Lucene search
K

14 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 2:13 p.m.9 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use Apache CXF

Summary Due to use of Apache CXF, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10...

7.5CVSS5.7AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 11:8 a.m.7 views

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-48795 CVE-2025-48913)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerabilities Vulnerability Details CVEID:CVE-2025-48795 DESCRIPTION: Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the...

9.8CVSS7.1AI score0.00793EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 9:40 a.m.18 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses cxf-core-3.6.5.jar which is vulnerable to CVE-2025-48795.

Summary IBM Maximo Application Suite - Monitor Component uses cxf-core-3.6.5.jar which is vulnerable to CVE-2025-48795. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48795 DESCRIPTION: Apache CXF stores large stream based...

5.6CVSS6.4AI score0.00624EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/21 12:47 p.m.8 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Information Disclosure (CVE-2025-48795)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure vulnerability. Please apply the remediated versions described below. Vulnerability Details CVEID:CVE-2025-48795 DESCRIPTION: Apache CXF stores large stream based messages as temporary files...

5.6CVSS6AI score0.00624EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/10/23 7:27 p.m.2 views

MAL-2025-48795 Malicious code in bybit-refund (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Wolfi
Wolfi
added 2025/07/21 1:47 p.m.9 views

CVE-2025-48795 vulnerabilities

Vulnerabilities for packages: apache-tika, wildfly...

5.6CVSS6.7AI score0.00624EPSS
Exploits0
Chainguard
Chainguard
added 2025/07/21 1:17 p.m.7 views

CVE-2025-48795 vulnerabilities

Vulnerabilities for packages: wildfly, wso2is, apache-tika...

5.6CVSS6.7AI score0.00624EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/07/15 3:31 p.m.10 views

com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.3.0), cv.igrp:igrp-core (=2.0.0.250321-GA) +416 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (=4.1.0)

org.apache.cxf:cxf-core MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf:cxf-core and may be impacted: - com.codbex.atlas:codbex-atlas-application =1.1.0, =4.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0...

5.6CVSS6.6AI score0.00624EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/07/15 3:31 p.m.14 views

ai.idylnlp:idylnlp-nlp-language-detection-tika (>=1.0.0 <=1.1.0), ai.stainless:grails-tika (=0.1.0) +2893 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (>=3.0.0-milestone1 <=3.5.10)

org.apache.cxf:cxf-core MAVEN version =3.0.0-milestone1, =1.0.0, =11.4-37, =3.6.1, =3.11.0, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.1.0.RELEASE - cloud.testload:jmeter-clickhouse-listener =2.00 and more Source cves: CVE-2025-48795 Source...

5.6CVSS6.7AI score0.00624EPSS
Exploits0
NVD
NVD
added 2025/07/15 3:15 p.m.9 views

CVE-2025-48795

Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory...

5.6CVSS0.00624EPSS
Exploits0References2
OSV
OSV
added 2025/07/15 2:26 p.m.2 views

CVE-2025-48795 Apache CXF: Denial of Service and sensitive data exposure in logs

Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory...

5.6CVSS6.6AI score0.00624EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/15 2:26 p.m.8 views

CVE-2025-48795 Apache CXF: Denial of Service and sensitive data exposure in logs

Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory...

0.00624EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/07/15 2:26 p.m.11 views

com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.3.0), cv.igrp:igrp-core (=2.0.0.250321-GA) +416 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (=4.1.0)

org.apache.cxf:cxf-core MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf:cxf-core and may be impacted: - com.codbex.atlas:codbex-atlas-application =1.1.0, =4.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0...

5.6CVSS6.6AI score0.00624EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/07/15 2:26 p.m.9 views

com.axonivy.ivy.tool.soap:cxf-client-codegen (=1.0.0), cv.igrp:igrp-core (>=1.7.3.230801 <=1.7.3.230802) +378 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (>=3.6.0 <=3.6.5)

org.apache.cxf:cxf-core MAVEN version =3.6.0, =1.7.3.230801, =3.0-M3, =3.0-M3, =3.0-M3, =3.0-M3, =2.0, =4.4.6.hyte-24270, =4.4.6.hyte-24270, =4.4.6.hyte-24270, =4.4.6.hyte-24270, =3.0.5, =3.0.6 - net.tirasa.connid.bundles:net.tirasa.connid.bundles.servicenow =1.0.4 and more Source cves:...

5.6CVSS6.6AI score0.00624EPSS
Exploits0
Rows per page
Query Builder