CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

IBM Security Bulletins•added 2026/05/25 5:1 p.m.•11 views

Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affects IBM Rational Functional Tester / DevOps Test UI

Summary There are vulnerabilities in Eclipse Jetty used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote...

6.5CVSS6.8AI score0.01037EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/05/01 7:47 a.m.•4 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to denial-of-service due to Jetty

Summary A security vulnerability in Jetty's ThreadLimitHandler.getRemote can be exploited by unauthorized users to cause remote denial-of-service DoS attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory. IBM Sterling External...

6.5CVSS6.7AI score0.01037EPSS

Exploits1Affected Software1

OSV•added 2026/04/01 9:25 a.m.•1 views

CLEANSTART-2026-TX96881 Security fixes for CVE-2024-6763, CVE-2026-1225, ghsa-25qh-j22f-pwp8, ghsa-72hv-8253-57qq, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v applied in versions: 4.0.1-r2

Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

5.3CVSS6.7AI score0.00986EPSS

Exploits1References9

IBM Security Bulletins•added 2025/09/09 3:22 p.m.•4 views

Security Bulletin: Insufficient URI Authority Validation in Eclipse Jetty's HttpURI Class Enables Open Redirect and SSRF Risks, affects watsonx.data

Summary Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common...

6.5CVSS6.6AI score0.01037EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/06/25 9:37 a.m.•5 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses jetty-http-10.0.22.jar and jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516 and CVE-2024-6763

Summary IBM Maximo Application Suite - IoT Component uses jetty-http-10.0.22.jar and jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516 and CVE-2024-6763. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-6763...

8.8CVSS7.3AI score0.00986EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/06/20 12:0 p.m.•5 views

Security Bulletin: Vulnerability in jetty-server affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-6763, CVE-2024-8184]

Summary The jetty-server package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-6763, CVE-2024-8184 Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web...

6.5CVSS5.7AI score0.01037EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/06/20 11:36 a.m.•1 views

Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-6763]

Summary The jetty-http package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-6763 Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet...

5.3CVSS5.1AI score0.00986EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/06/03 8:19 a.m.•7 views

Security Bulletin: IBM Engineering Systems Design Rhapsody affected by CVE-2024-6763

Summary jetty-http-12.0.9.jar, jetty-server-12.0.9.jar was vulnerable and IBM Engineering Systems Design Rhapsodyhas upgraded JARs to org.eclipse.jetty:jetty-http:12.0.12;org.eclipse.jetty:jetty-server:12.0.12 Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight,...

5.3CVSS6.1AI score0.00986EPSS

Exploits1Affected Software1

OpenVAS•added 2025/06/02 12:0 a.m.•8 views

openSUSE Security Advisory (SUSE-SU-2025:01738-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS6.8AI score0.00986EPSS

Exploits1References5

Tenable Nessus•added 2025/05/30 12:0 a.m.•8 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : jetty-minimal (SUSE-SU-2025:01738-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01738-1 advisory. Upgrade to version 9.4.57.v20241219 - CVE-2024-6763: the HttpURI class does insufficient...

7.2CVSS6.8AI score0.00986EPSS

Exploits1References7

OPENSUSE Linux•added 2025/05/27 12:0 a.m.•5 views

jetty-annotations-9.4.57-1.1 on GA media (moderate)

jetty-annotations-9.4.57-1.1 on GA media Announcement ID: openSUSE-SU-2025:15160-1 Rating: moderate Cross-References: CVE-2024-13009 CVE-2024-6763 CVSS scores: CVE-2024-13009 SUSE : 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVE-2024-6763 SUSE : 4.8...

7.2CVSS7.4AI score0.00986EPSS

Exploits1

IBM Security Bulletins•added 2025/04/14 10:52 a.m.•26 views

Security Bulletin: IBM Asset Data Dictionary uses jetty-http-9.4.48.v20220622.jar which is vulnerable to CVE-2024-6763.

Summary IBM Asset Data Dictionary uses jetty-http-9.4.48.v20220622.jar which is vulnerable to CVE-2024-6763. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable,...

5.3CVSS6.6AI score0.00986EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/04/10 2:14 p.m.•22 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities reported in Jetty server (CVE-2024-8184, CVE-2024-6763)

Summary Multiple vulnerabilities over Eclipse Jetty is affecting IBM Sterling Control Center v6.3.1.0 and v6.4.0.0. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service...

6.5CVSS5.8AI score0.01037EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/04/01 10:37 a.m.•21 views

Security Bulletin: There is a vulnerability in jetty-server-9.4.53.v20231009.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-6763)

Summary There is a vulnerability in jetty-server-9.4.53.v20231009.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includ...

6.5CVSS7AI score0.01037EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/04/01 3:34 a.m.•17 views

Security Bulletin: IBM Storage Protect Server is vulnerable due to Eclipse Jetty (CVE-2024-6763)

Summary IBM Storage Protect Server uses Eclipse Jetty and may be vulnerable to an open redirect attack due to issues with HttpURI parsing and validation checks. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servle...

5.3CVSS6.9AI score0.00986EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/03/13 4:31 p.m.•25 views

Security Bulletin: Vulnerabilities in Eclipse jetty affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerabilities in Eclipse Jetty has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...

6.5CVSS6.7AI score0.01037EPSS

Exploits1Affected Software2

IBM Security Bulletins•added 2025/01/28 10:8 p.m.•31 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Jetty (CVE-2024-8184)

Summary Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the ThreadLimitHandler.getRemote function. By sending specially crafted requests, a remote attacker could exploit this vulnerability to exhaust the server memory and results in a denial of service...

6.5CVSS6.4AI score0.01037EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2024/11/26 9:40 a.m.•58 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Nov 2024

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF004 Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security...

9.8CVSS9.1AI score0.66594EPSS

Exploits16Affected Software1

OpenVAS•added 2024/10/22 12:0 a.m.•23 views

Eclipse Jetty URI Parsing Vulnerability (GHSA-qh8g-58pp-2wxh) - Windows

Eclipse Jetty is prone to an URI parsing vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

5.3CVSS5.2AI score0.00986EPSS

Exploits1References2