Security Bulletin: Due to IBM Storage Scale, IBM Cloud Pak System is affected by multiple vulnerabilities [CVE-2025-48976, CVE-2025-30204, CVE-2025-1137].

Summary Execute privileged command and denial of service vulnerabilities found in IBM Storage Scale previously known as IBM Spectrum Scale affect IBM Cloud Pak System. These vulnerabilities were addressed in IBM Cloud Pak System v2.3.6.1. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION:...

MAL-2026-529 Malicious code in fileupload-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cfeee070d9e37cd2dda0d7557f93098e1589be17d77ff38abf265f564574ca3 The package fileupload-core was found to contain malicious code. Source: ghsa-malware aa58dfc19074922a9db4713e1aa1c17edc8de5a937d01a5c08271d4940bcc38...

Malicious Package

Overview fileupload-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Oracle Business Process Management Suite (14.1.2.0.0) (January 2026 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by a vulnerability, as referenced in the January 2026 CPU advisory: - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component: Composer Apache Commo...

Oracle WebLogic Server (January 2026 CPU)

The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component:...

MiracleLinux 9 : tomcat-9.0.62-37.el9 (AXSA:2023-6944:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6944:05 advisory. Apache Commons FileUpload: FileUpload DoS with excessive parts CVE-2023-24998 tomcat: not including the secure attribute causes information disclosu...

MiracleLinux 8 : tomcat-9.0.62-27.el8 (AXSA:2024-7363:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7363:01 advisory. Apache Commons FileUpload: FileUpload DoS with excessive parts CVE-2023-24998 tomcat: not including the secure attribute causes information disclosu...

MiracleLinux 8 : tomcat-9.0.87-1.el8_10.6 (AXSA:2025-10776:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10776:05 advisory. tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-4912...

Security Bulletin: Denial of Service vulnerability in Apache commons-fileupload may affect IBM Business Automation Workflow - CVE-2025-48976

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache...

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager

Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.2.3.5 and 6.2.4.2. Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for December 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF006 and 25.0.0-IF003. These vulnerabilities have been also addressed in 24.0.0-IF005. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficie...

DoS (Denial of Service) org.apache.commons:commons-fileupload2-core Dependency in Crowd Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to access...

Apache Commons FileUpload < 1.6 , 2.0.0-M1 < 2.0.0-M4 Denial of Service (CVE-2025-48976)

The version of Apache Commons FileUpload on the remote host is 1.6 , 2.0.0-M1 2.0.0-M4. It is, therefore, affected by a denial of service vulnerability due to allocation of resources for multipart headers with insufficient limits. Note that Nessus has not tested for these issues but has instead...

Security Bulletin: due to the use of Apache Commons FileUpload, IBM Transformation Extender Advanced is vulnerable to DoS vulnerability

Summary Apache Commons FileUpload is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers. CVE-2024-47554 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient...

Security Bulletin: Multiple Vulnerabilities affect IBM Tivoli Business Service Manager

Summary IBM Tivoli Netcool Impact is a component of the IBM Tivoli Business Service Manager data server. Multiple vulnerabilities were addressed in IBM Tivoli Netcool Impact version 7.1.1.0 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with...

Apache Commons FileUpload JAR Detection

Binary data apachecommonsfileuploadjardetect.nbin...

DoS (Denial of Service) commons-fileupload:commons-fileupload Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-48976 was introduced in 9.12.1 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to take...

Security Bulletin: DoS vulnerability in Apache Commons FileUpload vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center (CVE-2025-48976)

Summary IBM WebSphere Application Server Liberty is vulnerable to DoS in Apache Commons FileUpload attack which can affect IBM Spectrum Protect formerly Tivoli Storage Manager Operations Center. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service due to Apache Commons FileUpload and vulnerable to CVE-2025-48976.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service due to Apache Commons FileUpload and vulnerable to CVE-2025-48976. This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: IBM Spectrum Control is vulnerable to weakness related to Apache Commons FileUpload (CVE-2025-48976)

Summary Vulnerability in Apache Commons FileUpload allows denial of service may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. Thi...