23 matches found
Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow embedded Navigator - CVE-2024-38808
Summary IBM Business Automation Workflow embedded Navigator repackages a vulnerable copy of Spring. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring...
Security Bulletin: Multiple vulnerabilities in embedded Navigator affect IBM Business Automation Workflow - CVE-2024-38808, CVE-2024-31141
Summary IBM Business Automation Workflow repackages a version of IBM Content Navigator, which in turn repackages a vulnerable version of the kafka-clients library. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...
Linux Distros Unpatched Vulnerability : CVE-2024-38808
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language...
Security Bulletin: Denial of Service in Spring vulnerability affect IBM Business Automation Workflow - CVE-2024-38808
Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted Spring Expression...
Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects watsonx.data
Summary VMware Tanzu Spring Framework is vulnerable to a denial of service attack and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a...
Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2024-38808,CVE-2024-38809).
Summary Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2024-38808,CVE-2024-38809. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service,...
Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 Openshift Jenkins security update
An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update
An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 Openshift Jenkins security update
An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 8 : Red Hat Product OCP Tools 4.14 Openshift Jenkins (RHSA-2024:8885)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8885 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
RHEL 8 : Red Hat Product OCP Tools 4.13 Openshift Jenkins (RHSA-2024:8887)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8887 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
Security Bulletin: IBM PowerVM Novalink is vulnerable because VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation.
Summary IBM PowerVM Novalink is vulnerable because VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted Spring Expression Language SpEL expression, a remote attacker could exploit this vulnerability to cause a deni...
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.2 for Spring Boot security update.
Red Hat build of Apache Camel 4.4.2 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
org.springframework:spring-web used by Jira 9 contains vulnerabilities
Jira 9 and possibly the upcoming Jira 10 are affected by CVE-2024-38808. https://spring.io/security/cve-2024-38808 https://asecurityteam.atlassian.net/browse/VULN-1409329...
Spring Framework < 5.3.39 Spring Expression DoS (CVE-2024-38808)
The remote host contains a Spring Framework version prior to 5.3.39. It is, therefore, affected by a Spring expression DoS vulnerability: - In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Langua...
CVE-2024-38808 vulnerabilities
Vulnerabilities for packages: apache-nifi...
CVE-2024-38808 vulnerabilities
Vulnerabilities for packages: jenkins, apache-nifi...
CVE-2024-38808
The CVE-2024-38808 DoS in Spring Framework is triggered when an application evaluates user-supplied SpEL expressions in versions 5.3.0–5.3.38 and older unsupported releases. The vulnerability is due to how SpEL expressions may be crafted to exhaust resources, leading to denial of service. Several...
CVE-2024-38808 CVE-2024-38808: Spring Expression DoS Vulnerability
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...