Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Publishing affected by a race condition in Eclipse Jersey (CVE-2025-12383)

Summary A critical race condition CVE-2025-12383 has been identified in the Eclipse Jersey client library jersey-client-2.26.jar used by IBM Engineering Lifecycle Optimization - Engineering Publishing. Under high-concurrency conditions, a flaw in the HTTPS client's lazy initialization flow can...

Unity Linux 20.1070e Security Update: jersey (UTSA-2026-016750)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016750 advisory. Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFil...

Oracle Business Intelligence Enterprise Edition (OAS 7.6) (April 2026 CPU)

The version of Oracle Business Intelligence Enterprise Edition OAS 7.6.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - mchange-commons-java, a library that provides Java utilities, includes code that mirrors early...

Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.

Summary IBM DevOps Release 7.0.0.6 addresses multiple vulnerabilities related to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication...

Security Bulletin: Race Condition in Eclipse Jersey (Versions 2.45, 3.0.16, 3.1.9) May Bypass Critical SSL Configurations and Compromise Secure Connections, affects watsonx.data

Summary In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for February 2025.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 25.0.0-IF004. Vulnerability Details CVEID:CVE-2025-8869 DESCRIPTION: When extracting a tar archive pip may not check symbolic lin...

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to bypass of Trust Restrictions due to Eclipse Jersey

Summary A race condition in Eclipse Jersey can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. IBM Sterling Secure Proxy has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: I...

Security Bulletin: IBM Engineering Requirements Management DOORS and DOORS Web Access is affected by multiple vulnerabilities

Summary This release addresses multiple security vulnerabilities across various components of IBM Engineering Requirements Management DOORS and DOORS Web Access product. Many vulnerabilities are rated Critical CVSS ≥ 9.0, including a Tomcat rewrite rule bypass CVE-2025-31651, Tomcat Improper...

Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Eclipse Jersey Race Condition (CVE-2025-12383)

Summary IBM OpenPages for Cloud Pak for Data is Vulnerable to jersey-client-3.1.9.jar. Race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In...

Security Bulletin: Vulnerability assertj-core, spring-security-crypto, werkzeug, urllib, libsodium, jersey-client, log4j, dmidecode-dmidecode, and aide affect IBM Cloud Object Storage Systems (FEB 2026)

Summary Vulnerability with assertj-core-3.27.3 CVE-2026-24400 , spring-security-crypto-6.4.4 CVE-2025-22234 , werkzeug-3.1.3-py3 CVE-2026-21860,CVE-2025-66221 , urllib3-2.5.0-py3CVE-2025-66418,CVE-2025-66471, CVE-2026-21441 , libsodiumCVE-2025-69277 jersey-client-2.25.1CVE-2025-12383 ,...

Security Bulletin: Vulnerabilities in jersey-client-3.1.0.jar affecting MongoDB Enterprised Advanced (CVE-2025-12383)

Summary There is a vulnerability in jersey-client-3.1.0.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-12383. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cau...

Oracle WebLogic Server (January 2026 CPU)

The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component:...

Security Bulletin: Due to use of Eclipse Jersey, IBM Sterling External Authentication Server is affected by unauthorized trust in insecure servers.

Summary IBM Sterling External Authentication Server is affected by a vulnerability in Eclipse Jersey and it is addressed in the latest fixpack Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL...

Security Bulletin: Vulnerabilities in Eclipse Jersey might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Eclipse Jersey. Vulnerability include a race condition can cause ignoring of critical SSL configurations which could lead to unauthorized trust in insecure servers as described by the CVEs in the "Vulnerabilit...

CVE-2025-12383

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain...

ae.teletronics.nlp:w2vec (=1.0), ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3) +11513 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (>=2.0 <=2.45)

org.glassfish.jersey.core:jersey-client MAVEN version =2.0, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.10 and more Source cves: CVE-2025-12383 Source advisory: SNYK:JAVA-ORGGLASSFISHJERSEYCORE-14049172...

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), com.amazon.deequ:deequ (>=2.0.14-spark-4.0 <=2.0.15-spark-4.0) +329 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (=3.0.16)

org.glassfish.jersey.core:jersey-client MAVEN version =3.0.16 is affected by a known vulnerability. The following packages have a transitive dependency on org.glassfish.jersey.core:jersey-client and may be impacted: - ai.catboost:catboost-spark4.02.13 =1.2.10 - com.amazon.deequ:deequ...

cloud.piranha.dist:piranha-dist-micro (>=24.11.0 <=25.1.0), cloud.piranha.dist:piranha-dist-platform (>=24.11.0 <=25.1.0) +155 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (=4.0.0-M1)

org.glassfish.jersey.core:jersey-client MAVEN version =4.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.glassfish.jersey.core:jersey-client and may be impacted: - cloud.piranha.dist:piranha-dist-micro =24.11.0, =24.11.0, =24.11.0, =24.11.0,...

au.net.causal.shoelaces:shoelaces-jersey (=3.0), au.net.causal.shoelaces:shoelaces-jersey-client (=3.0) +521 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (>=3.1.0-M1 <=3.1.1)

org.glassfish.jersey.core:jersey-client MAVEN version =3.1.0-M1, =22.12.0, =22.11.0, =22.9.0, =22.7.0, =22.10.0, =22.11.0, =22.12.0, =22.7.0, =1.0.0.1, =3.0.12, =4.0.3, =4.0.0, =5.3.5 and more Source cves: CVE-2025-12383 Source advisory: SNYK:JAVA-ORGGLASSFISHJERSEYCORE-14049172...

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), cloud.piranha.extension:piranha-extension-microprofile (>=21.1.0 <=21.5.0) +578 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (>=3.0.0-M1 <=3.0.16)

org.glassfish.jersey.core:jersey-client MAVEN version =3.0.0-M1, =21.1.0, =2.0.14-spark-4.0, =3.149.2-beta, =3.149.2-beta, =3.149.2-beta, =3.149.2-beta, =3.149.2-beta, =3.149.2-beta, =4.43.0, =2.0.0, =2.0.0, =2.0.2 and more Source cves: CVE-2025-12383 Source advisory:...