Lucene search
K

58 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 5:59 p.m.4 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to commons-io

Summary IBM webMethods BPM uses commons-io to simplify file and stream handling operations within the application, such as reading, writing, and manipulating files and input/output streams. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: In Apache Commons IO before 2.7, When invoking the...

5.8CVSS5.9AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/09 5:7 p.m.7 views

Security Bulletin: Common vulnerabilities addressed in Cloudera Observability 3.6.2

Summary Security Bulletin: Common vulnerabilities addressed in Cloudera Observability 3.6.2 Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested...

6.5CVSS7.2AI score0.10608EPSS
Exploits1Affected Software1
Wolfi
Wolfi
added 2026/01/07 1:51 a.m.3 views

CVE-2021-29425 vulnerabilities

Vulnerabilities for packages: druid...

5.8CVSS9.6AI score0.10608EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/30 1:38 p.m.55 views

Security Bulletin: IBM QRadar SIEM protocols are vulnerable to information exposure and denial of service (CVE-2021-29425)

Summary Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation in the FileNameUtils.normalize method. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories...

5.8CVSS6.6AI score0.10608EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/07/01 12:0 a.m.61 views

Splunk Enterprise 9.0.0 < 9.0.9, 9.1.0 < 9.1.4, 9.2.0 < 9.2.1 (SVD-2024-0718)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0718 advisory. - jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted objec...

9.8CVSS7.9AI score0.10608EPSS
Exploits13References24
Redos
Redos
added 2024/03/13 12:0 a.m.20 views

ROS-2-1233

2.1233 Directory traversal in Apache Commons IO CVE-2021-29425 1. Vulnerability Description: The vulnerability allows a remote attacker to perform directory traversal attacks. The vulnerability exists due to an input validation error in the FileNameUtils.normalize method when processing directory...

4.8CVSS7.4AI score0.10608EPSS
Exploits1
Redos
Redos
added 2024/03/13 12:0 a.m.19 views

ROS-2-1185

2.1185 Directory traversal in Apache Commons IO CVE-2021-29425 1. Vulnerability Description: The vulnerability allows a remote attacker to perform directory traversal attacks. The vulnerability exists due to an input validation error in the FileNameUtils.normalize method when processing directory...

4.8CVSS7.2AI score0.10608EPSS
Exploits1
Broadcom
Broadcom
added 2023/12/18 12:0 a.m.52 views

Apache Commons IO Vulnerability (CVE-2021-29425)

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path...

4.8CVSS7.3AI score0.10608EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/06 1:2 p.m.13 views

Security Bulletin: IBM Jazz Reporting Service is vulnerable to a remote attacker to traverse directories due to Apache Commons IO (CVE-2021-29425)

Summary A vulnerability has been identified in the Apache Commons IO library, which is included in IBM® Jazz Reporting Service. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse...

5.8CVSS6.4AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 8:7 a.m.38 views

Security Bulletin: Vulnerability in Apache Commons IO affect IBM Engineering Lifecycle Optimization - Publishing

Summary Apache Commons IO is used by IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normaliz...

5.8CVSS6.3AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/05 12:29 p.m.21 views

Security Bulletin: Vulnerability found in commons-io-1.3.1.jar which is shipped with IBM® Intelligent Operations Center(CVE-2021-29425)

Summary Vulnerability have been identified in commons-io-1.3.1.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

5.8CVSS6.5AI score0.10608EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/07/21 12:0 a.m.26 views

Oracle WebCenter Sites (Jul 2023 CPU)

The 12.2.1.4.0 version of WebCenter Sites installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites XStream. The supported version...

8.2CVSS7AI score0.10608EPSS
Exploits2References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/18 7:19 a.m.41 views

Security Bulletin: Vulberability in Apache commons io library affects IBM Engineering Test Management (ETM) (CVE-2021-29425)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by...

5.8CVSS6.3AI score0.10608EPSS
Exploits1Affected Software1
Amazon
Amazon
added 2023/05/31 12:0 a.m.35 views

Medium: apache-commons-io

Issue Overview: In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus...

5.8CVSS7.5AI score0.10608EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 11:54 a.m.41 views

Security Bulletin: Vulnerability in commons-io affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2021-29425]

Summary Commons-io package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2021-29425. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the syste...

5.8CVSS6.3AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/10 5:7 a.m.29 views

Security Bulletin: Apache Commons IO (Publicly disclosed vulnerability) Affects IBM eDiscovery Manager (CVE-2021-29425)

Summary An Apache Commons IO vulnerability could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary...

5.8CVSS6.4AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/13 5:14 a.m.61 views

Security Bulletin: IBM PowerVM Novalink is vulnerable because Apache Commons IO could allow a remote attacker to traverse directories on the system

Summary IBM PowerVM Novalink is vulnerable because Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing "dot dot" sequence...

5.8CVSS6.6AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:30 p.m.130 views

Security Bulletin: Vulnerability in Apache Commons IO affects IBM Process Mining (CVE-2021-29425)

Summary There is a vulnerability in Apache Commons IO that could allow aremote attacker to traverse directories on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29425...

5.8CVSS6.5AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.42 views

Security Bulletin: A Vulnerability In Apache Commons IO Affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data

Summary A Vulnerability In Apache Commons IO Affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see below for details and remediation/Fixes for this issue. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to...

4.8CVSS6.3AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/08 4:46 p.m.58 views

Security Bulletin: IBM Security Guardium is affected by path traversal and crypto vulnerabilities (CVE-2021-29425, CVE-2021-39076)

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker coul...

7.5CVSS6.1AI score0.10608EPSS
Exploits1Affected Software1
Rows per page
Query Builder