Lucene search
K

23 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:25 p.m.5 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow embedded Navigator - CVE-2024-38808

Summary IBM Business Automation Workflow embedded Navigator repackages a vulnerable copy of Spring. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring...

4.3CVSS6.6AI score0.00536EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:16 p.m.7 views

Security Bulletin: Multiple vulnerabilities in embedded Navigator affect IBM Business Automation Workflow - CVE-2024-38808, CVE-2024-31141

Summary IBM Business Automation Workflow repackages a version of IBM Content Navigator, which in turn repackages a vulnerable version of the kafka-clients library. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege...

6.5CVSS7AI score0.01129EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:48 a.m.78 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...

8.5CVSS9.9AI score0.91969EPSS
Exploits1Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2024-38808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language...

4.3CVSS6.7AI score0.00536EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/07 4:32 p.m.20 views

Security Bulletin: Denial of Service in Spring vulnerability affect IBM Business Automation Workflow - CVE-2024-38808

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted Spring Expression...

4.3CVSS6.6AI score0.00536EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/30 2:17 p.m.13 views

Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects watsonx.data

Summary VMware Tanzu Spring Framework is vulnerable to a denial of service attack and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a...

4.3CVSS5.7AI score0.00536EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.31 views

Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2024-38808,CVE-2024-38809).

Summary Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2024-38808,CVE-2024-38809. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service,...

5.3CVSS7AI score0.00852EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/11/05 12:8 p.m.19 views

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 Openshift Jenkins security update

An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.4CVSS6.6AI score0.01936EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/11/05 12:7 p.m.22 views

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update

An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.6AI score0.48081EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/11/05 11:25 a.m.21 views

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 Openshift Jenkins security update

An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.4CVSS6.6AI score0.01936EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/11/05 12:0 a.m.15 views

RHEL 8 : Red Hat Product OCP Tools 4.14 Openshift Jenkins (RHSA-2024:8885)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8885 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

7.4CVSS6.6AI score0.01936EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/11/05 12:0 a.m.21 views

RHEL 8 : Red Hat Product OCP Tools 4.13 Openshift Jenkins (RHSA-2024:8887)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8887 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

7.4CVSS6.6AI score0.01936EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/04 6:15 p.m.21 views

Security Bulletin: IBM PowerVM Novalink is vulnerable because VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation.

Summary IBM PowerVM Novalink is vulnerable because VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted Spring Expression Language SpEL expression, a remote attacker could exploit this vulnerability to cause a deni...

4.3CVSS6.8AI score0.00536EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/09/09 5:17 p.m.32 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.2 for Spring Boot security update.

Red Hat build of Apache Camel 4.4.2 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7.5CVSS6.8AI score0.02716EPSS
Exploits0References3
Atlassian
Atlassian
added 2024/09/03 4:6 p.m.108 views

org.springframework:spring-web used by Jira 9 contains vulnerabilities

Jira 9 and possibly the upcoming Jira 10 are affected by CVE-2024-38808. https://spring.io/security/cve-2024-38808 https://asecurityteam.atlassian.net/browse/VULN-1409329...

4.3CVSS6.7AI score0.00536EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/08/23 12:0 a.m.48 views

Spring Framework < 5.3.39 Spring Expression DoS (CVE-2024-38808)

The remote host contains a Spring Framework version prior to 5.3.39. It is, therefore, affected by a Spring expression DoS vulnerability: - In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Langua...

4.3CVSS7AI score0.00536EPSS
Exploits0References2
Wolfi
Wolfi
added 2024/08/20 8:15 a.m.78 views

CVE-2024-38808 vulnerabilities

Vulnerabilities for packages: apache-nifi...

4.3CVSS6.9AI score0.00536EPSS
Exploits0
Chainguard
Chainguard
added 2024/08/20 8:15 a.m.17 views

CVE-2024-38808 vulnerabilities

Vulnerabilities for packages: jenkins, apache-nifi...

4.3CVSS6.7AI score0.00536EPSS
Exploits0
CVE
CVE
added 2024/08/20 7:12 a.m.399 views

CVE-2024-38808

The CVE-2024-38808 DoS in Spring Framework is triggered when an application evaluates user-supplied SpEL expressions in versions 5.3.0–5.3.38 and older unsupported releases. The vulnerability is due to how SpEL expressions may be crafted to exhaust resources, leading to denial of service. Several...

4.3CVSS4.6AI score0.00536EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/20 7:12 a.m.20 views

CVE-2024-38808 CVE-2024-38808: Spring Expression DoS Vulnerability

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...

4.3CVSS6.7AI score0.00536EPSS
Exploits0References1
Rows per page
Query Builder