Lucene search
K

22 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/07/28 4:47 p.m.81 views

Security Bulletin: A VMWare Tanzu Spring Vulerability Affects IBM OpenPages with Watson (CVE-2022-22950)

Summary There is a vulnerability in the Spring Framework open source library used by IBM OpenPages with Watson. This affects the IBM OpenPages application server. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-22950 DESCRIPTION: VMware Tanzu Spring Framework is...

6.5CVSS6.9AI score0.35834EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/06 4:57 a.m.27 views

Security Bulletin: [All] Spring Framework - CVE-2022-22950 (Publicly disclosed vulnerability)

Summary In Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. This effects ITNCM version 6.4.2. Vulnerability Details CVEID:CVE-2022-22950 DESCRIPTION: VMwa...

6.5CVSS6.7AI score0.35834EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.47 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to improper input validation in Spring Framework (CVE-2022-22950)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service, caused by improper input validation in VMware Tanzu Spring Framework CVE-2022-22950. Spring Framework is used in Watson Speech Services to build our STT and TTS java services Please read...

6.5CVSS6.7AI score0.35834EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.62 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service, caused by improper input validation with Spring Framework (CVE-2022-22950).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service, caused by improper input validation in VMware Tanzu Spring Framework CVE-2022-22950. This appears in the Java code used by some of our service components. Please read the details for...

6.5CVSS6.8AI score0.35834EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 5:31 p.m.37 views

Security Bulletin: IBM Tivoli Monitoring is affected but not classified as vulnerable by a denial of service in Spring Framework (CVE-2022-22950)

Summary IBM Tivoli Monitoring is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22950. The Tivoli Enterprise Portal Server CQ component includes but does not use it. The fix removes Spring from the product. Vulnerability Details...

6.5CVSS7.3AI score0.35834EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2022/12/14 1:17 p.m.76 views

Moderate: Red Hat Security Advisory: Red Hat support for Spring Boot 2.7.2 update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications monoliths and microservices for OpenShift as a containerized platform. This release of Red H...

7.5CVSS7AI score0.35834EPSS
Exploits1References9
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/14 9:50 p.m.38 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable due to Spring Framework (CVE-2021-22096, CVE-2022-22950)

Summary IBM Sterilng B2B Integrator has addressed security vulnerabilities in Spring Framework. Vulnerability Details CVEID:CVE-2021-22096 DESCRIPTION: VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a specially-crafted input, an attacker could...

6.5CVSS6.5AI score0.35834EPSS
Exploits0Affected Software1
ICS
ICS
added 2022/10/13 12:0 a.m.64 views

Hitachi Energy Lumada Asset Performance Management Prognostic Model Executor Service

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/public exploits are available Vendor: Hitachi Energy Equipment: Lumada Asset Performance Manager APM Vulnerabilities: Allocation of Resources Without Limits or Throttling, Code injection 2. RISK EVALUATION Successful exploitation of...

9.8CVSS9.8AI score0.99677EPSS
Exploits102References5
RedHat Linux
RedHat Linux
added 2022/08/04 4:46 a.m.129 views

Moderate: Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.0 security update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

7.9CVSS7.1AI score0.35834EPSS
Exploits2References13
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/24 5:34 p.m.213 views

Security Bulletin: IBM QRadar SIEM is affected by a remote code execution in Spring Framework (CVE-2022-22963, CVE-2022-22965, CVE-2022-22950)

Summary IBM QRadar SIEM is affected but not vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boot executable jar, 4...

9.8CVSS1.1AI score0.99939EPSS
Exploits133Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/10 5:17 a.m.55 views

Security Bulletin: Due to use of Spring Framework, IBM Db2 Web Query for i is vulnerable to unprotected fields (CVE-2022-22968), remote code execution (CVE-2022-22965), and denial of service (CVE-2022-22950).

Summary There are multiple vulnerabilities in Spring Framework CVE-2022-22968, CVE-2022-22965, and CVE-2022-22950 as described in the vulnerability details section. Spring Framework v5.3.8 is used by Db2 Web Query for i for infrastructure support. IBM has addressed the vulnerabilities in Db2 Web...

9.8CVSS9.4AI score0.99677EPSS
Exploits104Affected Software6
Tenable Nessus
Tenable Nessus
added 2022/06/08 12:0 a.m.224 views

Spring Framework < 5.2.20 / 5.3.x < 5.3.17 DoS (CVE-2022-22950)

The remote host contains a Spring Framework version that is prior to 5.2.20 or 5.3.x prior to 5.3.17. It is, therefore, affected by denial of service vulnerability. A remote, authenticated attacker could provide a specially crafted SpEL as a routing expression that may result in denial of service...

6.5CVSS7AI score0.35834EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 7:16 a.m.41 views

Security Bulletin: IBM Common Licensing is vulnerable by a remote code attack in Spring Framework (CVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968)

Summary IBM Common Licensing is vulnerable to a remote code execution in Spring Framework CVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968 as it does have Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The fix includes Spring Framework version 5.3.19...

6.5CVSS1.6AI score0.35834EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/06 11:17 p.m.44 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected but not classified as vulnerable to a denial of service in Spring Framework (CVE-2022-22950)

Summary IBM Watson Assistant for IBM Cloud Pak for Data is affected but not vulnerable to a denial of service in Spring Framework CVE-2022-22950 Spring Framework is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its developement infrastructure. The fix includes Spring version...

6.5CVSS2.1AI score0.35834EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/06 11:10 p.m.45 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected but not classified as vulnerable to a denial of service in Spring Framework (CVE-2022-22950)

Summary IBM Watson Assistant for IBM Cloud Pak for Data is affected but not vulnerable to a denial of service in Spring Framework CVE-2022-22950 Spring Framework is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its developement infrastructure. The fix includes Spring version...

6.5CVSS2.1AI score0.35834EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 11:43 a.m.53 views

Security Bulletin: Vulnerability exists for Spring Framework in Watson Explorer (CVE-2021-22060, CVE-2022-22965, CVE-2022-22950)

Summary Security vulnerability in Spring Framework affects IBM Watson Explorer. IBM Watson Explorer has addressed this vulnerability. Vulnerability Details CVEID: CVE-2021-22060 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions,...

9.8CVSS0.8AI score0.99677EPSS
Exploits102Affected Software1
OpenVAS
OpenVAS
added 2022/04/06 12:0 a.m.28 views

VMware Spring Framework < 5.2.20, 5.3.x < 5.3.17 DoS Vulnerability - Windows

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS6.7AI score0.35834EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/04/03 12:1 a.m.4 views

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.dev-tools:ai-devtools (>=0.1.12 <=0.1.20) +35625 more potentially affected by CVE-2022-22950 via org.springframework:spring-expression (>=3.0.0.RELEASE <=5.2.1.RELEASE)

org.springframework:spring-expression MAVEN version =3.0.0.RELEASE, =4.4.0.0, =0.1.12, =0.1.6, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.16, =0.0.1, =0.0.47, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.21 and more Source cves: CVE-2022-22950 Source advisory: OSV:GHSA-558X-2XJG-6232...

6.5CVSS7AI score0.35834EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2022/04/01 11:15 p.m.46 views

CVE-2022-22950

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition...

6.5CVSS7AI score0.35834EPSS
Exploits0References2
CVE
CVE
added 2022/04/01 10:17 p.m.644 views

CVE-2022-22950

CVE-2022-22950 affects Spring Framework 5.3.0–5.3.16 and older unsupported versions, where a specially crafted SpEL expression may cause a Denial of Service. The connected advisories corroborate the DoS vector via Spring Expression language handling, and indicate a fix is available in newer branc...

6.5CVSS7.5AI score0.35834EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder