26 matches found
Security Bulletin: DevOps Test Performance contains a vulnerability related to use Apache CXF
Summary Due to use of Apache CXF, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10...
Security Bulletin: IBM Maximo Application Suite uses WebSphere Application Server Liberty V.25.0.0.2, flask-3.1.0-py3-none-any.whl form-data-2.5.1.tgz and golang.org/x/net which is vulnerable to multiple CVEs
Summary IBM Maximo Application Suite uses WebSphere Application Server Liberty V.25.0.0.2, flask-3.1.0-py3-none-any.whl form-data-2.5.1.tgz and golang.org/x/net which is vulnerable to CVE-2025-36097, CVE-2025-7783, CVE-2025-25193, CVE-2025-47278, CVE-2025-23184, CVE-2025-22872 and CVE-2024-56339...
Security Bulletin: Multiple security vulnerabilities in WebSphere Liberty may affect IBM Business Automation Workflow - CVE-2025-25193, CVE-2025-23184
Summary IBM Business Automation Workflow traditional includes optional components running on WebSphere Liberty: User Management Service and Process Federation Service. IBM Business Automation Workflow on Containers builds upon WebSphere Liberty. Multiple security vulnerabilies have been reported...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...
Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to improper access control due to Apache Commons BeanUtils (CVE-2025-23184)
Summary Apache Commons BeanUtils is shipped with IBM Tivoli Business Service Manager as part of its backend process to handle Java Beans. Information about a security vulnerability affecting Apache Commons BeanUtils has been published in a security bulletin. Vulnerability Details...
Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to denial of service attack due to Apache CXF (CVE-2025-23184)
Summary Apache CXF is shipped with IBM Tivoli Business Service Manager as part of the web services framework. Information about a security vulnerability affecting Apache CXF has been published in a security bulletin. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of...
Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to a Denial of Service (CVE-2025-23184) due to the use of WebSphere Application Server Liberty
Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service associated with the use of WebSphere Application Server Liberty CVE-2025-23184, which is used in its Management Interface. Under certain rare conditions, CachedOutputStream instances may not close properly. If these...
Security Bulletin: Denial of service vulnerability in IBM WebSphere Application Server Liberty affects IBM Storage Protect Operations Center (CVE-2025-23184).
Summary IBM Storage Protect Operations Center is affected by denial of service due to Apache CXF used by IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10...
Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities (CVE-2024-53677, CVE-2025-23184)
Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-53677 DESCRIPTION: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this ca...
Security Bulletin: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed, (CVE-2025-23184) affects IBM PowerVM Novalink.
Summary A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system it applies to servers and clients. IBM...
Security Bulletin: IBM Data Product Hub is affected by several vulnerabilities
Summary IBM Data Product Hub has a dependency on IBM WebSphere Application Server Liberty, which is vulnerable. This bulletin contains information regarding the vulnerabilities and their fixture. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability i...
Security Bulletin: IBM Maximo Application Suite - Monitor Component in IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)
Summary IBM Maximo Application Suite - Monitor Component IBM in WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF CVE-2025-23184. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-23184...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cxf-core-3.5.5.jar, cxf-core-4.0.5.jar CVE-2025-23184
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cxf-core-3.5.5.jar, cxf-core-4.0.5.jar CVE-2025-23184. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service...
Security Bulletin: There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms (CVE-2025-23184).
Summary There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms CVE-2025-23184. An update to IBM TXSeries for Multiplatforms has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2025-231...
Security Bulletin: There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM CICS TX Standard (CVE-2025-23184).
Summary There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM CICS TX Standard CVE-2025-23184. An update to IBM CICS TX Standard has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A...
Security Bulletin: There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2025-23184).
Summary There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2025-23184. An update to IBM CICS TX Advanced has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache CXF (CVE-2025-23184)
Summary A vulnerability in Apache CXF that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the...
Security Bulletin: IBM Maximo Application Suite - IoT uses cxf-core-3.6.4.jar which is vulnerable to CVE-2025-23184.
Summary IBM Maximo Application Suite uses cxf-core-3.6.4.jar which is vulnerable to CVE-2025-23184. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)
Summary There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty with the jaxws-2.2, xmlWS-3.0 or xmlWS-4.0 feature enabled. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of...
Apache CXF < 3.5.10 , 3.6.x < 3.6.5, 4.0.x < 4.0.6 DoS
In versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6, a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory. Note that Nessus has not...