CVE-2025-14763

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...

CVE-2025-14763

CVE-2025-14763 concerns the Amazon S3 Encryption Client for Java lacking key commitment when the encrypted data key (EDK) is stored in an Instruction File. This could let a user with write access to an S3 bucket introduce a rogue EDK and decrypt to different plaintext. The vulnerability is tied t...

Security Bulletin: IBM MQ Appliance is affected by Java vulnerabilities (CVE-2025-52057 and CVE-2025-53066)

Summary IBM MQ Appliance has addressed Java vulnerabilities. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause no confidentiality impact, high integrity impact, and no availabili...

Security Bulletin: IBM MQ is affected by multiple Java vulnerabilities (CVE-2025-53057, CVE-2025-53066)

Summary Multiple issues were identified with the IBM Runtime Environment, Java Technology Edition and IBM Semeru Runtime Environment which are shipped with IBM MQ Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component coul...

Improper Neutralization Of Special Elements

ESAPI esapi-java-legacy is vulnerable to an Improper Neutralization of Special Elements. The vulnerability is due to insufficient sanitization in the Encoder.encodeForSQL interface, where the SQL encoding logic fails to properly neutralize special characters, resulting in incomplete protection an...

Security Bulletin: Multiple Vulnerabilities in Java affecting IBM Knowledge Catalog and IBM Match 360 On Cloud Pak for Data

Summary Lineage, an internal component of IBM Knowledge Catalog, and the IBM Match 360 component within IBM Cloud Pak for Data are impacted by vulnerabilities in Java. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability i...

CVE-2025-66033

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 21.0.0 through 24.0.0, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and...

Security Bulletin: Due to use of IBM Java, IBM Sterling Connect:Direct Web Service is affected by multiple vulnerabilities.

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE, is affected by multiple vulnerabilities CVE-2025-53066, CVE-2025-53057 . This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerabilit...

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

Summary Security vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

PT-2025-51884

Name of the Vulnerable Software and Affected Versions Amazon S3 Encryption Client for Java versions prior to 4.0.0 Description A missing cryptographic key commitment in the Amazon S3 Encryption Client for Java could allow a user with write access to an S3 bucket to introduce a new Encryption Data...

📄 Ivanti Endpoint Manager Mobile 12.5.0.0 Expression Language Injection

Ivanti Endpoint Manager Mobile version 12.5.0.0 proof of concept exploit with a vulnerability chain that allows unauthenticated attackers to execute arbitrary commands on the target system through Java Expression Language EL injection in the /mifs/rs/api/v2/featureusage endpoint...

Security Bulletin: Multiple Vulnerabilities in IBM Data Product Hub

Summary Multiple vulnerabilities were addressed in IBM Data Product Hub version 5.3 Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml 4.1.0 and below, it's possible for an attacker to modify the prototype of the result of a parsed...

CLSA-2025-1765898779 java-1.8.0-openjdk: Fix of 2 CVEs

Upgrade to shenandoah-jdk8u472-b08 GA fixing the following CVEs: - CVE-2025-53057: enhance certificate handling - CVE-2025-53066: enhance Path Factories...

CLSA-2025-1765898379 java-1.8.0-openjdk: Fix of 2 CVEs

Upgrade to shenandoah-jdk8u472-b08 GA fixing the following CVEs: - CVE-2025-53057: enhance certificate handling - CVE-2025-53066: enhance Path Factories...

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities.

Summary There are vulnerabilities in IBM® Java™, IBM® Semeru Runtime and Open-Source Software OSS components used by IBM Cognos Dashboards on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an arbitrary...

Security Bulletin: Vulnerability in Java SE affects IBM Netezza Appliance

Summary The Java SE package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2024-21235 Vulnerability Details CVEID:CVE-2024-21208 DESCRIPTION: Vulnerability in Java SE component: Networking. Difficult t...

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (December 2025)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling...

EUVD-2025-203473

Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10.2.0.4, including 9.3.0.x and 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods...

Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in Java Runtime Environment

Summary While IBM DataPower Gateway does not use Java, some bundled components do, and the JRE has been updated proactively to address this CVE-2025-53057, CVE-2025-53066 Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security...

Security Bulletin: IBM Storage Insights is vulnerable to weaknesses related to IBM® SDK, Java™ Technology Edition

Summary Vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Storage Insights which could allow a remote attacker to cause high confidentiality and high integrity impact. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM fo...