Security Bulletin: IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to Uncontrolled Resource Consumption due to Apache Commons IO (CVE-2024-47554)

Summary IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to Uncontrolled Resource Consumption due to Apache Commons IO. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

Unity Linux 20.1070e Security Update: apache-commons-lang3 (UTSA-2025-991256)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991256 advisory. Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting withcommons-lang:commons-lang2.0 to 2.6, and, from...

commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

Security Bulletin:Vulnerability in Apache Commons HttpClient affects IBM Netezza Appliance

Summary The Apache Commons HttpClient package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2012-5783 Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java...

Security Bulletin:Vulnerability in Apache Commons HttpClient affects IBM Netezza Appliance

Summary The Apache Commons HttpClient package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2012-6153 Vulnerability Details CVEID:CVE-2012-6153 DESCRIPTION: http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not...

ROS-20251216-7307

A vulnerability in the FTP Client component of the Apache Commons Net library is related to the use of open redirection with insufficient input data validation during PASV response processing. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected...

PT-2025-51764

Name of the Vulnerable Software and Affected Versions Apache Commons Text versions prior to 1.10.0 FileMaker Server versions prior to 22.0.4 Description Apache Commons Text versions prior to 1.10.0 contain interpolation features that could be exploited when applications process untrusted input...

Apache Commons FileUpload < 1.6 , 2.0.0-M1 < 2.0.0-M4 Denial of Service (CVE-2025-48976)

The version of Apache Commons FileUpload on the remote host is 1.6 , 2.0.0-M1 2.0.0-M4. It is, therefore, affected by a denial of service vulnerability due to allocation of resources for multipart headers with insufficient limits. Note that Nessus has not tested for these issues but has instead...

Security Bulletin: due to the use of Apache Commons Lang, IBM Transformation Extender Advanced is vulnerable to Uncontrolled Recursion vulnerability

Summary Apache Commons Lang is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers . CVE-2024-47554 Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This...

Security Bulletin: due to the use of Apache Commons FileUpload, IBM Transformation Extender Advanced is vulnerable to DoS vulnerability

Summary Apache Commons FileUpload is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers. CVE-2024-47554 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache-commons-lang3 (SUSE-SU-2025:02785-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02785-1 advisory. - CVE-2025-48924: Fixed an uncontrolled recursion vulnerability that may lead to a DoS. bsc1246397 Tenab...

SUSE SLES12 Security Update : apache-commons-lang3 (SUSE-SU-2025:02786-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:02786-1 advisory. - CVE-2025-48924: Fixed an uncontrolled recursion vulnerability that may lead to a DoS. bsc1246397 Tenable has extracted the preceding description blo...

Uncontrolled Resource Consumption

Apache Commons Configuration is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to multiple design issues in the configuration loading and processing logic, where loading untrusted configuration files or allowing attacker-controlled usage patterns can trigger excessive C...

Apache Commons FileUpload JAR Detection

Binary data apachecommonsfileuploadjardetect.nbin...

DoS (Denial of Service) commons-fileupload:commons-fileupload Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-48976 was introduced in 9.12.1 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to take...

Security Bulletin: DoS vulnerability in Apache Commons FileUpload vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center (CVE-2025-48976)

Summary IBM WebSphere Application Server Liberty is vulnerable to DoS in Apache Commons FileUpload attack which can affect IBM Spectrum Protect formerly Tivoli Storage Manager Operations Center. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers...