Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Framework security bypass and denial of service vulnerabilities [CVE-2023-20860, CVE-2023-20861]

Summary Potential VMware Tanzu Spring Framework security bypass and denial of service vulnerabilities have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. CVE-2023-20860,...

Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining [CVE-2016-1000027]

Summary There is a vulnerability in Spring Framework that could allow a remote attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. CVE-2016-1000027 Vulnerability Details...

Security Bulletin: IBM Watson Explorer is affected by vulnerabilities in Spring Framework

Summary IBM Watson Explorer contains a vulnerable version of Spring Framework. Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted SpEL expression, a remote...

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...

Critical: Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update

A minor version update from 7.11 to 7.12 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in VMware Tanzu Spring Framework (CVE-2023-20861)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in VMware Tanzu Spring Framework, by sending a specially crafted SpEL expression CVE-2023-20861. VMware Tanzu Spring Framework is included as part of our speech microservices. This...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in VMware Tanzu Spring Framework [CVE-2023-20860]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in VMware Tanzu Spring Framework due to the use of an un-prefixed double wildcard pattern with the mvcRequestMatcher CVE-2023-20860. Spring Framework is included as part of our speech...

Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining . CVE-2023-20863

Summary There is a vulnerability in Spring Framework that could allow a remote authenticated attacker to execute a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

Security Bulletin: IBM Security Directory Integrator is affected by multiple security vulnerabilities

Summary IBM Security Directory Integrator has addressed several security issues in open source packages. Please apply the fix as detailed below. Vulnerability Details CVEID:CVE-2018-1270 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to execute arbitrary code on the system,...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...

Exploit for Code Injection in Vmware Spring_Framework

Spring4Shell Spring4Shell CVE-2022-22965 Proof Of Concept wi...

Exploit for Code Injection in Vmware Spring_Framework

Spring4Shell Spring4Shell CVE-2022-22965 Proof Of Concept wi...

springframework: BCrypt skips salt rounds for work factor of 31

A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor 31 due to an integer overflow error...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...