Lucene search
K

14 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 3:0 a.m.7 views

Security Bulletin: Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services (CVE-2025-22233, CVE-2024-38820)

Summary Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services CVE-2025-22233, CVE-2024-38820. These have been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase...

5.3CVSS6.3AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/26 3:13 a.m.12 views

Security Bulletin: IBM Operational Decision Manager for Oct 2025 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-22233...

8.2CVSS8.2AI score0.64718EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 9:18 p.m.8 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in the Spring framework (CVE-2025-22233)

Summary A vulnerability in the Spring framework that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for reques...

5.3CVSS6.4AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 11:10 p.m.18 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions.

Summary Multiple vulnerabilities were addressed in IBM Business Automation Manager Open Editions 9.2.1. Vulnerability Details CVEID:CVE-2025-22150 DESCRIPTION: Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choos...

8.7CVSS8.2AI score0.01695EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/24 4:52 p.m.13 views

Security Bulletin: IBM Sterling Connect:Direct Web Services vulnerable to spring-context-6.2.3.jar (CVE-2025-22233)

Summary IBM Sterling Connect:Direct Web Services uses spring-context-6.2.3.jar, which has vulnerability CVE-2025-22233. This has been addressed in fixpacks that are available on Fix Central. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowerca...

5.3CVSS7.8AI score0.00631EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/05/22 12:0 a.m.35 views

Spring_framework 5.3.x < 5.3.43 / 6.0.x < 6.0.28 / 6.1.x < 6.1.20 / 6.2.x < 6.2.7 (CVE-2025-22233)

The version of Springframework installed on the remote host is prior to 5.3.43, 6.0.28, 6.1.20, or 6.2.7. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22233 advisory. - CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured...

5.3CVSS6.4AI score0.00631EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/05/16 9:32 p.m.13 views

ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0) +11703 more potentially affected by CVE-2025-22233 via org.springframework:spring-context (>=6.1.0 <=6.1.2)

org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.12.1 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664...

3.1CVSS6.6AI score0.00351EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/05/16 9:32 p.m.16 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +15959 more potentially affected by CVE-2025-22233 via org.springframework:spring-context (>=6.2.0 <=6.2.6)

org.springframework:spring-context MAVEN version =6.2.0, =0.1.0, =0.1.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =0.9.0 - ai.astraform:remote-domain-author-kit-java =0.1.0 and more Source cves: CVE-2025-22233 Source advisory: OSV:GHSA-4WP7-92PW-Q264...

3.1CVSS6.6AI score0.00351EPSS
Exploits1
NVD
NVD
added 2025/05/16 8:15 p.m.42 views

CVE-2025-22233

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

3.1CVSS0.00631EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/16 7:14 p.m.44 views

CVE-2025-22233 Spring Framework DataBinder Case Sensitive Match Exception

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

3.1CVSS0.00351EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/16 7:14 p.m.37 views

CVE-2025-22233 Spring Framework DataBinder Case Sensitive Match Exception

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

3.1CVSS7.1AI score0.00351EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2025/05/16 7:14 p.m.34 views

CVE-2025-22233

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

3.1CVSS6.2AI score0.00351EPSS
Exploits1
CVE
CVE
added 2025/05/16 7:14 p.m.253 views

CVE-2025-22233

The CVE-2025-22233 entry refers to a vulnerability in Spring Framework where Locale-dependent lowercase conversion still allows bypassing disallowedFields checks in data binding. Affected products/versions include Spring Framework 6.2.0–6.2.6, 6.1.0–6.1.19, 6.0.0–6.0.27, and 5.3.0–5.3.42 (older v...

3.1CVSS3.7AI score0.00631EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/05/15 12:0 a.m.14 views

ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0) +11703 more potentially affected by CVE-2024-38820 +1 more via org.springframework:spring-context (>=6.1.0 <=6.1.2)

org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.12.1 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664...

5.3CVSS6.6AI score0.00631EPSS
Exploits1
Rows per page
Query Builder