Lucene search
K

10 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/12/06 5:31 a.m.14 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to org.yaml:snakeyaml Denial of Service (DoS)

Summary IBM Sterling Partner Engagement Manager uses org.yaml:snakeyaml Denial of Service , affected for the CVE CVE-2022-25857 Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation...

7.5CVSS6.7AI score0.02191EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 5:48 p.m.68 views

Security Bulletin: IBM Workload Scheduler potentially affected by multiple vulnerabilities in Java package org.yaml:snakeyaml

Summary Denial of Service vulnerabilities CVE-2022-25857, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752 have been found in org.yaml:snakeyaml component and potentially affects IBM Workload Scheduler 9.5 and IBM Workload Scheduler 10.1 Vulnerability Details CVEID:CVE-2022-25857...

7.5CVSS7.2AI score0.02191EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/20 4:55 p.m.80 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to denial of service due to the package org.yaml:snakeyaml and jackson-databind

Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to denial of service due to the package org.yaml:snakeyaml CVE-2022-38751, CVE-2022-38752, CVE-2022-38750, CVE-2022-25857, CVE-2022-38749, CVE-2022-41854 and jackson-databind CVE-2022-42003, CVE-2022-42004. The resolving fi...

7.5CVSS7.3AI score0.02824EPSS
Exploits6Affected Software2
NVD
NVD
added 2022/08/30 5:15 a.m.23 views

CVE-2022-25857

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections...

7.5CVSS0.02191EPSS
Exploits2References6
Prion
Prion
added 2022/08/30 5:15 a.m.26 views

Design/Logic Flaw

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections...

5CVSS8.5AI score0.02191EPSS
Exploits2References5Affected Software2
Cvelist
Cvelist
added 2022/08/30 5:5 a.m.30 views

CVE-2022-25857 Denial of Service (DoS)

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections...

7.5CVSS7.8AI score0.02191EPSS
Exploits2References6
OSV
OSV
added 2022/08/30 5:5 a.m.25 views

CVE-2022-25857 Denial of Service (DoS)

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections...

7.5CVSS6.8AI score0.02191EPSS
Exploits2References8
CVE
CVE
added 2022/08/30 5:5 a.m.663 views

CVE-2022-25857

CVE-2022-25857 affects the Java YAML parser SnakeYAML (org.yaml:snakeyaml) up to and including 1.31. The root cause is a missing nested depth limit for collections, leading to Denial of Service (DoS) under crafted input. Several connected advisories confirm DoS impact and reference historical fix...

7.5CVSS8.8AI score0.02191EPSS
Exploits2References6Affected Software1
Debian CVE
Debian CVE
added 2022/08/30 5:5 a.m.49 views

CVE-2022-25857

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections...

7.5CVSS6.9AI score0.02191EPSS
Exploits2
RubySec
RubySec
added 2022/02/24 12:0 a.m.36 views

CVE-2022-25857 jruby/psych/snakeyaml: Denial of Service (DoS) due missing to nested depth limitation for collections

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections. This package is bundled into Psych which is in turn bundled into jruby...

7.5CVSS7.6AI score0.02191EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder