Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses lodash-4.17.21.tgz, tomcat-embed-core-10.1.49.jar, Markdown-3.7-py3-none-any.whl, spring-webmvc-6.2.14.jar, torch-2.10.0-cp311-cp311-manylinux228x8664.whl, and FlaskHTTPAuth-4.8.0-py3-none-any.whl, which are vulnerable to CVE-2025-13465, CVE-2025-66614,...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Spring (CVE-2025-41249)

Summary A vulnerability in Spring that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a...

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...

Security Bulletin: Sterling Order Management and Spring vulnerability CVE-2022-22963

Abstract Is Sterling Order Management affected by Spring vulnerability CVE-2022-22963? Content IBM is aware of a recently surfaced vulnerability CVE-2022-22963 and has evaluated whether any Sterling Order Management applications are affected. The following is a summary of our evaluation: Componen...

br.com.caelum.vraptor:vraptor-environment (=1.0.1), br.com.caelum.vraptor:vraptor-freemarker (>=1.0.1 <=1.1.0) +411 more potentially affected by CVE-2010-1622 via org.springframework:spring (>=2.5.1 <=2.5.6.SEC03)

org.springframework:spring MAVEN version =2.5.1, =1.0.1, =1.0.1, =3.1.1, =1.1, =1.1, =1.2, =1.2.1 and more Source cves: CVE-2010-1622 Source advisory: OSV:GHSA-VPR3-F594-MG5G...

Security Bulletin: Sterling Order Management and Spring vulnerability CVE-2022-22965

Abstract Is Sterling Order Management affected by Spring vulnerability CVE-2022-22965? Content IBM is aware of a recently surfaced vulnerability CVE-2022-22965 and has evaluated whether any Sterling Order Management applications are affected. The following is a summary of our evaluation: Componen...

Security Bulletin: Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench affected by Spring vulnerability (CVE-2018-15756)

Summary The Spring framework is vulnerable to a security issue affecting the Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench. Vulnerability Details CVEID: CVE-2018-15756 DESCRIPTION: Pivotal Spring Framework is vulnerable to a denial of...