Security Bulletin: Weaker than expected SQL injection protection may affect IBM Business Automation Workflow traditional - CVE-2025-5878

Summary IBM Business Automation Workflow embedded Navigator packages a vulnerable library of ESAPI. Vulnerability Details CVEID:CVE-2025-5878 DESCRIPTION: A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of t...

EUVD-2021-1544

Malware in sbrugna...

EUVD-2022-4332

Malicious code in bioql PyPI...

EUVD-2025-28693

Malicious code in bioql PyPI...

EUVD-2022-1979

Malicious code in bioql PyPI...

EUVD-2022-1809

Malicious code in bioql PyPI...

EUVD-2022-1678

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-5878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection...

[SECURITY] [DLA 4246-1] libowasp-esapi-java security update

Debian LTS Advisory DLA-4246-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany July 22, 2025 https://wiki.debian.org/LTS Package : libowasp-esapi-java Version : 2.4.0.0-0+deb11u1 CVE ID : CVE-2022-23457 CVE-2022-24891 CVE-2025-5878 Debian Bug : 1010339 1109378...

Debian dla-4246 : libowasp-esapi-java - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4246 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4246-1 [email protected]...

Debian: Security Advisory (DLA-4246-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-4246-1 libowasp-esapi-java - security update

Bulletin has no description...

Security update for rust-keylime

This update for rust-keylime fixes the following issues: CVE-2024-12224: idna: Fixed improper validation in punycode bsc1243861 Update to version 0.2.7+70: builddeps: bump wiremock from 0.6.2 to 0.6.3 builddeps: bump uuid from 1.16.0 to 1.17.0 lib: Introduce AgentIdentity structure gitignore: Add...

CVE-2025-5878

A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been...

CVE-2025-5878

A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been...

DEBIAN-CVE-2025-5878

A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been...

UBUNTU-CVE-2025-5878

A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been...

Improper Neutralization of Special Elements

Overview org.owasp.esapi:esapi is an OWASP project to create simple strong security controls for every web platform. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements via the encodeForSQL function in th Encoder.java file. An attacker can manipulate SQ...

cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), cn.acooly:acooly-auth-wechat-authenticator (=5.2.1) +557 more potentially affected by CVE-2025-5878 via org.owasp.esapi:esapi (>=2.0GA <=2.6.2.0)

org.owasp.esapi:esapi MAVEN version =2.0GA, =3.0.0, =5.0.0 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 - cn.dceast.platform:platform-security-starter =2.2.3 - com.acooly:acooly-component-account =5.2.1 - com.acooly:acooly-component-app =5.2.1 - com.acooly:acooly-component-assetmgmt =5.2.1...

CVE-2025-5878 ESAPI esapi-java-legacy SQL Injection Defense Encoder.encodeForSQL special element

A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been...