24908
The CVE affects Hitachi Vantara Pentaho Data Integration & Analytics, prior to version 10.2.0.2 (including 9.3.x and 8.3.x). The root cause is that the UploadFile input used to build file paths is not properly sanitized against sequences like '.../...//', allowing a path traversal outside the res...
CVE-2025-24908 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal
Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...
CVE-2025-24908 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal
Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...
Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities
Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because...
Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using...
Medium: pcs
Issue Overview: Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This...
PT-2025-16914 · Hitachi Vantara · Hitachi Vantara Pentaho Data Integration & Analytics
Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.2, including 9.3.x and 8.3.x Description: The product uses external input to construct a pathname that should be within a restricted directory, but it does not...
Medium: pcs
Issue Overview: Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This...
PT-2025-33358
Name of the Vulnerable Software and Affected Versions: Spring Framework MVC applications affected versions not specified Description: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. This issue occurs when...
Closing the Security Gap From Threat Hunting to Detection Engineering
Closing the Security Gap From Threat Hunting to Detection Engineering By Ilya Kolmanovich, Alejandro Houspanossian, Joe Malenfant and Tomer Shloman · April 16, 2025 In today's rapidly evolving AI-fueled threat landscape, every organization is trying to stop threats as early as possible. Threat...
Arbitrary File Read
Overview mysql-connector-python is a MySQL driver written in Python which does not depend on MySQL C client libraries and implements the DB API v2.0 specification PEP-249. Affected versions of this package are vulnerable to Arbitrary File Read when executing LOCAL INFILE statements due to imprope...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519...
Security Bulletin: Multiple vulnerabilities found in IBM EntireX.
Summary IBM EntireX has been updated in order to address multiple vulnerabilities. Vulnerability Details CVEID:CVE-2024-56812 DESCRIPTION: IBM EntireX could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in...
Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: jshttp cooki...
Security Bulletin: IBM Cognos Controller is affected by vulnerabilities
Summary There are vulnerabilities in IBM® Java™, IBM® Websphere Application Server Liberty and Open-Source Software OSS components used by IBM Cognos Controller. Additionally, IBM Cognos Controller has addressed vulnerabilities that could lead to Cross-Site Scripting XSSCVE-2024-28776, XML Extern...
Security Bulletin: IBM OpenPages fixes multiple vulnerabilities
Summary Multiple vulnerabilities with IBM OpenPages have been addressed in the latest IBM OpenPages fixpacks for both 9.0 and 8.3 versions. Vulnerability Details CVEID:CVE-2024-49355 DESCRIPTION: IBM OpenPages may write improperly neutralized data to server log files when the tracing is enabled p...
Security Bulletin: Vulnerability in restricted bash environment (CVE-2024-56477) affects Power HMC.
Summary The restricted bash environment is enabled in Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-56477 DESCRIPTION: IBM Hardware Management Console - Power could allow an authenticated user to traverse directories on the syste...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.8 LTS and 12.8.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rack-2.0.7.gem
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of rack-2.0.7.gem Vulnerability Details CVEID:CVE-2022-44572 DESCRIPTION: Rack is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the multipart parsing component...