CVE-2024-39752

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...

EUVD-2024-35547

Malicious code in bioql PyPI...

EUVD-2024-54770

Malicious code in bioql PyPI...

EUVD-2024-38349

Malicious code in bioql PyPI...

EUVD-2024-54771

Malicious code in bioql PyPI...

EUVD-2024-54769

Malicious code in bioql PyPI...

Security Bulletin: Vulerability jetty-server affects IBM Integrated Analytics System

Summary The jetty-server component is used by IBM Integrated Analytics System for handling HTTP requests. A vulnerability was identified in the ThreadLimitHandler.getRemote method, where crafted requests can cause memory exhaustion and OutOfMemory errors. As this condition is unhandled, it may le...

Security Bulletin: Vulerability commons-io affects IBM Integrated Analytics System

Summary The commons-io library is used by IBM Integrated Analytics System for input/output processing. A vulnerability was identified in the org.apache.commons.io.input.XmlStreamReader class, where processing untrusted input could result in excessive CPU usage, potentially leading to a denial of...

CVE-2024-37524

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser...

CVE-2024-38327

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API...

CVE-2024-39752

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...

CVE-2025-36090

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to gather information for future attacks from a detailed technical error message...

CVE-2024-38327

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API...

CVE-2024-38327

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API...

CVE-2024-37524

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser...

CVE-2024-37524

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser...

CVE-2024-39752 IBM Analytics Content Hub file upload

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...

CVE-2024-39752

IBM Analytics Content Hub 2.0–2.3 includes a vulnerability where uploaded files are not validated by type in Explore Content, enabling potential malicious executable uploads. The issue is documented with a high-severity CVSS indicating impact on confidentiality, integrity, and availability. Remed...

CVE-2024-39752 IBM Analytics Content Hub file upload

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...

CVE-2024-38327

CVE-2024-38327 affects IBM Analytics Content Hub (versions 2.0–2.3). Affected component is the exposed JavaScript source map, which can enable information disclosure and potentially aid attacks by reading/debugging the API’s JavaScript. The reported impact is information exposure with potential f...