18 matches found
Security Bulletin: Multiple vulnerabilities in IBM Event Endpoint Management.
Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management 11.7.3 Vulnerability Details CVEID:CVE-2025-68470 DESCRIPTION: React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a Rea...
Security Bulletin: IBM Event Endpoint Management is vulnerable to unauthorized access
Summary IBM Event Endpoint Management is vulnerable to unauthorized access due to improper restriction of hidden directories CVE-2025-11965 Vulnerability Details CVEID:CVE-2025-11965 DESCRIPTION: In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for...
Security Bulletin: IBM Event Endpoint Management is vulnerable to improper input validation( CVE-2025-12758)
Summary IBM Event Endpoint Management is vulnerable to improper input validation due to incorrect Unicode string length calculation. Vulnerability Details CVEID:CVE-2025-12758 DESCRIPTION: Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More...
Security Bulletin:IBM Event Endpoint Management is vulnerable to Sensitive Information Leakage and Request Smuggling (CVE-2025-4673,CVE-2025-22871)
Summary Operator of IBM Event Endpoint Management is vulnerable to Sensitive Information Leakage and Request Smuggling due to apache HTTP pomponents. IBM Event Endpoint Management uses HTTP components to expose secure event APIs via its Event Gateway, enabling client applications to interact with...
Security Bulletin: IBM Event Endpoint Management is vulnerable to Remote Code Execution and Server-Side Request Forgery attacks (CVE-2025-27818,CVE-2025-27817)
Summary Operator of IBM Event Endpoint Management is vulnerable to remote code execution and server-side request forgery due to unsafe deserialization and misconfigured OAuthBearer endpoints in SASL JAAS configuration. Vulnerability Details CVEID:CVE-2025-27818 DESCRIPTION: A possible security...
Security Bulletin: IBM Event Endpoint Management is vulnerable to HTTP Parameter Pollution (HPP) attack (CVE-2025-7783)
Summary Operator of IBM Event Endpoint Management is vulnerable to an HTTP Parameter Pollution HPP attack due to the use of random values in the form-data module. This vulnerability affects how data from HTML forms is processed, particularly during form submission or when interacting with event...
Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities.
Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management v11.6.3. Vulnerability Details CVEID:CVE-2025-30698 DESCRIPTION: An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low confidentiality, low integrity and low...
Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities.
Summary IBM Event Endpoint Management is affected by multiple vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high integrity impact...
Security Bulletin: IBM Event Endpoint Management is vulnerable to a Cross-site scripting (XSS) attack (CVE-2024-11831).
Summary IBM Event Endpoint Management is vulnerable to a Cross-site scripting XSS attack due to a flaw in npm-serialize-javascript. It is used for safely serialize complex JavaScript objects for storage or transmission. Vulnerability Details CVEID:CVE-2024-11831 DESCRIPTION: A flaw was found in...
Security Bulletin: IBM Event Endpoint Management is vulnerable to a Directory Traversal (or path traversal) attack (CVE-2024-21540).
Summary Operator of IBM Event Endpoint Management is vulnerable to a Directory Traversal or path traversal attack due to the source-map-support library. It helps to show original source code in error stack traces for better debugging. Vulnerability Details CVEID:CVE-2024-21540 DESCRIPTION: All...
Security Bulletin: Multiple Vulnerabilities in IBM Event Endpoint Management
Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management version 11.3.2 Vulnerability Details CVEID:CVE-2024-47176 DESCRIPTION: OpenPrinting cups-browsed could allow a remote attacker to obtain sensitive information, caused by the binding on UDP INADDRANY:631 and trusting...
Security Bulletin: Multiple Vulnerabilities in IBM Event Endpoint Management
Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management version 11.3.1 Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in schema parsing in the Java...
Security Bulletin: IBM Event Endpoint Management is vulnerable to a denial of service attack (CVE-2023-51074).
Summary IBM Event Endpoint Management is vulnerable to a denial of service due to json-path component, caused by a stack-based buffer overflow in the Criteria.parse method.It is a query language for JSON, similar to XPath for XML. It allows you to select and extract data from a JSON document...
Security Bulletin: IBM Event Endpoint Management is vulnerable to a denial of service (CVE-2023-4043).
Summary IBM Event Endpoint Management is vulnerable to a denial of service due to parsson-1.1.2.jar component. Parsson is an implementation of Jakarta JSON Processing specification. Vulnerability Details CVEID:CVE-2023-4043 DESCRIPTION: Eclipse Parsson is vulnerable to a denial of service, caused...
Security Bulletin: IBM Event Endpoint Management is vulnerable to a man-in-the-middle (MITM) attack due to the Hot Rod Client (CVE-2023-4586).
Summary Operator of IBM Event Endpoint Management is vulnerable to a man-in-the-middle MITM attack in Netty-handler-4.1.94.Final.jar in the Hot Rod client. Hot Rod is a binary, platform-independent protocol that was developed in the open as a part of Infinispan. Infinispan is as a shared store fo...
Security Bulletin: IBM Event Endpoint Management is vulnerable to a denial of service in Netty (CVE-2023-44487)
Summary Operator of IBM Event Endpoint Management is vulnerable to a denial of service in Netty 4.1.94 CVE-2023-44487 Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2...
Security Bulletin: IBM Event Endpoint Management is vulnerable to a denial of service
Summary Operator of IBM Event Endpoint Management is vulnerable to an unauthorized endpoint access and possibly a denial of service. CVE-2023-4853 Vulnerability Details CVEID: CVE-2023-4853 DESCRIPTION: Quarkus could allow a remote attacker to bypass security restrictions, caused by improper...
Security Bulletin: IBM Event Endpoint Management is vulnerable to a denial of service
Summary Operator of IBM Event Endpoint Management is vulnerable to a denial of service of the Okio client CVE-2023-3635 Vulnerability Details CVEID: CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzip...