Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to commons-io

Summary IBM webMethods BPM uses commons-io to simplify file and stream handling operations within the application, such as reading, writing, and manipulating files and input/output streams. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: In Apache Commons IO before 2.7, When invoking the...

Security Bulletin: Common vulnerabilities addressed in Cloudera Observability 3.6.2

Summary Security Bulletin: Common vulnerabilities addressed in Cloudera Observability 3.6.2 Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested...

CVE-2021-29425 vulnerabilities

Vulnerabilities for packages: druid...

CVE-2021-29425 vulnerabilities

Vulnerabilities for packages: druid...

CVE-2025-29425

CVE-2025-29425 affects Code-projects Online Class and Exam Scheduling System 1.0. The vulnerability is a SQL injection in exam_save.php exploited through the parameters member and first . The issue originates from unsafely constructed SQL statements in those inputs, enabling an attacker to influe...

Security Bulletin: IBM QRadar SIEM protocols are vulnerable to information exposure and denial of service (CVE-2021-29425)

Summary Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation in the FileNameUtils.normalize method. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories...

Splunk Enterprise 9.0.0 < 9.0.9, 9.1.0 < 9.1.4, 9.2.0 < 9.2.1 (SVD-2024-0718)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0718 advisory. - jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted objec...

ROS-2-1185

2.1185 Directory traversal in Apache Commons IO CVE-2021-29425 1. Vulnerability Description: The vulnerability allows a remote attacker to perform directory traversal attacks. The vulnerability exists due to an input validation error in the FileNameUtils.normalize method when processing directory...

ROS-2-1233

2.1233 Directory traversal in Apache Commons IO CVE-2021-29425 1. Vulnerability Description: The vulnerability allows a remote attacker to perform directory traversal attacks. The vulnerability exists due to an input validation error in the FileNameUtils.normalize method when processing directory...

CVE-2021-29425

creationtimestamp| type| source ---|---|--- 2024-02-09 15:26:55+00:00| seen| https://t.me/ctinow/182066 2024-02-10 13:11:15+00:00| seen| https://t.me/ctinow/182546 2024-10-10 18:38:59+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/4018 2025-08-18 21:02:44+00:00| seen|...

Apache Commons IO Vulnerability (CVE-2021-29425)

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path...

Security Bulletin: IBM Jazz Reporting Service is vulnerable to a remote attacker to traverse directories due to Apache Commons IO (CVE-2021-29425)

Summary A vulnerability has been identified in the Apache Commons IO library, which is included in IBM® Jazz Reporting Service. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse...

CVE-2023-29425 WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.23 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin = 4.9.23 versions...

Security Bulletin: Vulnerability in Apache Commons IO affect IBM Engineering Lifecycle Optimization - Publishing

Summary Apache Commons IO is used by IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normaliz...

Security Bulletin: Vulnerability found in commons-io-1.3.1.jar which is shipped with IBM® Intelligent Operations Center(CVE-2021-29425)

Summary Vulnerability have been identified in commons-io-1.3.1.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

Oracle WebCenter Sites (Jul 2023 CPU)

The 12.2.1.4.0 version of WebCenter Sites installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites XStream. The supported version...

Security Bulletin: Vulberability in Apache commons io library affects IBM Engineering Test Management (ETM) (CVE-2021-29425)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by...

Medium: apache-commons-io

Issue Overview: In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus...

WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.23 is vulnerable to Cross Site Request Forgery (CSRF)

Software ShiftController Employee Shift Scheduling Type Plugin Vulnerable versions = 4.9.23 Fixed in 4.9.24 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-29425 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID df5a54e81f4f...

Security Bulletin: Vulnerability in commons-io affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2021-29425]

Summary Commons-io package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2021-29425. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the syste...