6 matches found
Security Bulletin: IBM Maximo Application Suite -IoT Component uses cxf-rt-transports-http-4.0.4.jar which is vulnerable to CVE-2024-41172
Summary IBM Maximo Application Suite -IoT Component uses cxf-rt-transports-http-4.0.4.jar which is vulnerable to CVE-2024-41172. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-41172 DESCRIPTION: Apache CXF is vulnerable to a...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.4 Security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
be.atbash.test:integration-testing (=2.2.0), be.atbash.test:integration-testing-database (=2.2.0) +511 more potentially affected by CVE-2024-41172 via org.apache.cxf:cxf-rt-transports-http (>=4.0.0 <=4.0.4)
org.apache.cxf:cxf-rt-transports-http MAVEN version =4.0.0, =1.0.0, =12.1-16, =0.0.1, =2.70.0, =2.71.1 - com.codbex.kronos:codbex-kronos-commons =2.70.0 - com.codbex.kronos:codbex-kronos-components-api-parent =2.69.0 - com.codbex.kronos:codbex-kronos-components-engine-xsjob =2.69.0 -...
com.axonivy.ivy.tool.soap:cxf-client-codegen (=1.0.0), cv.igrp:igrp-core (>=1.7.3.230801 <=1.7.3.230802) +294 more potentially affected by CVE-2024-41172 via org.apache.cxf:cxf-rt-transports-http (>=3.6.0 <=3.6.3)
org.apache.cxf:cxf-rt-transports-http MAVEN version =3.6.0, =1.7.3.230801, =3.0-M3, =3.0-M3, =3.0-M3, =4.4.6.hyte-24270, =4.4.6.hyte-24270, =4.4.6.hyte-24270, =4.4.8.hyte-26150 - io.hyte.platform:repo =4.4.6.hyte-24270 - net.tirasa.connid.bundles:net.tirasa.connid.bundles.servicenow =1.0.4 -...
CVE-2024-41172 Apache CXF: Unrestricted memory consumption in CXF HTTP clients
In versions of Apache CXF before 3.6.4 and 4.0.5 3.5.x and lower versions are not impacted, a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out o...
CVE-2024-41172 Apache CXF: Unrestricted memory consumption in CXF HTTP clients
In versions of Apache CXF before 3.6.4 and 4.0.5 3.5.x and lower versions are not impacted, a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out o...