Security Bulletin: Vulnerabilities in Apache Commons IO library affect IBM SPSS Collaboration and Deployment Services

Summary Vulnerabilities in Apache Commons IO library affect IBM SPSS Collaboration and Deployment Services CVE-2024-47554. These have been addressed in the remediation section. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Common...

Relative Path Traversal

Apache Commons VFS is vulnerable to Relative Path Traversal. The vulnerability is due to improper validation in the resolveFile method, which allows encoded ".." sequences to bypass descendant path restrictions and access unintended files...

OESA-2025-1356 apache-commons-vfs security update

Commons VFS provides a uniform view of files through a single API which is designed for accessing various different file systems. These file systems could be a local disk, an HTTP server or a ZIP archive file. The key features are listed as follows: The API is consistent among various file types...

Sensitive Information Exposure

org.apache.commons, commons-vfs2 is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper handling of exception messages, where the FtpFileObject class exposes the original URI, including sensitive information like passwords, when a file is not found. It allows an...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in Apache Commons IO (CVE-2024-47554)

Summary A denial of service vulnerability in Apache Commons IO that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the...

openSUSE Security Advisory (SUSE-SU-2025:1022-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Maximo Application Suite Predict Component uses CVE-2024-47554 detected in commons-io-2.11.0.jar (Publicly disclosed vulnerability found by Mend) which is vulnerable to CVE-2024-47554

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses CVE-2024-47554 detected in commons-io-2.11.0.jar Publicly disclosed vulnerability found by Mend which is vulnerable to CVE-2024-47554. This bulletin contains information regarding the vulnerability and its fixture...

Apache Commons VFS Information Disclosure Vulnerability

Apache Commons VFS is a public virtual file system from the Apache USA Foundation. Apache Commons VFS prior to version 2.10.0 suffers from an information disclosure vulnerability that stems from the FtpFileObject class that may disclose the original URI containing the password if the file is not...

Apache Commons VFS Path Traversal Vulnerability

Apache Commons VFS is a public virtual file system from the Apache USA Foundation. A path traversal vulnerability exists in Apache Commons VFS versions prior to 2.10.0, which stems from a program's failure to properly filter for special elements in a resource or file path. An attacker could explo...

The vulnerability of the Apache Commons IO library, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the Apache Commons IO library is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

apache-commons-vfs2-2.10.0-1.1 on GA media (moderate)

apache-commons-vfs2-2.10.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:14929-1 Rating: moderate Cross-References: CVE-2025-27553 CVE-2025-30474 CVSS scores: CVE-2025-27553 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2025-30474 SUSE : 7.5...

openSUSE 15 Security Update : apache-commons-vfs2 (SUSE-SU-2025:1022-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1022-1 advisory. - CVE-2025-27553: Fixed possible path traversal issue when using NameScope.DESCENDENT bsc1239973 - CVE-2025-30474: Fixed information disclosure due t...

Security update for apache-commons-vfs2

This update for apache-commons-vfs2 fixes the following issues: CVE-2025-27553: Fixed possible path traversal issue when using NameScope.DESCENDENT bsc1239973 CVE-2025-30474: Fixed information disclosure due to failing to find an FTP file reveal the URI's password in an error message bsc1239974...

SUSE-SU-2025:1022-1 Security update for apache-commons-vfs2

This update for apache-commons-vfs2 fixes the following issues: - CVE-2025-27553: Fixed possible path traversal issue when using NameScope.DESCENDENT bsc1239973 - CVE-2025-30474: Fixed information disclosure due to failing to find an FTP file reveal the URI's password in an error message bsc12399...

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not lim...

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2022-34339, CVE-2021-3712, CVE-2021-3711, CVE-2021-4160, CVE-2021-29425, CVE-2021-3733, CVE-2021-3737, CVE-2022-0391, CVE-2021-43138, CVE-2022-24758)

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.1.7 FP6. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.2.3. A vulnerability where user credentials are stored in plain cleartext in a log and could be read by an authenticated us...

OPENSUSE-SU-2025:14929-1 apache-commons-vfs2-2.10.0-1.1 on GA media

These are all security issues fixed in the apache-commons-vfs2-2.10.0-1.1 package on the GA media of openSUSE Tumbleweed...