CVE-2025-27553

CVE-2025-27553: Relative Path Traversal in Apache Commons VFS (FileObject.resolveFile with NameScope.DESCENDENT) can bypass descendent checks when paths contain encoded ".."; affected up to Commons VFS 2.9.x, fixed in 2.10.0. IBM bulletin aligns this vulnerability with IBM Content Collector for S...

CVE-2025-27553

Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file...

CVE-2025-30474 Apache Commons VFS: Failing to find an FTP file can reveal the URI's password in an error message

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the exception messag...

CVE-2025-30474 Apache Commons VFS: Failing to find an FTP file can reveal the URI's password in an error message

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the exception messag...

CVE-2025-30474

CVE-2025-30474 is corroborated by IBM Content Collector for SAP security bulletin: exposure of sensitive information via error messages in Apache Commons VFS (FtpFileObject may reveal the original URI, potentially containing a password). Impact is limited to affected versions (Apache Commons VFS ...

CVE-2025-30474

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the exception messag...

Apache Commons VFS 安全漏洞

Apache Commons VFS is a public virtual file system from the Apache USA Foundation. A path traversal vulnerability exists in Apache Commons VFS versions prior to 2.10.0, which stems from a program's failure to properly filter for special elements in a resource or file path. An attacker could explo...

Security Bulletin: IBM Sterling Control Center is vulnerable to Apache Commons Compress (CVE-2024-26308, CVE-2024-25710)

Summary Apache Commons Compress jar vulnerabilities are impacting IBM Sterling Control Center v6.3.1 and v6.2.1. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons...

Security Bulletin: IBM Sterling Control Center is vulnerable to Apache Commons IO (CVE-2024-47554)

Summary Apache Commons IO jar vulnerability is impacting IBM Sterling Control Center v6.3.1 and v6.2.1 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessivel...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Fileupload and Apache Tomcat

Summary Vulnerabilities have been identified in Apache Commons Fileupload and Apache Tomcat which are used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2016-3092 DESCRIPTIO...

Security Bulletin: IBM Sterrling B2B Integrator is Vulnerable to Uncontrolled Resource Consumption due to Apache Commons IO (CVE-2024-47554)

Summary IBM Sterling B2B Integrator has addressed the uncontrolled resource consumption vulnerability from Apache Commons IO Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReade...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to out of bounds writes due to hbase-client

Summary hbase-client is used by the ds-cas-lite microservice as part of the Java client HBase API. Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Use...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessive...

apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

A vulnerability was found in the Apache Commons IO component in the org.apache.commons.io.input.XmlStreamReader class. Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed...

Security Bulletin: Due to use of Apache Commons IO, IBM MobileFirst Foundation is vulnerable to Uncontrolled Resource Consumption (CVE-2024-47554)

Summary Apache Commons IO is used by IBM MobileFirst Foundation as part of file handling operations. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively...

Linux Distros Unpatched Vulnerability : CVE-2024-29131

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended...

Linux Distros Unpatched Vulnerability : CVE-2021-37533

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a...

Linux Distros Unpatched Vulnerability : CVE-2023-42503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress:...

Linux Distros Unpatched Vulnerability : CVE-2024-47554

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resource...

Linux Distros Unpatched Vulnerability : CVE-2022-42889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is...