Security Bulletin: IBM Sterling Secure Proxy is vulnerable to uncontrolled recursion due to Apache Commons Lang.

Summary The methods ClassUtils.getClass... in Apache Commons Lang can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. IBM Sterling Secure Proxy has addressed the applicabl...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in Apache Commons FileUpload

Summary IBM Watson Discovery Cartridge affected by vulnerability in Apache Commons FileUpload Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects...

Security Bulletin: Security vulnerability in Apache Commons Lang may affect IBM Business Automation Workflow - CVE-2025-48924

Summary IBM Business Automation Workflow packages a vulnerable copy of the Apache Commons Lang open source library. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

Security Bulletin: Due to IBM Storage Scale, IBM Cloud Pak System is affected by multiple vulnerabilities [CVE-2025-48976, CVE-2025-30204, CVE-2025-1137].

Summary Execute privileged command and denial of service vulnerabilities found in IBM Storage Scale previously known as IBM Spectrum Scale affect IBM Cloud Pak System. These vulnerabilities were addressed in IBM Cloud Pak System v2.3.6.1. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION:...

Security Bulletin: Security vulnerability found in the Red Hat Universal Minimal Base Image shipped with CICS Transaction Gateway for Multiplatforms.

Summary A sensitive information exposure is found in the Red Hat Universal Base Image Minimal shipped with CICS Transaction Gateway for Multiplatforms. The CICS Transaction Gateway for Multiplatforms container has been updated to address the vulnerability. Vulnerability Details IBM X-Force ID:...

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL.

Summary Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL 7 on Cloud Pak for Data 4.8 and earlier Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long...

Security Bulletin: Vulnerabilities in Apache Commons Lang affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Vulnerabilities in Apache Commons Lang affect IBM® Db2® Big SQL 8.2.1 on IBM Cloud Pak for Data 5.2.1 and earlier. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

Azure Linux 3.0 Security Update: javapackages-bootstrap (CVE-2024-25710)

The version of javapackages-bootstrap installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-25710 advisory. - Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons...

Oracle Business Process Management Suite (14.1.2.0.0) (January 2026 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by a vulnerability, as referenced in the January 2026 CPU advisory: - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component: Composer Apache Commo...

Security Bulletin: Vulnerabilities in Apache Commons affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Apache Commons has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION:...

Security Bulletin: Vulnerabilities in Apache Commons Lang affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Apache Commons Lang has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-48924...

MiracleLinux 7 : apache-commons-collections-3.2.1-22.el7 (AXSA:2015-834:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2015-834:01 advisory. The introduction of the Collections API by Sun in JDK 1.2 has been a boon to quick and effective Java programming. Ready access to powerful data structures ha...

Security Bulletin: Due to use of Apache Commons Text, IBM Operations Analytics - Log Analysis is affected by Remote Code Execution Attacks

Summary Apache Commons Text in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the string manipulation and interpolation. CVE-2025-46295. Vulnerability Details CVEID:CVE-2025-46295 DESCRIPTION: Apache Commons Text versions prior to 1.10.0 included interpolation features...

Security Bulletin: Uncontrolled Resource Consumption Vulnerability in Apache Commons IO XmlStreamReader, affects watsonx.data

Summary Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended ...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by an improper input validation due to Apache Commons HttpClient

Summary Apache Commons HttpClient is used by IBM Operations Analytics - Log Analysis as part of the standards-based Java library for executing HTTP requests. CVE-2012-6153, CVE-2012-5783. Vulnerability Details CVEID:CVE-2012-6153 DESCRIPTION: http/conn/ssl/AbstractVerifier.java in Apache Commons...

Security Bulletin: IBM SPSS Analytic Server is affected by a vulnerability in Apache Commons Lang (CVE-2025-48924).

Summary IBM SPSS Analytic Server is affected by a vulnerability in Apache Commons Lang CVE-2025-48924. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache...

Security Bulletin: IBM Event Processing is affected by multiple Vulnerabilities in IBM Operator for Apache Flink

Summary IBM Event Processing is affected by multiple Vulnerabilities in IBM Operator for Apache Flink 1.4.5 Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers...

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889-text4shell Description This script is a pe...

Security Bulletin: IBM Event Streams is vulnerable to Uncontrolled Recursion vulnerability (CVE-2025-48924)

Summary IBM Event Streams is vulnerable to Uncontrolled Recursion vulnerability due to the use of the Apache Commons Lang artifact. This artifact primarily used for utility functions such as string manipulation, object comparison, and handling common operations that simplify Java development...

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager

Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.2.3.5 and 6.2.4.2. Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security...