Security Bulletin: There is a vulnerability in path-to-regexp-0.1.12.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-4867)

Summary There is a vulnerability in path-to-regexp-0.1.12.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you have three or more parameters within a single...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service (CVE-2024-45296)

Summary pillarjs Path-to-RegExp is used by IBM DataPower Gateway as part of the DataPower UI CVE-2024-45296 Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sending...

Security Bulletin: IBM Security SOAR is vulnerable to client-side vulnerability (CVE-2024-45801)

Summary IBM Security SOAR was using a UI component which contained a vulnerability that could lead to a client-side arbitrary code execution CVE-2024-45801. The vulnerable component has been removed from the UI. Please upgrade to IBM Security SOAR version 51.0.4.0 or later. Vulnerability Details...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to pillarjs Path-to-RegExp (CVE-2024-45296).

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to pillarjs Path-to-RegExp CVE-2024-45296. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial...

Security Bulletin: Multiple security vulnerabilities in Python affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip...

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by DOMPurify vulnerability (CVE-2024-45801)

Summary IBM Sterling Connect:Direct Web Services uses DOMPurify could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in depth check. Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify could allow a remote attacker to execute...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in path-to-regexp-0.1.7.tgz

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of path-to-regexp-0.1.7.tgz Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By...

Security Bulletin: Multiple Vulnerabilities in IBM Event Endpoint Management

Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management version 11.3.1 Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in schema parsing in the Java...

Security Bulletin: Due to use of Async, IBM Event Streams is vulnerable to Regular Expression denial of service

Summary Async is used by IBM Event Streams CVE-2024-39249 Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while parsing function in autoinject function. By sending a specially crafted...

Security Bulletin: Due to use of Async, IBM Event Processing is vulnerable to Regular Expression Denial of Service

Summary Async is used by IBM Event Processing as part of the frontend. CVE-2024-39249 Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while parsing function in autoinject function. By...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for September 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF001 Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this...

Zod denial of service vulnerability during email validation

Impact API servers running express-zod-api having: - version of express-zod-api below 10.0.0-beta1, - and using the following or similar validation schema in its implementation: z.string.email, are vulnerable to a DoS attack due to: - Inefficient Regular Expression Complexity in zod versions up t...

JVN#86484824: SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-1333, CVE-2023-40599. This vulnerability is a similar issue as CVE-2023-32610 published on JVN on June 20, 2023, and was newly discovered in several Add-ons listed above. Impact A...

Inefficient Regular Expression Complexity in rails-html-sanitizer

Summary Certain configurations of rails-html-sanitizer = 1.4.4. Severity The maintainers have evaluated this as High Severity 7.5 CVSS3.1. References - CWE - CWE-1333: Inefficient Regular Expression Complexity 4.9 - https://hackerone.com/reports/1684163 Credit This vulnerability was responsibly...

Inefficient Regular Expression Complexity in Loofah

Summary Loofah = 2.19.1. Severity The Loofah maintainers have evaluated this as High Severity 7.5 CVSS3.1. References - CWE - CWE-1333: Inefficient Regular Expression Complexity 4.9 - https://hackerone.com/reports/1684163 Credit This vulnerability was responsibly reported by @ooooooo-q...

GHSA-VQC4-V8HC-H2JG Polynomial regular expression used on uncontrolled data in nitrado.js

Impact Possible ReDoS with lib input of and with many repetitions of | Patches Patched in all versions above 0.2.5 Workarounds No known work arounds. References - OWASP: Regular expression Denial of Service - ReDoS - Wikipedia: ReDoS. - Wikipedia: Time complexity. - James Kirrage, Asiri Rathnayak...

Polynomial regular expression used on uncontrolled data in nitrado.js

Impact Possible ReDoS with lib input of and with many repetitions of | Patches Patched in all versions above 0.2.5 Workarounds No known work arounds. References - OWASP: Regular expression Denial of Service - ReDoS - Wikipedia: ReDoS. - Wikipedia: Time complexity. - James Kirrage, Asiri Rathnayak...

GHSA-CRJR-9RC5-GHW8 Nokogiri Inefficient Regular Expression Complexity

Summary Nokogiri = 1.13.4. Severity The Nokogiri maintainers have evaluated this as High Severity 7.5 CVSS3.1. References CWE-1333 Inefficient Regular Expression Complexity Credit This vulnerability was reported by HackerOne user oooooooq ななおく...

Nokogiri Inefficient Regular Expression Complexity

Summary Nokogiri = 1.13.4. Severity The Nokogiri maintainers have evaluated this as High Severity 7.5 CVSS3.1. References CWE-1333 Inefficient Regular Expression Complexity Credit This vulnerability was reported by HackerOne user oooooooq ななおく...