5 matches found
Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.
Summary IBM DevOps Release 7.0.0.6 addresses multiple vulnerabilities related to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for February 2025.
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 25.0.0-IF004. Vulnerability Details CVEID:CVE-2025-8869 DESCRIPTION: When extracting a tar archive pip may not check symbolic lin...
Security Bulletin: Vulnerabilities in Eclipse Jersey might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Eclipse Jersey. Vulnerability include a race condition can cause ignoring of critical SSL configurations which could lead to unauthorized trust in insecure servers as described by the CVEs in the "Vulnerabilit...
ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), com.amazon.deequ:deequ (>=2.0.14-spark-4.0 <=2.0.15-spark-4.0) +331 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (=3.0.16)
org.glassfish.jersey.core:jersey-client MAVEN version =3.0.16 is affected by a known vulnerability. The following packages have a transitive dependency on org.glassfish.jersey.core:jersey-client and may be impacted: - ai.catboost:catboost-spark4.02.13 =1.2.10 - com.amazon.deequ:deequ...
com.axonivy.ivy.webtest:web-tester (>=12.0.1 <=13.1.0), com.exasol:extension-manager-client-java (>=0.5.13 <=0.5.16) +390 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (=2.45)
org.glassfish.jersey.core:jersey-client MAVEN version =2.45 is affected by a known vulnerability. The following packages have a transitive dependency on org.glassfish.jersey.core:jersey-client and may be impacted: - com.axonivy.ivy.webtest:web-tester =12.0.1, =0.5.13, =0.5.13, =1.6.0, =2.2.19,...