17 matches found
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.24 (RHSA-2026:4915)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4915 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.0.11 (RHSA-2025:22773)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22773 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...
RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.1.2 Security update (Moderate) (RHSA-2025:22188)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22188 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Ha...
RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.1.2 (RHSA-2025:22187)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22187 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Ha...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.2 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Security Bulletin: Due to the use of Eclipse JGit, IBM webMethods Integration is affected by denial of service, and other security issues.
Summary Eclipse JGit is used by IBM webMethods Integration in repository function CVE-2025-4949 Vulnerability Details CVEID:CVE-2025-4949 DESCRIPTION: In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implemen...
Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java and Node.js (CVE-2025-48924, CVE-2025-4949)
Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...
SUSE-SU-2025:02762-1 Security update for eclipse-jgit
This update for eclipse-jgit fixes the following issues: - CVE-2025-4949: Fixed the XXE vulnerability in ManifestParser and AmazonS3 class bsc1243647...
jgit-5.11.0-2.1 on GA media (moderate)
jgit-5.11.0-2.1 on GA media Announcement ID: openSUSE-SU-2025:15232-1 Rating: moderate Cross-References: CVE-2023-4759 CVE-2025-4949 CVSS scores: CVE-2023-4759 SUSE : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2025-4949 SUSE : 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N Affected...
SUSE CVE-2025-4949
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...
CVE-2025-4949 vulnerabilities
Vulnerabilities for packages: gradle, nextflow, apache-nifi-registry, wildfly, sonarqube-10, apicurio-registry, thingsboard...
ai.pipestream:quarkus-grpc-gatherer-deployment (>=0.1.0 <=0.1.1), ch.admin.bit.jeap:jeap-archrepo-importer-messagetype (>=1.10.0 <=1.23.0) +182 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.1.0.202411261347-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.1.0.202411261347-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - ai.pipestream:quarkus-grpc-gatherer-deployment =0.1.0, =1.10.0, =1.10.0,...
at.molindo:git-commit-id-plugin (=2.1.10-alpha-1), at.nonblocking:nonsnapshot-maven-plugin (=3.0.1) +4321 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (>=1.2.0.201112221803-r <=5.13.3.202401111512-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =1.2.0.201112221803-r, =2.0.0, =2.0.4, =0.1.1, =0.1.1, =2.0.0, =0.0.1, =0.2.8, =1.5.6 - br.com.sabium.gradle-bump:br.com.sabium.gradle-bump.gradle.plugin =1.0.1 and more Source cves: CVE-2025-4949 Source advisory: OSV:GHSA-VRPQ-QP53-QV56...
au.com.versent.jenkins.plugins:ignore-committer-strategy (>=37.v0d3157c4a_ef8 <=57.v0756db_b_f6926), ch.admin.bit.jeap:jeap-initializer (>=2.6.0 <=4.1.0) +224 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.0.0.202409031743-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.0.0.202409031743-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - au.com.versent.jenkins.plugins:ignore-committer-strategy =37.v0d3157c4aef8,...
CVE-2025-4949
A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues via parsing XML files...
CVE-2025-4949 XXE vulnerability in Eclipse JGit
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...
CVE-2025-4949
CVE-2025-4949 is an XXE vulnerability in Eclipse JGit (ManifestParser used by repo and AmazonS3 transport). IBM documentation links this CVE to IBM WebMethods Integration (on prem) 11.1 with fixes in 11.1 Fix 2 and related 2.0.3 components; IBM security pages list a remediation path via updating ...