Lucene search
K

26 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 2:13 p.m.9 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use Apache CXF

Summary Due to use of Apache CXF, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10...

7.5CVSS5.7AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 7:41 a.m.8 views

Security Bulletin: IBM Maximo Application Suite uses WebSphere Application Server Liberty V.25.0.0.2, flask-3.1.0-py3-none-any.whl form-data-2.5.1.tgz and golang.org/x/net which is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite uses WebSphere Application Server Liberty V.25.0.0.2, flask-3.1.0-py3-none-any.whl form-data-2.5.1.tgz and golang.org/x/net which is vulnerable to CVE-2025-36097, CVE-2025-7783, CVE-2025-25193, CVE-2025-47278, CVE-2025-23184, CVE-2025-22872 and CVE-2024-56339...

9.4CVSS6.6AI score0.01941EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:12 p.m.4 views

Security Bulletin: Multiple security vulnerabilities in WebSphere Liberty may affect IBM Business Automation Workflow - CVE-2025-25193, CVE-2025-23184

Summary IBM Business Automation Workflow traditional includes optional components running on WebSphere Liberty: User Management Service and Process Federation Service. IBM Business Automation Workflow on Containers builds upon WebSphere Liberty. Multiple security vulnerabilies have been reported...

7.5CVSS6.9AI score0.01941EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 8:44 a.m.2 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...

7.5CVSS6.8AI score0.01941EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/02 3:26 p.m.11 views

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to improper access control due to Apache Commons BeanUtils (CVE-2025-23184)

Summary Apache Commons BeanUtils is shipped with IBM Tivoli Business Service Manager as part of its backend process to handle Java Beans. Information about a security vulnerability affecting Apache Commons BeanUtils has been published in a security bulletin. Vulnerability Details...

8.8CVSS6.8AI score0.01941EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/02 2:50 p.m.5 views

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to denial of service attack due to Apache CXF (CVE-2025-23184)

Summary Apache CXF is shipped with IBM Tivoli Business Service Manager as part of the web services framework. Information about a security vulnerability affecting Apache CXF has been published in a security bulletin. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of...

7.5CVSS5.3AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 8:7 p.m.5 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to a Denial of Service (CVE-2025-23184) due to the use of WebSphere Application Server Liberty

Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service associated with the use of WebSphere Application Server Liberty CVE-2025-23184, which is used in its Management Interface. Under certain rare conditions, CachedOutputStream instances may not close properly. If these...

7.5CVSS7AI score0.01941EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:27 p.m.7 views

Security Bulletin: Denial of service vulnerability in IBM WebSphere Application Server Liberty affects IBM Storage Protect Operations Center (CVE-2025-23184).

Summary IBM Storage Protect Operations Center is affected by denial of service due to Apache CXF used by IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10...

7.5CVSS5.6AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/19 5:35 a.m.17 views

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities (CVE-2024-53677, CVE-2025-23184)

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-53677 DESCRIPTION: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this ca...

9.8CVSS8.2AI score0.78198EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 9:0 a.m.13 views

Security Bulletin: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed, (CVE-2025-23184) affects IBM PowerVM Novalink.

Summary A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system it applies to servers and clients. IBM...

7.5CVSS5.6AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/12 6:1 p.m.9 views

Security Bulletin: IBM Data Product Hub is affected by several vulnerabilities

Summary IBM Data Product Hub has a dependency on IBM WebSphere Application Server Liberty, which is vulnerable. This bulletin contains information regarding the vulnerabilities and their fixture. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability i...

7.5CVSS8.8AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/03 11:13 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component in IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)

Summary IBM Maximo Application Suite - Monitor Component IBM in WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF CVE-2025-23184. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-23184...

7.5CVSS7.4AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/29 7:30 a.m.13 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cxf-core-3.5.5.jar, cxf-core-4.0.5.jar CVE-2025-23184

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cxf-core-3.5.5.jar, cxf-core-4.0.5.jar CVE-2025-23184. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service...

7.5CVSS6.5AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/21 3:0 p.m.13 views

Security Bulletin: There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms (CVE-2025-23184).

Summary There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms CVE-2025-23184. An update to IBM TXSeries for Multiplatforms has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2025-231...

7.5CVSS7.3AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/21 2:55 p.m.11 views

Security Bulletin: There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM CICS TX Standard (CVE-2025-23184).

Summary There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM CICS TX Standard CVE-2025-23184. An update to IBM CICS TX Standard has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A...

7.5CVSS7.3AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/21 2:51 p.m.12 views

Security Bulletin: There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2025-23184).

Summary There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2025-23184. An update to IBM CICS TX Advanced has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A...

7.5CVSS7.3AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/15 8:36 p.m.18 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache CXF (CVE-2025-23184)

Summary A vulnerability in Apache CXF that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the...

7.5CVSS6.5AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/10 10:9 a.m.16 views

Security Bulletin: IBM Maximo Application Suite - IoT uses cxf-core-3.6.4.jar which is vulnerable to CVE-2025-23184.

Summary IBM Maximo Application Suite uses cxf-core-3.6.4.jar which is vulnerable to CVE-2025-23184. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in...

7.5CVSS6.8AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:55 p.m.14 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)

Summary There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty with the jaxws-2.2, xmlWS-3.0 or xmlWS-4.0 feature enabled. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of...

7.5CVSS6.8AI score0.01941EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.44 views

Apache CXF < 3.5.10 , 3.6.x < 3.6.5, 4.0.x < 4.0.6 DoS

In versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6, a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory. Note that Nessus has not...

7.5CVSS6.4AI score0.01941EPSS
Exploits0References2
Rows per page
Query Builder