14 matches found
Security Bulletin: DevOps Test Performance contains a vulnerability related to use Apache CXF
Summary Due to use of Apache CXF, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10...
Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-48795 CVE-2025-48913)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerabilities Vulnerability Details CVEID:CVE-2025-48795 DESCRIPTION: Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses cxf-core-3.6.5.jar which is vulnerable to CVE-2025-48795.
Summary IBM Maximo Application Suite - Monitor Component uses cxf-core-3.6.5.jar which is vulnerable to CVE-2025-48795. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48795 DESCRIPTION: Apache CXF stores large stream based...
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Information Disclosure (CVE-2025-48795)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure vulnerability. Please apply the remediated versions described below. Vulnerability Details CVEID:CVE-2025-48795 DESCRIPTION: Apache CXF stores large stream based messages as temporary files...
MAL-2025-48795 Malicious code in bybit-refund (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2025-48795 vulnerabilities
Vulnerabilities for packages: apache-tika, wildfly...
CVE-2025-48795 vulnerabilities
Vulnerabilities for packages: wildfly, wso2is, apache-tika...
com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.3.0), cv.igrp:igrp-core (=2.0.0.250321-GA) +416 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (=4.1.0)
org.apache.cxf:cxf-core MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf:cxf-core and may be impacted: - com.codbex.atlas:codbex-atlas-application =1.1.0, =4.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0...
ai.idylnlp:idylnlp-nlp-language-detection-tika (>=1.0.0 <=1.1.0), ai.stainless:grails-tika (=0.1.0) +2893 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (>=3.0.0-milestone1 <=3.5.10)
org.apache.cxf:cxf-core MAVEN version =3.0.0-milestone1, =1.0.0, =11.4-37, =3.6.1, =3.11.0, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.1.0.RELEASE - cloud.testload:jmeter-clickhouse-listener =2.00 and more Source cves: CVE-2025-48795 Source...
CVE-2025-48795
Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory...
CVE-2025-48795 Apache CXF: Denial of Service and sensitive data exposure in logs
Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory...
CVE-2025-48795 Apache CXF: Denial of Service and sensitive data exposure in logs
Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory...
com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.3.0), cv.igrp:igrp-core (=2.0.0.250321-GA) +416 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (=4.1.0)
org.apache.cxf:cxf-core MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf:cxf-core and may be impacted: - com.codbex.atlas:codbex-atlas-application =1.1.0, =4.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0...
com.axonivy.ivy.tool.soap:cxf-client-codegen (=1.0.0), cv.igrp:igrp-core (>=1.7.3.230801 <=1.7.3.230802) +378 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (>=3.6.0 <=3.6.5)
org.apache.cxf:cxf-core MAVEN version =3.6.0, =1.7.3.230801, =3.0-M3, =3.0-M3, =3.0-M3, =3.0-M3, =2.0, =4.4.6.hyte-24270, =4.4.6.hyte-24270, =4.4.6.hyte-24270, =4.4.6.hyte-24270, =3.0.5, =3.0.6 - net.tirasa.connid.bundles:net.tirasa.connid.bundles.servicenow =1.0.4 and more Source cves:...