519 matches found
Security Bulletin: A vulnerability in Apache Commons Lang may affect IBM Jazz Reporting Service (CVE-2025-48924)
Summary Apache Commons Lang is used by IBM Jazz Reporting Service. IBM Jazz Reporting Service has addressed the applicable CVE CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lan...
Security Bulletin: A vulnerability in Apache Commons FileUpload may affect IBM Jazz Reporting Service (CVE-2025-48976)
Summary Apache Commons FileUpload is used by IBM Jazz Reporting Service. IBM Jazz Reporting Service has addressed the applicable CVECVE-2025-48976 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS...
CVE-2026-4396
Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...
EUVD-2026-12950
Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...
CVE-2026-4396
Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...
CVE-2026-4396
CVE-2026-4396 affects Devolutions Hub Reporting Service 2025.3.1.1 and earlier. The issue is improper certificate validation, allowing a network attacker to perform a MITM when TLS certificate verification is disabled. The connected sources provide this description but do not include exploit deta...
CVE-2026-4396
Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...
CVE-2026-4396
Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...
PT-2026-26149
🟠 CVE-2026-4396 - High Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verif... https://t.co/fSciVkCYpu https://t.co/yeXegKnc3n...
Devolutions Hub Reporting Service 安全漏洞
The Devolutions Hub Reporting Service is a component of the Canadian company Devolutions that manages reports on the usage of remote access credentials. Versions of the Devolutions Hub Reporting Service prior to 2025.3.1.1 contained security vulnerabilities; these vulnerabilities were caused by...
Security Bulletin: IBM Jazz Reporting Service (Lifecycle Query Engine - LQE) is affected by SPARQL Exposure and Denial‑of‑Service Vulnerabilities.
Summary Multiple vulnerabilities were identified in IBM Jazz Reporting Service Lifecycle Query Engine - LQE SPARQL endpoints that may allow information disclosure and service degradation by authenticated, lower‑privileged users with network access CVE-2025-27550, CVE-2025-2134, CVE-2025-1823...
CVE-2025-27550
IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server...
CVE-2025-1823
IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources...
CVE-2025-2134
IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system's performance using complicated queries due to insufficient resource pooling...
CVE-2025-2134
IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system's performance using complicated queries due to insufficient resource pooling...
CVE-2025-27550
IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server...
CVE-2025-27550
IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server...
CVE-2025-1823
IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources...
CVE-2025-1823
IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources...
EUVD-2025-206775
IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system's performance using complicated queries due to insufficient resource pooling...