Security Bulletin: IBM CloudPak for Data Scheduling Service is vulnerable to CVE-2026-24051.

Summary OpenTelemetry Collector is used by the CP4D Scheduling Service for telemetry collection. CVE-2026-24051. Vulnerability Details CVEID:CVE-2026-24051 DESCRIPTION: OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to...

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CSRF Attack (CVE-2025-47909)

Summary gorilla/csrf is used by Scheduling Service. A vulnerability in gorilla/csrf is addressed. Vulnerability Details CVEID:CVE-2025-47909 DESCRIPTION: Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks...

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2025-24358

Summary github.com/gorilla/csrf-v1.7.1 is used by the Scheduling Service. Vulnerability Details CVEID:CVE-2025-24358 DESCRIPTION: gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Orig...

CVE-2025-8312

Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following versions : Devolutions Server 2025.2.2.0 through 2025.2.5.0...

CVE-2025-8312

CVE-2025-8312 describes a deadlock in Devolutions Server’s PAM automatic check-in feature that can allow a password to stay valid past its intended check-out. Affected versions include Devolutions Server 2025.2.2.0 through 2025.2.5.0 and 2025.1.12.0 and earlier. The root cause is a scheduling-ser...

PT-2025-31414 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2025.2.5.0 and earlier Description: A deadlock in the PAM automatic check-in feature allows a password to remain valid beyond its intended check-out period. This is due to a deadlock occurring in the scheduling...

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2025-22870

Summary golang.org/x/net-v0.25.0 and golang.org/x/net-v0.33.0 are used by the Scheduling Service. Vulnerability Details CVEID:CVE-2025-22870 DESCRIPTION: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environmen...

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2024-45338.

Summary golang.org/x/net-v0.24.0 is used by the CP4D Scheduling Service. CVE-2024-45338. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow...

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2023-45288.

Summary Golang's net/http is used by the CP4D Scheduling Service for http communication. CVE-2023-45288. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames...

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to IBM X-Force ID: 350626.

Summary GRPC-Go is used by the CP4D Scheduling Service for inter-process communication. IBM X-Force ID: 350626. Vulnerability Details IBM X-Force ID: 350626 DESCRIPTION: gRPC-Go is vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sendi...

Palantir 输入验证错误漏洞

Palantir is a data platform from Palantir, Inc. that reimagines how people use data by removing the barrier between back-end data management and front-end data analysis. A security vulnerability exists in Palantir Gotham versions prior to 3.22.11.2 that stems from the inclusion of an...

CA Unicenter Cron Scheduler Detection

The remote service is a Cron Scheduler for CA Unicenter applications, that is used to launch programs at specified times. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid35309; scriptversion"1.11";...