Security Bulletin: Multiple vulnerabilties in IBM Rational Functional Tester / DevOps Test UI

Summary Multiple vulnerabilities were addressed in DevOps Test UI version 11.0.7 Vulnerability Details CVEID:CVE-2024-53990 DESCRIPTION: The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-security-core (CVE-2025-41248)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-41248 of spring-security-core-6.4.5.jar. Vulnerability Details CVEID:CVE-2025-41248 DESCRIPTION: The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies...

Improper Authorization Third-Party Dependency in Bitbucket Data Center and Server - CVE-2025-41248

This High severity vulnerability known as CVE-2025-41248 was introduced in 10.0.0 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Atlassian recommends that Bitbucket Data Center and Server customers...

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-security-core-6.4.3.jar (CVE-2025-41248)

Summary IBM Sterling Connect:Direct Web Services is vulnerable to Annotation detection mechanism may not correctly resolve annotations on methods in spring-security-core-6.4.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41248...

CVE-2025-41248 vulnerabilities

Vulnerabilities for packages: apache-nifi-registry, apache-nifi, thingsboard, jenkins...

CVE-2025-41248 vulnerabilities

Vulnerabilities for packages: nacos, apache-nifi, nacos-docker, thingsboard, jenkins, apache-nifi-registry...

be.jidoka:jdk-keycloak-admin (=2.5.0), br.com.consultdg:database-module (>=1.0.1 <=1.0.10) +888 more potentially affected by CVE-2025-41248 via org.springframework.security:spring-security-core (>=6.4.0 <=6.4.1)

org.springframework.security:spring-security-core MAVEN version =6.4.0, =1.0.1, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =0.0.69, =0.0.35, =3.4.0.2 and more Source cves: CVE-2025-41248 Source advisory: OSV:GHSA-8V5Q-RHF3-JPHM...

PT-2025-37861

Name of the Vulnerable Software and Affected Versions Spring Framework affected versions not specified Description The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type. This can lead to an...

PT-2025-37862

Name of the Vulnerable Software and Affected Versions Spring Framework affected versions not specified Description The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type. This can lead to an...