Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in netty-common-4.1.100.Final.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of netty-common-4.1.100.Final.jar Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol...

Security Bulletin: IBM Asset Data Dictionary uses netty-common-4.1.115.Final.jar which is vulnerable to CVE-2025-25193.

Summary IBM Asset Data Dictionary uses netty-common-4.1.115.Final.jar which is vulnerable to CVE-2025-25193. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to netty-common-4.1.117.Final.jar CVE-2025-25193

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to netty-common-4.1.117.Final.jar CVE-2025-25193. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network...

Security Bulletin: There is a vulnerability in netty-common-4.1.101.Final.jar used by IBM Maximo Asset Management application (CVE-2025-25193)

Summary There is a vulnerability in netty-common-4.1.101.Final.jar used by IBM Maximo Asset Management application CVE-2025-25193 Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and...

Security Bulletin: There is a vulnerability in netty-common-4.1.101.Final.jar used by IBM Maximo Asset Management application (CVE-2024-47535)

Summary There is a vulnerability in netty-common-4.1.101.Final.jar used by IBM Maximo Asset Management application CVE-2024-47535 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to netty-common-4.1.111.Final.jar CVE-2024-47535

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to netty-common-4.1.111.Final.jar CVE-2024-47535. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network...

Security Bulletin:IBM Maximo Application Suite - IoT Component uses netty-common-4.1.114.Final.jar which is vulnerable to CVE-2024-47535

Summary IBM Maximo Application Suite - IoT Component uses netty-common-4.1.114.Final.jar which is vulnerable to CVE-2024-47535 This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous...

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in BufferedReader.readLine, which does not count null bytes when calculating the acceptable size of an input stream. An attacker can cause the application to crash by creating a large...

at.aimit.mariella:persistence-kotlin (>=1.0.5 <=1.0.8), ci.orbit:junit-hooks (>=0.0.5 <=0.0.6) +723 more potentially affected by CVE-2024-47535 +1 more via io.netty:netty-common (>=4.2.0.Alpha1 <=4.2.0.RC2)

io.netty:netty-common MAVEN version =4.2.0.Alpha1, =1.0.5, =0.0.5, =25.4.0, =25.4.0, =7.9.0, =7.9.1 - com.colisweb:google-drive-scala-client-cats2.13 =3.2.0 - com.colisweb:google-drive-scala-client-zio2.13 =3.2.0 - com.colisweb:google-drive-scala-client2.13 =3.2.0 and more Source cves:...

ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-hybrid (>=0.2.0 <=0.28.0) +24632 more potentially affected by CVE-2024-47535 +1 more via io.netty:netty-common (>=4.0.0.Alpha1 <=4.1.117.Final)

io.netty:netty-common MAVEN version =4.0.0.Alpha1, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1.0 -...

ai.ancf.lmos-router:benchmarks (=0.2.0), ai.ancf.lmos-router:lmos-router-hybrid (=0.2.0) +23017 more potentially affected by CVE-2024-47535 via io.netty:netty-common (>=4.0.0.Alpha1 <=4.1.114.Final)

io.netty:netty-common MAVEN version =4.0.0.Alpha1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.4.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0...

Information Disclosure

netty-common is vulnerable to Information Disclosure. The vulnerability exists due to the insufficient fix for the CVE-2021-21290. When the temporary storing uploads on the disk is enabled and running on java 6, an attacker can gain sensitive information through the local system temporary directo...