commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...

Security Bulletin: Uncontrolled Resource Consumption in Apache Commons Configuration 1.x When Loading Untrusted Configurations, affects watsonx.data

Summary Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons...

ROS-20250911-07

A vulnerability in the Apache Commons Compress archiver is related to the execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker to affect the integrity, availability, and confidentiality of protected information. confidentiality of...

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in Apache Commons.

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in Apache Commons. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was add...

Security Bulletin: SSL Certificate Hostname Verification Bypass in Apache Commons HttpClient 3.x Allowing MITM Attacks affects watsonx.data

Summary Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerability in Apache Commons (CVE-2025-48924)

Summary SPSS Collaboration and Deployment Services is affected by vulnerability in Apache Commons CVE-2025-48924. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue...

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages...

CVE-2025-48924 affecting package apache-commons-lang3 for versions less than 3.8.1-6

CVE-2025-48924 affecting package apache-commons-lang3 for versions less than 3.8.1-6. A patched version of the package is available...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-48976)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary There is a vulnerability in Apache Commons FileUpload which affects IBM WebSphere Application Server traditional and affects IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Following IBM® Engineering...

Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs

...

Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file

...

Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file

...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service due to Apache Commons FileUpload with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Vulnerability Details Refer ...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service due to Apache Commons FileUpload with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Vulnerability Details Refer to the...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service due to Apache Commons FileUpload. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service due to Apache Commons FileUpload. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to improper access control due to the Apache Commons package (CVE-2025-48734)

Summary Apache Commons is used by DataStage on Cloud Pak for Data as part of Java utility functionality. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used t...

Remote Code Execution (RCE)

Apache Commons OGNL is vulnerable to Remote Code Execution RCE. The vulnerability is due to incomplete blocklist restrictions in the OGNL engine when parsing and evaluating expressions, which allows an attacker to bypass protections and potentially achieve arbitrary code execution...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Recursion vulnerability in Apache Commons [CVE-2025-48924]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Recursion vulnerability in Apache Commons Lang, caused by the methods ClassUtils.getClass... possibily throwing a StackOverflowError on very long inputs CVE-2025-48924. Apache Commons is used in our speech service...