Security Bulletin: A vulnerability in grpc affects IBM Robotic Process Automation and may result in unexpected results (CVE-2025-47907).

Summary A vulnerability in grpc affects IBM Robotic Process Automation and may result in unexpected results CVE-2025-47907. grpc is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes required to address this vulnerability. Vulnerability Details...

CVE-2024-45537

Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide...

CVE-2024-45384

Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not usin...

PT-2024-31590 · Apache · Apache Druid

Name of the Vulnerable Software and Affected Versions: Apache Druid versions 0.18.0 through 30.0.0 Description: The issue is a Padding Oracle vulnerability in the Apache Druid extension, druid-pac4j, which could allow an attacker to manipulate a pac4j session cookie. Since the druid-pac4j extensi...