11 matches found
Spring Framework - Path Traversal
Spring Framework MVC applications deployed as WAR or with embedded Servlet containers that do not reject suspicious URI sequences and serve static resources with Spring resource handling contain a path traversal vulnerability, letting attackers access unauthorized files, exploit requires...
Security Bulletin: A security vulnerability has been identified in IBM StreamSets Data Collector
Summary A security vulnerability CVE-2025-41242 has been addressed in IBM StreamSets Data Collector version 7.1.0 Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servle...
Security Bulletin: IBM Controller is vulnerable to a Path Traversal vulnerability
Summary IBM Controller has addressed a Path Traversal vulnerability present in Spring Framework MVC applications Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal Vulnerability in Spring Framework [CVE-2025-41242]
Summary IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal Vulnerability in Spring Framework when deployed on a non-compliant Servlet container CVE-2025-41242. Spring Framework is used as part of our java microservices. This vulnerabilitiy has been addressed. Please read the...
Security Bulletin: Path traversal vulnerability affect IBM Business Automation Workflow - CVE-2025-41242
Summary IBM Business Automation Workflow packages a vulnerable version of spring. Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can ...
Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Spring Framework MVC applications can be vulnerable to Traversal Vulnerability.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Spring Framework MVC applications can be vulnerable to Traversal Vulnerability.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION:...
Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to CVEs.
Summary IBM Maximo Application Suite uses spring-beans-6.2.9.jar, spring-context-6.1.14.jar, flask-3.1.0-py3-none-any.whl, kafka-clients-3.9.0.jar, cxf-core-3.6.7.jar, urllib3-1.26.20-py2.py3-none-any.whl, postgresql-42.7.5.jar, requests-2.32.3-py3-none-any.whl,commons-beanutils-1.9.4.jar which i...
ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.4.0) +4629 more potentially affected by CVE-2025-41242 via org.springframework:spring-webmvc (>=6.1.0 <=6.1.21)
org.springframework:spring-webmvc MAVEN version =6.1.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.5.0, =cloud-0.1, =cloud-0.2.1 and more Source cves: CVE-2025-41242 Source advisory: OSV:GHSA-R936-GWX5-V52F...
be.dnsbelgium:rdap-server (>=4.0.0 <=4.0.3), be.personify.iam:personify-api (>=1.5.0.RELEASE <=1.5.2.RELEASE) +2820 more potentially affected by CVE-2025-41242 via org.springframework:spring-webmvc (>=6.0.0 <=6.0.23)
org.springframework:spring-webmvc MAVEN version =6.0.0, =4.0.0, =1.5.0.RELEASE, =1.5.1.RELEASE, =1.5.0.RELEASE, =2.1.0.RELEASE, =3.0.0, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =3.4.0 and more Source cves: CVE-2025-41242 Source advisory...
africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-codes-api (>=1.1.0 <=1.2.0) +10791 more potentially affected by CVE-2025-41242 via org.springframework:spring-webmvc (>=5.3.0 <=5.3.4)
org.springframework:spring-webmvc MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.2, =1.4.2, =1.6.6, =1.6.6.1 - ai.platon:distributed-lock-example =1.4.2 and more Source cves: CVE-2025-41242 Source advisory: OSV:GHSA-R936-GWX5-V52F...
ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0) +21726 more potentially affected by CVE-2025-41242 via org.springframework:spring-beans (>=6.0.0 <=6.2.1)
org.springframework:spring-beans MAVEN version =6.0.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.12.1 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 -...