Security Bulletin: IBM Maximo Application Suite - Monitor Component uses cxf-core-3.6.5.jar which is vulnerable to CVE-2025-48795.

Summary IBM Maximo Application Suite - Monitor Component uses cxf-core-3.6.5.jar which is vulnerable to CVE-2025-48795. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48795 DESCRIPTION: Apache CXF stores large stream based...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "form-data 4.0.0, org.apache.cxfcxf-core 3.6.7 , net/http/internal v1.24.1, braces 3.0.2 , cross-spawn 7.0.3 , crypto/x509 1.24.1 1.24.3 , github.com/golang-jwt/jwt/v4 github.com/golang-jwt/jwt/v5 v4.5.0 v5.2.1 , httpd 2.4.37 , setuptools 78.0.2 75.8.0 ,...

ai.idylnlp:idylnlp-nlp-language-detection-tika (>=1.0.0 <=1.1.0), ai.stainless:grails-tika (=0.1.0) +2893 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (>=3.0.0-milestone1 <=3.5.10)

org.apache.cxf:cxf-core MAVEN version =3.0.0-milestone1, =1.0.0, =11.4-37, =3.6.1, =3.11.0, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.1.0.RELEASE - cloud.testload:jmeter-clickhouse-listener =2.00 and more Source cves: CVE-2025-48795 Source...

be.atbash.test:integration-testing (=2.2.0), be.atbash.test:integration-testing-database (=2.2.0) +643 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (>=4.0.0 <=4.0.6)

org.apache.cxf:cxf-core MAVEN version =4.0.0, =1.0.0, =12.1-7-21, =0.0.1, =2.70.0, =2.71.1 - com.codbex.kronos:codbex-kronos-commons =2.70.0 - com.codbex.kronos:codbex-kronos-components-api-parent =2.69.0 - com.codbex.kronos:codbex-kronos-components-engine-xsjob =2.69.0 and more Source cves:...

com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.3.0), cv.igrp:igrp-core (=2.0.0.250321-GA) +416 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (=4.1.0)

org.apache.cxf:cxf-core MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf:cxf-core and may be impacted: - com.codbex.atlas:codbex-atlas-application =1.1.0, =4.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0...

cv.igrp:igrp-core (>=1.7.3.230801 <=1.7.3.230802), eu.unicore.security:secutils-cxf (=3.4.3) +377 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (>=3.6.0 <=3.6.5)

org.apache.cxf:cxf-core MAVEN version =3.6.0, =1.7.3.230801, =3.0-M3, =3.0-M3, =3.0-M3, =3.0-M3, =2.0, =4.4.6.hyte-24270, =4.4.6.hyte-24270, =4.4.6.hyte-24270, =4.4.6.hyte-24270, =3.0.5, =3.0.6 - net.tirasa.connid.bundles:net.tirasa.connid.bundles.servicenow =1.0.4 -...

com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.3.0), cv.igrp:igrp-core (=2.0.0.250321-GA) +416 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (=4.1.0)

org.apache.cxf:cxf-core MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf:cxf-core and may be impacted: - com.codbex.atlas:codbex-atlas-application =1.1.0, =4.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0...

cv.igrp:igrp-core (>=1.7.3.230801 <=1.7.3.230802), eu.unicore.security:secutils-cxf (=3.4.3) +377 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (>=3.6.0 <=3.6.5)

org.apache.cxf:cxf-core MAVEN version =3.6.0, =1.7.3.230801, =3.0-M3, =3.0-M3, =3.0-M3, =3.0-M3, =2.0, =4.4.6.hyte-24270, =4.4.6.hyte-24270, =4.4.6.hyte-24270, =4.4.6.hyte-24270, =3.0.5, =3.0.6 - net.tirasa.connid.bundles:net.tirasa.connid.bundles.servicenow =1.0.4 -...

be.atbash.test:integration-testing (=2.2.0), be.atbash.test:integration-testing-database (=2.2.0) +643 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (>=4.0.0 <=4.0.6)

org.apache.cxf:cxf-core MAVEN version =4.0.0, =1.0.0, =12.1-7-21, =0.0.1, =2.70.0, =2.71.1 - com.codbex.kronos:codbex-kronos-commons =2.70.0 - com.codbex.kronos:codbex-kronos-components-api-parent =2.69.0 - com.codbex.kronos:codbex-kronos-components-engine-xsjob =2.69.0 and more Source cves:...

ai.idylnlp:idylnlp-nlp-language-detection-tika (>=1.0.0 <=1.1.0), ai.stainless:grails-tika (=0.1.0) +2893 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (>=3.0.0-milestone1 <=3.5.10)

org.apache.cxf:cxf-core MAVEN version =3.0.0-milestone1, =1.0.0, =11.4-37, =3.6.1, =3.11.0, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.1.0.RELEASE - cloud.testload:jmeter-clickhouse-listener =2.00 and more Source cves: CVE-2025-48795 Source...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cxf-core-3.5.5.jar, cxf-core-4.0.5.jar CVE-2025-23184

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cxf-core-3.5.5.jar, cxf-core-4.0.5.jar CVE-2025-23184. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service...

Security Bulletin: IBM Maximo Application Suite - IoT uses cxf-core-3.6.4.jar which is vulnerable to CVE-2025-23184.

Summary IBM Maximo Application Suite uses cxf-core-3.6.4.jar which is vulnerable to CVE-2025-23184. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in...

be.atbash.test:integration-testing (=2.2.0), be.atbash.test:integration-testing-database (=2.2.0) +617 more potentially affected by CVE-2025-23184 via org.apache.cxf:cxf-core (>=4.0.0 <=4.0.5)

org.apache.cxf:cxf-core MAVEN version =4.0.0, =1.0.0, =12.1-16, =0.0.1, =2.70.0, =2.71.1 - com.codbex.kronos:codbex-kronos-commons =2.70.0 - com.codbex.kronos:codbex-kronos-components-api-parent =2.69.0 - com.codbex.kronos:codbex-kronos-components-engine-xsjob =2.69.0 and more Source cves:...

ai.idylnlp:idylnlp-nlp-language-detection-tika (>=1.0.0 <=1.1.0), ai.stainless:grails-tika (=0.1.0) +2884 more potentially affected by CVE-2025-23184 via org.apache.cxf:cxf-core (>=3.0.0-milestone1 <=3.5.1)

org.apache.cxf:cxf-core MAVEN version =3.0.0-milestone1, =1.0.0, =11.4-37, =3.6.1, =3.11.0, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.1.0.RELEASE - cloud.testload:jmeter-clickhouse-listener =2.00 and more Source cves: CVE-2025-23184 Source...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.8 on RHEL 7 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Important: Red Hat Security Advisory: Red Hat Integration Camel K 1.10.8 release and security update.

Red Hat Integration Camel K 1.10.8 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 3.20.6 for Spring Boot security update.

Red Hat build of Apache Camel 3.20.6 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Security Bulletin: Vulnerability found in cxf-core-3.5.4.jar which is shipped with IBM® Intelligent Operations Center(CVE-2022-46364)

Summary Vulnerability have been identified in cxf-core-3.5.4.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

Server-side Request Forgery (SSRF)

cxf-core is vulnerable to Server-side Request Forgery SSRF. The vulnerability exists due to the lack of URL encode in MTOM content-id, which allows an attacker to perform SSRF-style attacks on web services that take at least one parameter of any type through the href attribute of XOP:Include...

be.atbash.test:integration-testing (>=1.0.0 <=1.1.0), com.codbex.chronos:codbex-chronos-platform (>=0.3.0 <=0.5.4) +1091 more potentially affected by CVE-2022-46364 via org.apache.cxf:cxf-core (>=3.5.0 <=3.5.4)

org.apache.cxf:cxf-core MAVEN version =3.5.0, =1.0.0, =0.3.0, =0.3.0, =0.5.3, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.3.0 and more Source cves: CVE-2022-46364 Source advisory: OSV:GHSA-X3X3-QWJQ-8GJ4...