14 matches found
Security Bulletin: Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services (CVE-2025-22233, CVE-2024-38820)
Summary Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services CVE-2025-22233, CVE-2024-38820. These have been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase...
Security Bulletin: IBM Operational Decision Manager for Oct 2025 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-22233...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in the Spring framework (CVE-2025-22233)
Summary A vulnerability in the Spring framework that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for reques...
Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions.
Summary Multiple vulnerabilities were addressed in IBM Business Automation Manager Open Editions 9.2.1. Vulnerability Details CVEID:CVE-2025-22150 DESCRIPTION: Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choos...
Security Bulletin: IBM Sterling Connect:Direct Web Services vulnerable to spring-context-6.2.3.jar (CVE-2025-22233)
Summary IBM Sterling Connect:Direct Web Services uses spring-context-6.2.3.jar, which has vulnerability CVE-2025-22233. This has been addressed in fixpacks that are available on Fix Central. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowerca...
Spring_framework 5.3.x < 5.3.43 / 6.0.x < 6.0.28 / 6.1.x < 6.1.20 / 6.2.x < 6.2.7 (CVE-2025-22233)
The version of Springframework installed on the remote host is prior to 5.3.43, 6.0.28, 6.1.20, or 6.2.7. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22233 advisory. - CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured...
ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0) +11703 more potentially affected by CVE-2025-22233 via org.springframework:spring-context (>=6.1.0 <=6.1.2)
org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.12.1 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664...
ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +15959 more potentially affected by CVE-2025-22233 via org.springframework:spring-context (>=6.2.0 <=6.2.6)
org.springframework:spring-context MAVEN version =6.2.0, =0.1.0, =0.1.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =0.9.0 - ai.astraform:remote-domain-author-kit-java =0.1.0 and more Source cves: CVE-2025-22233 Source advisory: OSV:GHSA-4WP7-92PW-Q264...
CVE-2025-22233
CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...
CVE-2025-22233 Spring Framework DataBinder Case Sensitive Match Exception
CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...
CVE-2025-22233 Spring Framework DataBinder Case Sensitive Match Exception
CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...
CVE-2025-22233
CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...
CVE-2025-22233
The CVE-2025-22233 entry refers to a vulnerability in Spring Framework where Locale-dependent lowercase conversion still allows bypassing disallowedFields checks in data binding. Affected products/versions include Spring Framework 6.2.0–6.2.6, 6.1.0–6.1.19, 6.0.0–6.0.27, and 5.3.0–5.3.42 (older v...
ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0) +11703 more potentially affected by CVE-2024-38820 +1 more via org.springframework:spring-context (>=6.1.0 <=6.1.2)
org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.12.1 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664...