6525 matches found
Security Bulletin: Security Vulnerability in Authorization Rules in Spring Security Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2024-38827)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Security Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-expression-5.3.24.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-expression-5.3.24.jar Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spri...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-web-5.3.26.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-web-5.3.26.jar Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on t...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-boot-2.7.12.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-boot-2.7.12.jar Vulnerability Details CVEID:CVE-2023-34055 DESCRIPTION: In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-expression-5.3.24.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-expression-5.3.24.jar Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possibl...
CVE-2025-53602
Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...
Exposure of Core Dump File to an Unauthorized Control Sphere
Overview Affected versions of this package are vulnerable to Exposure of Core Dump File to an Unauthorized Control Sphere via the heapdump endpoint, which is introduced through the use of Spring Boot Actuators. An attacker can access sensitive memory information by sending requests to this...
GHSA-794X-8X6X-QPFC Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint
Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...
Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint
Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...
CVE-2025-53602
Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...
CVE-2025-53602
Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...
CVE-2025-53602
Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...
PT-2025-28022 · Zipkin +1 · Zipkin +1
Name of the Vulnerable Software and Affected Versions: Zipkin versions prior to 3.5.2 Description: The issue is related to the exposure of heap dump information through the "/heapdump" endpoint, which is associated with the use of Spring Boot Actuator. This endpoint is similar to a previously...
CVE-2025-53602
CVE-2025-53602 affects Zipkin up to version 3.5.1 with a /heapdump endpoint (via Spring Boot Actuator). The root cause is exposure of sensitive heap memory information leading to potential information disclosure. The CVE is linked to related advisories (e.g., GHSA-794X-8X6X-QPFC) describing insec...
CVE-2025-53602
Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...