58 matches found
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to commons-io
Summary IBM webMethods BPM uses commons-io to simplify file and stream handling operations within the application, such as reading, writing, and manipulating files and input/output streams. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: In Apache Commons IO before 2.7, When invoking the...
Security Bulletin: Common vulnerabilities addressed in Cloudera Observability 3.6.2
Summary Security Bulletin: Common vulnerabilities addressed in Cloudera Observability 3.6.2 Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested...
CVE-2021-29425 vulnerabilities
Vulnerabilities for packages: druid...
Security Bulletin: IBM QRadar SIEM protocols are vulnerable to information exposure and denial of service (CVE-2021-29425)
Summary Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation in the FileNameUtils.normalize method. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories...
Splunk Enterprise 9.0.0 < 9.0.9, 9.1.0 < 9.1.4, 9.2.0 < 9.2.1 (SVD-2024-0718)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0718 advisory. - jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted objec...
ROS-2-1233
2.1233 Directory traversal in Apache Commons IO CVE-2021-29425 1. Vulnerability Description: The vulnerability allows a remote attacker to perform directory traversal attacks. The vulnerability exists due to an input validation error in the FileNameUtils.normalize method when processing directory...
ROS-2-1185
2.1185 Directory traversal in Apache Commons IO CVE-2021-29425 1. Vulnerability Description: The vulnerability allows a remote attacker to perform directory traversal attacks. The vulnerability exists due to an input validation error in the FileNameUtils.normalize method when processing directory...
Apache Commons IO Vulnerability (CVE-2021-29425)
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path...
Security Bulletin: IBM Jazz Reporting Service is vulnerable to a remote attacker to traverse directories due to Apache Commons IO (CVE-2021-29425)
Summary A vulnerability has been identified in the Apache Commons IO library, which is included in IBM® Jazz Reporting Service. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse...
Security Bulletin: Vulnerability in Apache Commons IO affect IBM Engineering Lifecycle Optimization - Publishing
Summary Apache Commons IO is used by IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normaliz...
Security Bulletin: Vulnerability found in commons-io-1.3.1.jar which is shipped with IBM® Intelligent Operations Center(CVE-2021-29425)
Summary Vulnerability have been identified in commons-io-1.3.1.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...
Oracle WebCenter Sites (Jul 2023 CPU)
The 12.2.1.4.0 version of WebCenter Sites installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites XStream. The supported version...
Security Bulletin: Vulberability in Apache commons io library affects IBM Engineering Test Management (ETM) (CVE-2021-29425)
Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by...
Medium: apache-commons-io
Issue Overview: In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus...
Security Bulletin: Vulnerability in commons-io affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2021-29425]
Summary Commons-io package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2021-29425. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the syste...
Security Bulletin: Apache Commons IO (Publicly disclosed vulnerability) Affects IBM eDiscovery Manager (CVE-2021-29425)
Summary An Apache Commons IO vulnerability could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary...
Security Bulletin: IBM PowerVM Novalink is vulnerable because Apache Commons IO could allow a remote attacker to traverse directories on the system
Summary IBM PowerVM Novalink is vulnerable because Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing "dot dot" sequence...
Security Bulletin: Vulnerability in Apache Commons IO affects IBM Process Mining (CVE-2021-29425)
Summary There is a vulnerability in Apache Commons IO that could allow aremote attacker to traverse directories on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29425...
Security Bulletin: A Vulnerability In Apache Commons IO Affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data
Summary A Vulnerability In Apache Commons IO Affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see below for details and remediation/Fixes for this issue. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to...
Security Bulletin: IBM Security Guardium is affected by path traversal and crypto vulnerabilities (CVE-2021-29425, CVE-2021-39076)
Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker coul...