Lucene search
+L

19 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 8:15 p.m.18 views

Security Bulletin: Multiple vulnerabilities in IBM DevOps Solution Workbench

Summary Multiple vulnerabilities were addressed in IBM DevOps Solution Workbench version 5.1. Vulnerability Details CVEID:CVE-2025-46701 DESCRIPTION: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that...

9.8CVSS8.2AI score0.64718EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 6:43 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-webflux-5.3.27.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-webflux-5.3.27.jar Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks...

7.5CVSS6.7AI score0.14718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 7:47 p.m.16 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a security information disclosure in VMware Tanzu Spring [CVE-2024-38816]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security information disclosure in VMware Tanzu Spring, due to path traversal exposures through the functional web frameworks: WebMvc.fn or WebFlux.fnCVE-2024-38816. VMware Tanzu Spring is used in our Speech microservices. This...

7.5CVSS6.1AI score0.14718EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2024-38816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can...

7.5CVSS6.8AI score0.14718EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/07 10:48 a.m.17 views

Security Bulletin: Vulnerabilities in WebMvc.fn and WebFlux.fn affect watsonx.data

Summary The functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are...

7.5CVSS6.2AI score0.14718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.35 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to spring-webmvc-6.1.12 (CVE-2024-38816)

Summary IBM Sterling Connect:Direct Web Services uses spring webmvc jar, Spring Security could allow a remote attacker to obtain sensitive information, caused by a path traversal attack in applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux...

7.5CVSS6.3AI score0.14718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.24 views

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webmvc-6.1.12.jar which is vulnerable to this CVE-2024-38816

Summary Security Bulletin:IBM Maximo Application Suite - AI Broker Component component uses spring-webmvc-6.1.12.jar which is vulnerable to this CVE-2024-38816. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION:...

7.5CVSS6.1AI score0.14718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.22 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-webmvc-6.1.12.jar CVE-2024-38816

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to spring-webmvc-6.1.12.jar CVE-2024-38816. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: VMware Tanzu Spring Security could allow a remote...

7.5CVSS6.3AI score0.14718EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
added 2024/11/08 7:37 p.m.54 views

K000148465: Spring framework vulnerability CVE-2024-38816

Security Advisory Description Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process i...

7.5CVSS7.3AI score0.14718EPSS
Exploits1
GithubExploit
GithubExploit
added 2024/09/28 11:16 p.m.141 views

Exploit for CVE-2024-38816

CVE-2024-38816 Proof of Concept PoC This is a proof of conc...

7.5CVSS7.5AI score0.14718EPSS
Exploits1
OpenVAS
OpenVAS
added 2024/09/24 12:0 a.m.32 views

VMware Spring Framework < 5.3.40, 6.0.x < 6.0.24, 6.1.x < 6.1.13 Path Traversal Vulnerability - Linux

The VMware Spring Framework is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.5AI score0.14718EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2024/09/13 6:30 a.m.8 views

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0) +748 more potentially affected by CVE-2024-38816 via org.springframework:spring-webflux (>=6.1.0 <=6.1.12)

org.springframework:spring-webflux MAVEN version =6.1.0, =0.2.0, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.3.1, =1.0.0, =1.0.9 and more Source cves: CVE-2024-38816 Source advisory: OSV:GHSA-CX7F-G6MP-7HQM...

7.5CVSS6.9AI score0.14718EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/09/13 6:30 a.m.7 views

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-codes-api (>=1.1.0 <=1.2.0) +10651 more potentially affected by CVE-2024-38816 via org.springframework:spring-webmvc (>=5.3.0 <=5.3.39)

org.springframework:spring-webmvc MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.2, =j11.2.6.0, =j11.2.6.0, =j11.2.6.0, =j11.2.6.2 and more Source cves: CVE-2024-38816 Source advisory: OSV:GHSA-CX7F-G6MP-7HQM...

7.5CVSS6.8AI score0.14718EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/09/13 6:30 a.m.8 views

ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.1.0), ai.driftkit:driftkit-chat-assistant-framework (>=0.5.0 <=0.8.7) +2685 more potentially affected by CVE-2024-38816 via org.springframework:spring-webmvc (>=6.1.0 <=6.1.12)

org.springframework:spring-webmvc MAVEN version =6.1.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.5.0, =1.12.0, =1.14.0 - ai.yda-framework:rest-spring-channel =0.1.0 and more Source cves: CVE-2024-38816 Source advisory: OSV:GHSA-CX7F-G6MP-7...

7.5CVSS6.8AI score0.14718EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/09/13 6:30 a.m.7 views

ai.optfor:spring-openai-api (>=0.2.2 <=0.3.25), app.boboc:webflux-websocket-coroutine (>=0.0.6 <=1.0.0) +661 more potentially affected by CVE-2024-38816 via org.springframework:spring-webflux (>=6.0.0 <=6.0.23)

org.springframework:spring-webflux MAVEN version =6.0.0, =0.2.2, =0.0.6, =0.0.6, =4.6.18, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2024-38816 Source advisory: OSV:GHSA-CX7F-G6MP-7HQM...

7.5CVSS6.9AI score0.14718EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/09/13 6:30 a.m.6 views

africa.absa:inception-application (>=1.1.0 <=1.2.0), africa.absa:inception-test (>=1.1.0 <=1.2.0) +1988 more potentially affected by CVE-2024-38816 via org.springframework:spring-webflux (>=5.3.0 <=5.3.39)

org.springframework:spring-webflux MAVEN version =5.3.0, =1.1.0, =1.1.0, =j11.2.6.0, =v0.3.12, =v0.3.12, =v0.3.12, =4.1.36, =4.1.36, =1.7, =1.0, =1.0.0, =1.0.1, =1.0.6 and more Source cves: CVE-2024-38816 Source advisory: OSV:GHSA-CX7F-G6MP-7HQM...

7.5CVSS6.8AI score0.14718EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/09/13 6:30 a.m.8 views

be.dnsbelgium:rdap-server (>=4.0.0 <=4.0.3), be.personify.iam:personify-api (>=1.5.0.RELEASE <=1.5.2.RELEASE) +2820 more potentially affected by CVE-2024-38816 via org.springframework:spring-webmvc (>=6.0.0 <=6.0.23)

org.springframework:spring-webmvc MAVEN version =6.0.0, =4.0.0, =1.5.0.RELEASE, =1.5.1.RELEASE, =1.5.0.RELEASE, =2.1.0.RELEASE, =3.0.0, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =3.4.0 and more Source cves: CVE-2024-38816 Source advisory...

7.5CVSS6.8AI score0.14718EPSS
Exploits1
OSV
OSV
added 2024/09/13 6:15 a.m.2 views

DEBIAN-CVE-2024-38816

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS7.1AI score0.14718EPSS
Exploits1References1
Wolfi
Wolfi
added 2024/09/13 6:15 a.m.21 views

CVE-2024-38816 vulnerabilities

Vulnerabilities for packages: thingsboard...

7.5CVSS7.1AI score0.14718EPSS
Exploits1
Rows per page
Query Builder