519 matches found
Security Bulletin: A vulnerability in Apache Commons Lang may affect IBM Jazz Reporting Service (CVE-2025-48924)
Summary Apache Commons Lang is used by IBM Jazz Reporting Service. IBM Jazz Reporting Service has addressed the applicable CVE CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lan...
Security Bulletin: A vulnerability in Apache Commons FileUpload may affect IBM Jazz Reporting Service (CVE-2025-48976)
Summary Apache Commons FileUpload is used by IBM Jazz Reporting Service. IBM Jazz Reporting Service has addressed the applicable CVECVE-2025-48976 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS...
CVE-2026-4396
Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...
EUVD-2026-12950
Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...
CVE-2026-4396
Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...
CVE-2026-4396
CVE-2026-4396 affects Devolutions Hub Reporting Service 2025.3.1.1 and earlier. The issue is improper certificate validation, allowing a network attacker to perform a MITM when TLS certificate verification is disabled. The connected sources provide this description but do not include exploit deta...
CVE-2026-4396
Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...
CVE-2026-4396
Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...
PT-2026-26149
🟠 CVE-2026-4396 - High Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verif... https://t.co/fSciVkCYpu https://t.co/yeXegKnc3n...
Devolutions Hub Reporting Service 安全漏洞
The Devolutions Hub Reporting Service is a component of the Canadian company Devolutions that manages reports on the usage of remote access credentials. Versions of the Devolutions Hub Reporting Service prior to 2025.3.1.1 contained security vulnerabilities; these vulnerabilities were caused by...
Security Bulletin: IBM Jazz Reporting Service (Lifecycle Query Engine - LQE) is affected by SPARQL Exposure and Denial‑of‑Service Vulnerabilities.
Summary Multiple vulnerabilities were identified in IBM Jazz Reporting Service Lifecycle Query Engine - LQE SPARQL endpoints that may allow information disclosure and service degradation by authenticated, lower‑privileged users with network access CVE-2025-27550, CVE-2025-2134, CVE-2025-1823...
CVE-2025-27550
IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server...
CVE-2025-1823
IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources...
CVE-2025-2134
IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system's performance using complicated queries due to insufficient resource pooling...
CVE-2025-2134
IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system's performance using complicated queries due to insufficient resource pooling...
CVE-2025-27550
IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server...
CVE-2025-1823
IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources...
CVE-2025-27550
IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server...
CVE-2025-1823
IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources...
CVE-2025-2134 IBM Jazz Reporting Service Denial of Service
IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system's performance using complicated queries due to insufficient resource pooling...