Security Bulletin: vulerability in IBM Spectrum Symphony with spring framework

Summary vulerability in IBM Spectrum Symphony with spring framework Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could...

Security Bulletin: vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty

Summary vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass...

Security Bulletin: Vulerability in IBM Spectrum Symphony with OpenSSL

Summary Vulerability in IBM Spectrum Symphony with OpenSSL Vulnerability Details CVEID:CVE-2024-13176 DESCRIPTION: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDS...

Security Bulletin: vulerability in IBM Spectrum Symphony with spring webmvc

Summary vulerability in IBM Spectrum Symphony with spring webmvc Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable whe...

Security Bulletin: vulerability in IBM Spectrum Symphony with Apache Commons FileUpload

Summary vulerability in IBM Spectrum Symphony with Apache Commons FileUpload Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons...

Security Bulletin: vulerability in IBM Spectrum Symphony with jackson-core

Summary vulerability in IBM Spectrum Symphony with jackson-core Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTION: jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an...

Security Bulletin: vulerability in IBM Spectrum Symphony with spring security

Summary vulerability in IBM Spectrum Symphony with spring security Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

Security Bulletin: vulerability in IBM Spectrum Symphony with okhttp component

Summary vulerability in IBM Spectrum Symphony with okhttp component Vulnerability Details CVEID:CVE-2023-0833 DESCRIPTION: A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing...

Security Bulletin: vulerability in IBM Spectrum Symphony with Express.js

Summary vulerability in IBM Spectrum Symphony with Express.js Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect...