Medium: apache-commons-vfs

Issue Overview: Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent ...

Medium: apache-commons-vfs

Issue Overview: Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent ...

Amazon Linux 2 : apache-commons-vfs (ALAS-2025-2842)

The version of apache-commons-vfs installed on the remote host is prior to 2.0-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2842 advisory. Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a...

Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications (CVE-2021-33517, CVE-2021-36090)

Summary Multiple Vulnerabilities in Apache Commons Compress affect IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications CVE-2021-33517, CVE-2021-36090 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics

Summary IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin. Vulnerability Details CVEID:CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT could provide...

Security Bulletin: Denial of Service in Apache Commons Compress used by Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2024-25710, CVE-2024-26308)

Summary There is a potential denial of service in Apache Commons Compress that is used by Apache Solr and IBM Operations Analytics - Log Analysis. This is caused by loop with unreachable exit condition and allocation of resources without limits. Vulnerability Details CVEID:CVE-2024-25710...

Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10

A custom Python-based proof-of-concept PoC exploit targeting Text4Shell CVE-2022-42889, a critical remote code execution vulnerability in Apache Commons Text versions 1.10. This exploit targets vulnerable Java applications that use the StringSubstitutor class with interpolation enabled, allowing...

Apache Commons Text 1.10.0 - Remote Code Execution

Exploit Title: Apache Commons Text 1.10.0 - Remote Code Execution Text4Shell - POST-based Date: 2025-04-17 Exploit Author: Arjun Chaudhary Vendor Homepage: https://commons.apache.org/proper/commons-text/ Software Link:https://repo1.maven.org/maven2/org/apache/commons/commons-text/ Version: Apache...

📄 Apache Commons Text 1.10.0 Remote Code Execution

Apache Commons Text version 1.10.0 suffers from a remote code execution vulnerability. Exploit Title: Apache Commons Text 1.10.0 - Remote Code Execution Text4Shell - POST-based Date: 2025-04-17 Exploit Author: Arjun Chaudhary Vendor Homepage: https://commons.apache.org/proper/commons-text/ Softwa...

Amazon Linux 2 : apache-commons-vfs (ALAS-2025-2819)

The version of apache-commons-vfs installed on the remote host is prior to 2.0-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2819 advisory. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class c...

Important: apache-commons-vfs

Issue Overview: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the...

Important: apache-commons-vfs

Issue Overview: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the...

Security Bulletin: IBM Cognos Controller is affected by vulnerabilities

Summary There are vulnerabilities in IBM® Java™, IBM® Websphere Application Server Liberty and Open-Source Software OSS components used by IBM Cognos Controller. Please refer to the table in the Related Information section for vulnerability impact. This Security Bulletin relates only to the direc...

Security Bulletin: IBM Operational Decision Manager for April 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2014-0114...

Security Bulletin: IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts t...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of...

RHEL 6 / 7 : rh-java-common-apache-commons-collections (RHSA-2015:2523)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:2523 advisory. The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections...

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 292 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

SUSE SLED15 / SLES15 / openSUSE 15 : Recommended update for apache-commons-io (SUSE-SU-SUSE-RU-2025:1150-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2025:1150-1 advisory. apache-commons-io was updated from version 2.15.1 to 2.18.0: - Key changes across versions: Clean...

SUSE-RU-2025:1150-1 Recommended update for apache-commons-io

This update for apache-commons-io fixes the following issues: apache-commons-io was updated from version 2.15.1 to 2.18.0: - Key changes across versions: Cleaner code and updated dependencies Improved security when handling serialized data with the new safe deserialization feature New features fo...